diff --git a/test.js b/test.js
index cd4d18e..57af0af 100644
--- a/test.js
+++ b/test.js
@@ -31,7 +31,7 @@ function generate(ke) {
       + '?secret=' + key.replace(/\s+/g, '').toUpperCase()
       ;
     // obviously don't use this in production, but it's not so bad for the demo
-    var src = 'https://www.google.com/chart?chs=166x166&chld=L|0&cht=qr&chl=' + encodeURIComponent(otpauth);
+    var src = 'https://chart.googleapis.com/chart?chs=166x166&chld=L|0&cht=qr&chl=' + encodeURIComponent(otpauth);
 
     $('.js-otpauth').innerHTML = otpauth; // safe to inject because I created it
     $('.js-key').innerHTML = key; // safe to inject because I created it