Spiderable Middleware is a lightweight Node.js package designed for modern JavaScript web apps — including those built with React, Preact, Vue, Svelte, Angular, Ember, Backbone, Meteor, and others. It ensures that search engine crawlers and social media bots receive fully-rendered HTML, not just an empty skeleton. This bridges the gap between client-rendered apps and the indexing and preview requirements of platforms like Google, Facebook, and Twitter.
When paired with the global CDN and smart caching layer from ostr.io, spiderable-middleware significantly improves SEO scores, link previews, and performance metrics like TTFB and Lighthouse scores — all without requiring changes to existing codebase. It intelligently reroutes bot traffic to ostr.io rendering endpoints, minimizing server load, reducing database queries, and lowering infrastructure costs.
- 🕸 Execute JavaScript, — get rendered HTML page and its content;
- 🏎️ Improve delivery for dynamic and static pages via our advanced CDN and caching;
- 🏃♂️ Boost response rate and decrease response time with caching;
- 🚀 Optimized HTML markup for the best SEO score;
- 🎛️ Improve TTFB, LCP, INP, CLS, and other LightHouse metrics positively enhancing overall SEO score;
- 🖥 Supports PWAs and SPAs;
- 📱 Supports mobile-like crawlers;
- 💅 Supports
styled-components; - ⚡️ Supports AMP (Accelerated Mobile Pages);
- 🤓 Works with
Content-Security-Policyand other complex front-end security rules; - 📦 This package shipped with types and TS examples;
- ❤️ Search engines and social network crawlers love straightforward and pre-rendered pages;
- 📱 Consistent link previews in messaging apps, like iMessage, Messages, Facebook, Slack, Telegram, WhatsApp, Viber, VK, Twitter, and other apps;
- 💻 Image, title, and description previews for links posted at social networks, like Facebook, X/Twitter, Instagram, and other social networks.
- Installation
- Basic usage
- Meteor.js usage
- Return genuine status code
- Speed-up rendering
- Detect request from Prerendering engine during runtime
- Detect type of Prerendering engine
- JavaScript redirects
- AMP Support
- Rendering Endpoints
- API
- Debugging
- Running Tests
This package works as Express-style middleware, intercepting requests from crawlers and social media bots to your Node.js application. It seamlessly proxies those requests to a pre-rendering service, which returns fully-rendered static HTML — optimized for indexing and rich previews.
Built with developers in mind, spiderable-middleware is lightweight, well-structured, and easy to customize. Whether you're scaling a production app or prototyping, it's designed to be hackable and flexible enough to fit any project. By offloading bot traffic to the pre-rendering engine, it helps reduce backend load and improve server performance effortlessly.
Note
This package proxies real HTTP headers and response code, to reduce overwhelming requests, try to avoid HTTP-redirect headers, like Location . Read how to return genuine status code and handle JS-redirects
Important
This is server only package. This package should be imported/initialized only within server codebase
This middleware was tested and works like a charm with:
- express:
example.js,example.ts - connect:
example.js,example.ts - vanilla http(s) server:
example.js,example.ts - Nginx: example
- Apache: example
- See all examples
All other frameworks that follows Node/Express middleware convention - will work too.
Tip
This package was originally developed for ostr.io service. But it's not limited to, and can proxy-pass requests to any other rendering-endpoint.
