What safety tags mean, how they are produced, and how to use them in product decisions.
Safety tags are readable labels that describe URL-level signals. They are designed for product behavior such as warnings, moderation queues, filtering, or analytics.
{
"safety_tags": ["adult", "security_threat"]
}
An empty array means LinkMetadata did not return a tag for that URL. It does not prove the URL is safe.
| Tag | Meaning | Typical use |
|---|---|---|
adult | The parent domain is known for adult content. | Hide previews by default, require a click-through, or block in restricted contexts. |
security_threat | The parent domain is known for malware, phishing, or another security threat. | Block navigation, show a strong warning, or send to review. |
suspicious_domain | The URL or domain has suspicious signals, such as an IP URL, parked domain, or newly registered high-entropy domain. | Warn users, reduce ranking, or send to moderation. |
Tags can be combined. For example, a domain can return both adult and security_threat.
LinkMetadata checks the registrable parent domain instead of only the exact subdomain. For example, metadata for blog.example.com is evaluated against example.com where possible.
adult and security_threat come from known-domain intelligence.
suspicious_domain can come from:
Domain registration and nameserver lookups may be cached. If safety lookup fails, the metadata request can still succeed with an empty safety_tags array.
Treat tags as signals, not verdicts.
| Situation | Recommended UX |
|---|---|
security_threat is present | Do not auto-open the URL. Show a strong warning or block the action. |
adult is present | Respect product policy, user age settings, and workspace controls before rendering previews. |
suspicious_domain is present | Add friction: show the destination host, disable rich media, or route to review. |
| No tags are present | Continue normal rendering, but do not claim the link has been certified safe. |
For moderation systems, store both the tags and the inspected URL. Tags can change over time as intelligence updates.
const params = new URLSearchParams({
url: "https://example.com/post"
});
const response = await fetch(`https://api.linkmetadata.com/v1/metadata?${params}`);
if (!response.ok) {
throw new Error(`Metadata request failed with ${response.status}`);
}
const metadata = await response.json();
const tags = new Set(metadata.safety_tags);
if (tags.has("security_threat")) {
showSecurityWarning(metadata.url);
} else if (tags.has("adult")) {
showSensitiveContentGate(metadata);
} else {
renderPreview(metadata);
}
function getLinkDecision(tags) {
if (tags.includes("security_threat")) {
return "block";
}
if (tags.includes("adult")) {
return "gate";
}
if (tags.includes("suspicious_domain")) {
return "warn";
}
return "allow";
}
This is only an example. Your app should choose stricter or looser behavior based on audience, legal requirements, and abuse risk.
Safety tags do not inspect every page in real time for all possible harms. They are domain-level and signal-based. A compromised legitimate site may not be tagged immediately, and a newly seen malicious URL may need time before intelligence catches up.
Use safety tags alongside your own policy, reporting flow, and abuse monitoring.