Explanation

Safety tags

What safety tags mean, how they are produced, and how to use them in product decisions.

Safety tags are readable labels that describe URL-level signals. They are designed for product behavior such as warnings, moderation queues, filtering, or analytics.

{
  "safety_tags": ["adult", "security_threat"]
}

An empty array means LinkMetadata did not return a tag for that URL. It does not prove the URL is safe.

Current tags

TagMeaningTypical use
adultThe parent domain is known for adult content.Hide previews by default, require a click-through, or block in restricted contexts.
security_threatThe parent domain is known for malware, phishing, or another security threat.Block navigation, show a strong warning, or send to review.
suspicious_domainThe URL or domain has suspicious signals, such as an IP URL, parked domain, or newly registered high-entropy domain.Warn users, reduce ranking, or send to moderation.

Tags can be combined. For example, a domain can return both adult and security_threat.

How tags are produced

LinkMetadata checks the registrable parent domain instead of only the exact subdomain. For example, metadata for blog.example.com is evaluated against example.com where possible.

adult and security_threat come from known-domain intelligence.

suspicious_domain can come from:

  • an IP address used as the URL host;
  • parked-domain signals from nameservers;
  • a newly registered domain with high-entropy naming patterns.

Domain registration and nameserver lookups may be cached. If safety lookup fails, the metadata request can still succeed with an empty safety_tags array.

Treat tags as signals, not verdicts.

SituationRecommended UX
security_threat is presentDo not auto-open the URL. Show a strong warning or block the action.
adult is presentRespect product policy, user age settings, and workspace controls before rendering previews.
suspicious_domain is presentAdd friction: show the destination host, disable rich media, or route to review.
No tags are presentContinue normal rendering, but do not claim the link has been certified safe.

For moderation systems, store both the tags and the inspected URL. Tags can change over time as intelligence updates.

Fetch and branch on tags

const params = new URLSearchParams({
  url: "https://example.com/post"
});

const response = await fetch(`https://api.linkmetadata.com/v1/metadata?${params}`);

if (!response.ok) {
  throw new Error(`Metadata request failed with ${response.status}`);
}

const metadata = await response.json();
const tags = new Set(metadata.safety_tags);

if (tags.has("security_threat")) {
  showSecurityWarning(metadata.url);
} else if (tags.has("adult")) {
  showSensitiveContentGate(metadata);
} else {
  renderPreview(metadata);
}

Example policy

function getLinkDecision(tags) {
  if (tags.includes("security_threat")) {
    return "block";
  }

  if (tags.includes("adult")) {
    return "gate";
  }

  if (tags.includes("suspicious_domain")) {
    return "warn";
  }

  return "allow";
}

This is only an example. Your app should choose stricter or looser behavior based on audience, legal requirements, and abuse risk.

Limitations

Safety tags do not inspect every page in real time for all possible harms. They are domain-level and signal-based. A compromised legitimate site may not be tagged immediately, and a newly seen malicious URL may need time before intelligence catches up.

Use safety tags alongside your own policy, reporting flow, and abuse monitoring.