Install spiderable-middleware package from NPM:
# using npmjs
npm install spiderable-middleware --save
# using yarn
yarn add spiderable-middlewareSetup pre-rendering middleware in few lines of code
Start with adding fragment meta-tag to HTML template, head, or page:
Tip
See usage examples in .js and .ts for quick copy-paste experience
<html>
<head>
<meta name="fragment" content="!">
<!-- ... -->
</head>
<body>
<!-- ... -->
</body>
</html>Import or require spiderable-middleware package:
// ES6 import
import Spiderable from 'spiderable-middleware';
// or CommonJS require
const Spiderable = require('spiderable-middleware');Register middleware handle:
import express from 'express';
import Spiderable from 'spiderable-middleware';
const spiderable = new Spiderable({
rootURL: 'https://example.com',
auth: 'test:test',
});
const app = express();
// ensure this is the most top registered handle
// to reduce response time and server load
app.use(spiderable.handle).get('/', (req, res) => {
res.send('Hello World');
});
app.listen(3000);Tip
We provide various options for serviceURL as "Rendering Endpoints", each endpoint has its own features to fit different project needs
To pass expected status code of a response from front-end JavaScript framework to browser/crawlers use specially formatted HTML-comment. This comment can be placed in any part of HTML-page. head or body tag is the best place for it.
html:
<!-- response:status-code=404 -->jade:
// response:status-code=404This package support any standard and custom status codes:
201-<!-- response:status-code=201 -->401-<!-- response:status-code=401 -->403-<!-- response:status-code=403 -->500-<!-- response:status-code=500 -->514-<!-- response:status-code=514 -->(non-standard)
To speed-up rendering, JS-runtime should tell to the Spiderable engine when the page is ready. Set window.IS_RENDERED to false, and once the page is ready set this variable to true. Example:
<html>
<head>
<meta name="fragment" content="!">
<script>
window.IS_RENDERED = false;
</script>
</head>
<body>
<!-- ... -->
<script type="text/javascript">
//Somewhere deep in app-code:
window.IS_RENDERED = true;
</script>
</body>
</html>Pre-rendering engine will set window.IS_PRERENDERING global variable to true. Detecting requests from pre-rendering engine are as easy as:
if (window.IS_PRERENDERING) {
// This request is coming from Pre-rendering engine
}Note
window.IS_PRERENDERING can be undefined on initial page load, and may change during runtime. That's why we recommend to pre-define a setter for IS_PRERENDERING:
let isPrerendering = false;
Object.defineProperty(window, 'IS_PRERENDERING', {
set(val) {
isPrerendering = val;
if (isPrerendering === true) {
// This request is coming from Pre-rendering engine
}
},
get() {
return isPrerendering;
}
});Like browsers, — crawlers and bots may request page as "mobile" (small screen touch-devices) or as "desktop" (large screens without touch-events) the pre-rendering engine supports these two types. For cases when content needs to get optimized for different screens pre-rendering engine will set window.IS_PRERENDERING_TYPE global variable to desktop or mobile
if (window.IS_PRERENDERING_TYPE === 'mobile') {
// This request is coming from "mobile" web crawler and "mobile" pre-rendering engine
} else if (window.IS_PRERENDERING_TYPE === 'desktop') {
// This request is coming from "desktop" web crawler and "desktop" pre-rendering engine
} else {
// This request is coming from user
}Redirect browser/crawler inside application when needed while a page is loading (imitate navigation), use any of classic JS-redirects can be used, including framework's navigation, or History.pushState()
window.location.href = 'https://example.com/another/page';
window.location.replace('https://example.com/another/page');
Router.go('/another/page'); // framework's navigation !pseudo codeImportant
Only 4 redirects are allowed during one request after 4 redirects session will be terminated.
