I run a Morse Code Translator website that converts text to Morse code and back using client-side JavaScript, along with features like audio playback, copy/share buttons, and dynamic UI updates. Recently, some users have reported that their AVG antivirus or AVG Browser flags the site as suspicious or blocks certain scripts from running. This is unexpected, as the site does not collect sensitive data or perform any malicious actions, and I’m trying to understand what aspects of my implementation might be triggering these warnings.
One area of concern is the heavy use of client-side JavaScript. The translator performs real-time input processing, DOM manipulation, and audio generation using the Web Audio API. I’m wondering if AVG’s heuristics might interpret this behavior as suspicious, especially when scripts run immediately on page load or respond rapidly to user keystrokes. I’d like to know if there are known patterns in JavaScript-based tools that commonly trigger false positives and how to mitigate them without sacrificing interactivity.
Another possible factor is the way scripts are loaded and bundled. To improve performance, I use minified JavaScript files and inline some logic directly in the page. I’ve read that aggressive minification, obfuscation, or inline scripts can sometimes resemble malicious code patterns to security software. Are there best practices for script loading, code signing, or content security policies (CSP) that help AVG better recognize legitimate web applications like translators or calculators?
I’m also curious about how audio playback and clipboard access are evaluated by AVG. My Morse Code website allows users to play Morse tones and copy encoded/decoded text to the clipboard with a single click. Could these APIs be contributing to the warnings? If so, are there recommended permission prompts, user-initiated action patterns, or disclosures that reduce the likelihood of AVG blocking these features?
From an infrastructure standpoint, the site is hosted on standard shared hosting with HTTPS enabled, but I occasionally update scripts and assets. I’m unsure whether frequent file changes, cache-busting query strings, or CDN usage could affect AVG’s trust scoring or reputation system. I’d appreciate insight into how AVG evaluates website reputation over time and what steps a small niche site can take to establish and maintain trust.
Finally, I’d like advice from the AVG community on how to properly diagnose and report potential false positives. Are there specific tools, logs, or reports that site owners can use to understand why AVG flags a page or script? I want to ensure my Morse Code Translator website is secure, transparent, and trusted by users, while also working smoothly with AVG’s protection mechanisms. Sorry for the long post!