The current anti-pattern in online web hosting security:

  1. Front-end the site with a third-party security service. Cloudflare is a good one.

  2. Activate a blanket security policy, perhaps the service’s default one, which scrutinizes all requests to all endpoints in the same way. The policy prevents non-human clients from accessing the site’s RSS feed.

  3. Offer no simple way to contact the site owner to ask for a change to the policy, other than first by signing up for the site or joining some Discord server.

The last roadblock almost completely ensures that the problem will go unreported.

But the question is: why is the security layer not more intelligent in this regard?