Explanation

How LinkMetadata works

How metadata extraction, caching, images, and safety tags fit together.

LinkMetadata turns a URL into a normalized metadata response that can power link cards, previews, and safety checks.

Metadata sources

The API fetches the target page and prioritizes common metadata formats:

  • Open Graph tags such as og:title, og:description, and og:image.
  • Twitter Card tags such as twitter:title and twitter:image.
  • HTML fallbacks such as <title>, meta descriptions, canonical links, and favicons.

When a page has incomplete metadata, the API returns the best fields it can find and uses null where a field is unavailable.

For exact title, description, image, URL, type, and favicon priority rules, see Metadata extraction rules.

Images and CORS

Browsers often block direct cross-origin image inspection. The API records image dimensions, MIME type, and size when possible, and marks whether an image appears cors_safe.

The preview component can use LinkMetadata’s CORS proxy for images that are not safe to fetch directly from the browser.

For supported proxy formats, error behavior, and browser rendering guidance, see Images and CORS.

Caching

The API caches metadata responses at the edge. Repeated requests for the same URL can be served quickly without re-fetching the target page.

The web component only deduplicates matching requests that are in flight at the same time. It does not keep a permanent in-memory metadata cache; browser and API cache headers handle long-lived caching.

Safety tags

The API checks domain intelligence and lightweight signals to populate safety_tags. These tags are designed for product decisions such as warnings, moderation queues, or filtering.

Possible values are:

  • adult
  • security_threat
  • suspicious_domain

No tag is a guarantee of safety. Treat the field as a useful signal rather than a complete security verdict.

For tag meanings, signal sources, and recommended UX patterns, see Safety tags.