How metadata extraction, caching, images, and safety tags fit together.
LinkMetadata turns a URL into a normalized metadata response that can power link cards, previews, and safety checks.
The API fetches the target page and prioritizes common metadata formats:
og:title, og:description, and og:image.twitter:title and twitter:image.<title>, meta descriptions, canonical links, and favicons.When a page has incomplete metadata, the API returns the best fields it can find and uses null where a field is unavailable.
For exact title, description, image, URL, type, and favicon priority rules, see Metadata extraction rules.
Browsers often block direct cross-origin image inspection. The API records image dimensions, MIME type, and size when possible, and marks whether an image appears cors_safe.
The preview component can use LinkMetadata’s CORS proxy for images that are not safe to fetch directly from the browser.
For supported proxy formats, error behavior, and browser rendering guidance, see Images and CORS.
The API caches metadata responses at the edge. Repeated requests for the same URL can be served quickly without re-fetching the target page.
The web component only deduplicates matching requests that are in flight at the same time. It does not keep a permanent in-memory metadata cache; browser and API cache headers handle long-lived caching.
The API checks domain intelligence and lightweight signals to populate safety_tags. These tags are designed for product decisions such as warnings, moderation queues, or filtering.
Possible values are:
adultsecurity_threatsuspicious_domainNo tag is a guarantee of safety. Treat the field as a useful signal rather than a complete security verdict.
For tag meanings, signal sources, and recommended UX patterns, see Safety tags.