So I don't use cloudflare. But only serve clients that support brotli and have a valid cookie. All the actual content comes down an SSE connection. Haven't had any problems with bots on my 5$ VPS.

What I realised recently is for non user browsers my demos are effectively zip bombs.

Why?

Because I stream each frame and each frame is around 180kb uncompressed (compressed frames can be as small as 13bytes). This is fine as the users browser doesn't hold onto the frames.

But, a crawler will hold onto those frames. Very quickly this ends up being a very bad time for them.

Of course there's nothing of value to scrape so mostly pointless. But, I found it entertaining that some scummy crawler is getting nuked by checkboxes [1].

- https://checkboxes.andersmurphy.com