Create new instance and pass middleware to server's routes chain;
new Spiderable(opts?: SpiderableOptions);opts{SpiderableOptions?} - [Optional] Configuration optionsopts.serviceURL{string} - Valid URL to Spiderable endpoint (local or foreign). Default:https://render.ostr.io. Can be set via environment variables:SPIDERABLE_SERVICE_URLorPRERENDER_SERVICE_URLopts.rootURL{string} - Valid root URL of a website. Can be set via an environment variable:ROOT_URLopts.auth{string} - Auth string in next format:user:pass. Can be set via an environment variables:SPIDERABLE_SERVICE_AUTHorPRERENDER_SERVICE_AUTH. Defaultnullopts.sanitizeUrls{boolean} - Sanitize URLs in order to "fix" badly composed URLs. Defaultfalseopts.botsUA{string[]} - An array of strings (case insensitive) with additional User-Agent names of crawlers that needs to get intercepted. See default bot's names. Set to['.*']to match all browsers and robots, to serve static pages to all users/visitorsopts.ignoredHeaders{string[]} - An array of strings (case insensitive) with HTTP header names to exclude from response. See default list of ignored headers. Set to['.*']to ignore all headersopts.ignore{string[]} - An array of strings (case sensitive) with ignored routes. Note: it's based on first match, so route/userswill cause ignoring of/part/users/part,/users/_idand/list/of/users, but not/user/_idor/list/of/blocked-users. Defaultnullopts.only{(String|RegExp)[]} - An array of strings (case sensitive) or regular expressions (could be mixed). Define exclusive route rules for pre-rendering. Could be used withopts.onlyRErules. Note: To define "safe" rules as {RegExp} it should start with^and end with$symbols, examples:[/^\/articles\/?$/, /^\/article\/[A-z0-9]{16}\/?$/]opts.onlyRE{RegExp} - Regular Expression with exclusive route rules for pre-rendering. Could be used withopts.onlyrulesopts.timeout{number} - Number, proxy-request timeout to rendering endpoint in milliseconds. Default:180000opts.requestOptions{RequestOptions} - Options for request module (like:timeout,lookup,insecureHTTPParser), for all available options seehttpAPI docsopts.debug{boolean} - [Optional] Enable debug and extra logging, default:false
Important
Setting .onlyRE and/or .only rules are highly recommended. Otherwise, all routes, including randomly generated by bots will be subject of Pre-rendering and may cause unexpectedly higher usage.
// CommonJS
// const Spiderable = require('spiderable-middleware');
// ES6 import
// import Spiderable from 'spiderable-middleware';
const spiderable = new Spiderable({
rootURL: 'https://example.com',
auth: 'test:test'
});
// More complex setup (recommended):
const spiderable = new Spiderable({
rootURL: 'https://example.com',
serviceURL: 'https://render.ostr.io',
auth: 'test:test',
only: [
/\/?/, // Root of the website
/^\/posts\/?$/, // "/posts" path with(out) trailing slash
/^\/post\/[A-z0-9]{16}\/?$/ // "/post/:id" path with(out) trailing slash
],
// [Optionally] force ignore for secret paths:
ignore: [
'/account/', // Ignore all routes under "/account/*" path
'/billing/' // Ignore all routes under "/billing/*" path
]
});Same configuration can get achieved via setting up environment variables:
ROOT_URL='https://example.com'
SPIDERABLE_SERVICE_URL='https://render.ostr.io'
SPIDERABLE_SERVICE_AUTH='APIUser:APIPass'alternatively, when migrating from other pre-rendering service — keep using existing variables, we support the next ones for compatibility:
ROOT_URL='https://example.com'
PRERENDER_SERVICE_URL='https://render.ostr.io'
PRERENDER_SERVICE_AUTH='APIUser:APIPass'Middleware handle
const spiderable = new Spiderable();
spiderable.handle(req: IncomingMessage, res: ServerResponse, next: NextFunction): void;
// Alias that returns {boolean}
// true — if prerendering takes over the request
spiderable.handler(req: IncomingMessage, res: ServerResponse, next: NextFunction): boolean;Example using connect and express package:
import { createServer } from 'node:http';
import Spiderable from 'spiderable-middleware';
const app = express();
// const app = connect();
const spiderable = new Spiderable();
app.use(spiderable.handle).use((_req, res) => {
res.end('Hello from Connect!\n');
});
createServer(app).listen(3000;Example using node.js http server:
import { createServer } from 'node:http';
import Spiderable from 'spiderable-middleware';
// HTTP(s) Server
http.createServer((req, res) => {
spiderable.handle(req, res, () => {
// Callback, triggered if this request
// is not a subject of spiderable pre-rendering
res.writeHead(200, {'Content-Type': 'text/plain; charset=UTF-8'});
res.end('Hello vanilla NodeJS!');
// Or do something else ...
