-
@ Anthony Accioly
2025-05-04 10:45:45
Popular issue: devs wanting to give users the "best UX" without considering potential attacks. Sometimes it's not even pre-buffering, they're just trying to load meta tags to render previews (Schema.org, Open Graph, Twitter Cards, etc.).
Battle story: I was part of a war room at a big marketplace (not Amazon) that kept going down, was being flagged on popular platforms for issuing too many requests, and also tanked its SEO for "no reason".... When I say big, I mean core web services and microfrontends running on Kubernetes clusters with 1000+ nodes.
Turns out their software was not only allowing links to anything in the comments, but also trying to render previews. If I’m not mistaken, the solution was to filter and audit comment links, as well as limit preview rendering to around 3 links per page. It took months before links to the website started showing up on the first page of Google again, likely tens of millions of USD lost in sales at their scale.