diff --git a/src/realms/api/hit.ts b/src/realms/api/hit.ts
new file mode 100644
index 0000000..5519c20
--- /dev/null
+++ b/src/realms/api/hit.ts
@@ -0,0 +1,15 @@
+import { Context } from "hono";
+
+export const linkHitRequest = async (c: Context) => {
+  // eslint-disable-next-line sonarjs/no-duplicate-string
+  const userAgent = c.req.header('User-Agent') || '';
+
+  if (userAgent.includes('Telegram')) {
+    c.status(403);
+  }
+  // If param `url` exists, 302 redirect to it
+  if (typeof c.req.query('url') === 'string') {
+    const url = new URL(c.req.query('url') as string);
+    return c.redirect(url.href, 302);
+  }
+}
\ No newline at end of file
diff --git a/src/realms/api/router.ts b/src/realms/api/router.ts
index 6816dc5..da08d56 100644
--- a/src/realms/api/router.ts
+++ b/src/realms/api/router.ts
@@ -3,6 +3,7 @@ import { statusRequest } from '../twitter/routes/status';
 import { profileRequest } from '../twitter/routes/profile';
 import { Strings } from '../../strings';
 import { Constants } from '../../constants';
+import { linkHitRequest } from './hit';
 
 export const api = new Hono();
 
@@ -16,6 +17,9 @@ api.use('*', async (c, next) => {
   }
   await next();
 });
+
+api.get('/2/hit', linkHitRequest);
+
 /* Current v1 API endpoints. Currently, these still go through the Twitter embed requests. API v2+ won't do this. */
 api.get('/status/:id', statusRequest);
 api.get('/status/:id/', statusRequest);
diff --git a/src/render/instantview.ts b/src/render/instantview.ts
index 256a814..09e6969 100644
--- a/src/render/instantview.ts
+++ b/src/render/instantview.ts
@@ -60,7 +60,7 @@ const formatDate = (date: Date): string => {
 const htmlifyLinks = (input: string): string => {
   const urlPattern = /\bhttps?:\/\/[\w.-]+\.\w+[/\w.-]*\w/g;
   return input.replace(urlPattern, url => {
-    return `<a href="${url}">${url}</a>`;
+    return `<a href="${wrapForeignLinks(url)}">${url}</a>`;
   });
 };
 
@@ -117,6 +117,27 @@ const truncateSocialCount = (count: number): string => {
   }
 };
 
+const wrapForeignLinks = (url: string) => {
+  let unwrap = false;
+  const whitelistedDomains = [
+    'twitter.com',
+    'x.com',
+    't.me',
+    'telegram.me'
+  ]
+  try {
+    const urlObj = new URL(url);
+
+    if (!whitelistedDomains.includes(urlObj.hostname)) {
+      unwrap = true;
+    }
+  } catch (error) {
+    unwrap = true;
+  }
+
+  return unwrap ? `https://${Constants.API_HOST_LIST[0]}/2/hit?url=${encodeURIComponent(url)}` : url;
+}
+
 const generateStatusFooter = (status: APIStatus, isQuote = false): string => {
   const { author } = status;
 
@@ -153,7 +174,7 @@ const generateStatusFooter = (status: APIStatus, isQuote = false): string => {
           }'s profile picture" />`,
           location: author.location ? `📌 ${author.location}` : '',
           website: author.website
-            ? `🔗 <a href=${author.website.url}>${author.website.display_url}</a>`
+            ? `🔗 <a rel="nofollow" href="${wrapForeignLinks(author.website.url)}">${author.website.display_url}</a>`
             : '',
           joined: author.joined ? `📆 ${formatDate(new Date(author.joined))}` : '',
           following: truncateSocialCount(author.following),