MicroMessenger
Bot User-Agent:micromessenger
🤖 Overview
MicroMessenger is the built-in browser component of Tencent’s WeChat mobile application (also known as Weixin), first documented publicly in 2013. It serves as the rendering engine for web pages opened within WeChat’s chat interface, Moments feed, Official Accounts, and Mini Programs, and also functions as an automated link-preview agent. When a user shares a URL in a chat, WeChat’s server-side Link Preview Crawler fetches the target page using the MicroMessenger User‑Agent to extract Open Graph metadata, favicon, and a screenshot. This behavior is explicitly described in Tencent’s official WeChat Developer Documentation, which details the Link Preview API and HTTP request format. Unlike a traditional search engine crawler, MicroMessenger acts as both a headless browser and a lightweight scraper depending on context. It is classified as a legitimate automated agent essential for the social platform’s functionality.
🌐 Technical Behavior
MicroMessenger issues HTTP GET requests from Tencent’s cloud infrastructure, typically originating from IP ranges registered under AS132203 (Tencent Cloud) and AS45090 (Shenzhen Tencent). Observed request patterns show bursty behavior: a single shared URL triggers multiple rapid fetches within seconds (one for metadata, one for screenshot, and sometimes one for JavaScript pre-rendering). The agent supports HTTP/1.1 and HTTP/2, and uses TLS 1.2/1.3. It does not respect Accept-Encoding hints by default and always requests HTML content with a custom X-Requested-With: XMLHttpRequest header in many cases. Its crawl depth is limited to the shared URL and up to three embedded resources (images, CSS, scripts) for preview generation. The request frequency per domain can spike to 5–10 requests per second when multiple users share the same link, which has led to server load incidents documented on Tencent’s Developer Forum and third‑party blog posts.
📋 robots.txt Compliance
Tencent has not published official documentation stating that MicroMessenger honors robots.txt directives. Empirical tests by web security researchers (e.g., blog posts from 2020–2023 on Medium and HackerNews) indicate that the link-preview crawler ignores Disallow rules when fetching preview data, as its purpose is to provide link summaries for WeChat users regardless of server permission. However, the headless browser component opened inside WeChat does respect the page’s robots meta tag if present. For sensitive content, Tencent recommends using X-Robots-Tag: noindex or JavaScript-based blocking to prevent preview generation.
🔍 Detection Indicators
The primary identifying User‑Agent string follows the format: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/… Safari/537.36 MicroMessenger/… on Android, and an iOS variant with AppleWebKit and MicroMessenger/…. Another string used by the link‑preview server is WeChat/2.0 (Android/…) like Safari or WeChat/2.0 (iPhone; …). Additional behavioral fingerprints include a missing Referer header on initial requests, the X-Requested-With: XMLHttpRequest header, and a User-Agent that always contains MicroMessenger. The crawler also frequently sends a Accept: text/html,application/xhtml+xml header with a low priority for other MIME types.
📊 Data Usage
Tencent uses the fetched metadata exclusively for displaying rich link previews within WeChat conversations, Moments, and Official Account articles. The data—including title, description, image, and site name—is cached on Tencent’s CDN for up to 24 hours to reduce repeated fetches. No raw HTML or page content is stored permanently; only the Open Graph fields and a thumbnail are persisted. This usage is described in Tencent’s Privacy Policy under “Link Sharing Services.” The MicroMessenger browser itself does not feed data into any AI training pipeline. However, aggregated anonymized statistics about shared link domains may be used for internal analytics.
⚙️ Rate Limiting Policy
MicroMessenger is rate‑limited because its bursty, multi‑request preview fetches can overwhelm origin servers, particularly for high-traffic shared links. A reasonable policy allows 10 requests per minute per shared URL and a 20‑second cooldown between subsequent fetches of the same URL. Threshold‑based blocking is justified to protect server resources without denying legitimate WeChat users access to link previews.
Similar Threats
53% of Web Traffic Is Bots in 2026
— Imperva Bad Bot Report 2026
How much of your traffic is automated? Get your personal bot traffic report and see exactly what's hitting your server — completely free.
📊 Get My Bot ReportSign up in seconds · No card required
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the bots listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.