});
}).listen(3000);Import types right from NPM package
import Spiderable from 'spiderable-middleware';
import type { SpiderableOptions, NextFunction } from 'spiderable-middleware';
const options: SpiderableOptions = {
rootURL: 'https://example.com',
auth: 'test:test',
debug: false,
/* ..and other options.. */
};
expectType<SpiderableOptions>(options);
const spiderable = new Spiderable(options);
expectType<Spiderable>(spiderable);
const next: NextFunction = (_err?: unknown): void => {};
expectType<void>(spiderable.handle(req, res, next));To properly serve pages for Accelerated Mobile Pages (AMP) we support following URI schemes:
# Regular URIs:
https://example.com/index.html
https://example.com/articles/article-title.html
https://example.com/articles/article-uniq-id/article-slug
# AMP optimized URIs (prefix):
https://example.com/amp/index.html
https://example.com/amp/articles/article-title.html
https://example.com/amp/articles/article-uniq-id/article-slug
# AMP optimized URIs (extension):
https://example.com/amp/index.amp.html
https://example.com/amp/articles/article-title.amp.htmlImportant
All URLs with .amp. extension and /amp/ prefix will be optimized for AMP.
- render (default) -
https://render.ostr.io- This endpoint has "optimal" settings, and should fit 98% cases. This endpoint respects cache headers of Crawler and origin server - render-bypass (devel/debug) -
https://render-bypass.ostr.io- This endpoint will bypass caching mechanisms. Use it when experiencing an issue, or during development, to make sure responses are not cached. It's safe to use this endpoint in production, but it may result in higher usage and response time - render-cache (under attack) -
https://render-cache.ostr.io- This endpoint has the most aggressive caching mechanism. Use it to achieve the shortest response time, and when outdated pages (for 6-12 hours) are acceptable
To change default endpoint, grab integration examples code and replace render.ostr.io, with endpoint from the list above. For NPM integration change value of serviceURL option.
Note: Described differences in caching behavior related to intermediate proxy caching, Cache-Control header will be always set to the value defined in "Cache TTL". Cached results at the "Pre-rendering Engine" end can be purged at any time.
spiderable-middleware package can get used to convert dynamic websites to rendered, cached, and lightweight static pages. Simply set botsUA to ['.*'] to achieve this behavior
import Spiderable from 'spiderable-middleware';
const spiderable = new Spiderable({
botsUA: ['.*']
/* ... other options ...*/
});Pass { debug: true } or set DEBUG=true environment variable to enable debugging mode.
Tip
To make sure a server can reach a rendering endpoint run cURL command or send request via Node.js to (replace example.com with your domain name):
# cURL example:
curl -v "https://test:test@render-bypass.ostr.io/?url=https://example.com"In this example we're using render-bypass.ostr.io endpoint to avoid any possible cached results, read more about rendering endpoints. As API credentials we're using test:test, this part of URL can be replaced with auth option from Node.js example.
Tip
The API credentials and instructions can be found at the very bottom of Pre-rendering Panel, — click on the name of your website, then on Integration Guide at the bottom of the page
// Node.js example:
const https = require('https');
https.get('https://test:test@render-bypass.ostr.io/?url=https://example.com', (resp) => {
let data = '';
resp.on('data', (chunk) => {
data += chunk.toString('utf8');
});
resp.on('end', () => {
console.log(data);
});
}).on('error', (error) => {
console.error(error);
});- Clone this package
- In Terminal (Console) go to directory where package was cloned
- Then run:
# Install development NPM dependencies:
npm install --save-dev
# Install NPM dependencies:
npm install --save
# Link package to itself
npm link
npm link spiderable-middleware
# Run tests:
ROOT_URL=https://127.0.0.1:3003 npm test
# Run same tests with extra-logging
DEBUG=true ROOT_URL=https://127.0.0.1:3003 npm test
# https://127.0.0.1:3003 can be changed to any local address, PORT is required!