How to secure a Google Maps API Key

To prevent quota theft, secure your API key following these best practices. There are two types of restrictions, application and API.

Application Restrictions

Please enter the correct HTTP referrers which is most commonly in this format:

  • https://example.com 
  •  https://example.com/*

There are other options depending on your preferred URL format. Learn more here.

If you are unsure as to what HTTP referrer to add, please contact your webhost or server admin.

API Restrictions

Yoast SEO: Local uses the following APIs:

  • Maps JavaScript API
  • Geocoding API
  • Directions API

Removing Google Maps API Restrictions

We highly recommend securing your API key to prevent others from using your quota. The downfall is that incorrect restrictions can cause the maps to fail.

  1. Go to Google API Console.

    If prompted, log in.

  2. Select your site project.

  3. Click on the name of your API  key.

  4. Click on the 'Application restrictions' tab.

  5. Select 'None'

  6. Click on the 'API restrictions' tab.

  7. Click the 'Delete' icon for each API restriction.

  8. Click 'Save'.

    Google says it may take up to 5 minutes for the settings to take effect.

After 5 minutes, start from your homepage and browse to where the map should appear. If the map appears, the restrictions were invalid.

Was this article helpful? ·