On a related note, I see that getting the secret is a GET request. However, since that request also deletes the secret I think it would be best if it was a POST request. This would probably also automatically fix any issue of a link preview triggering the secret deletion because I think they are designed to not execute POST requests generally speaking (but I could be wrong here).
Issue is resolved. Using DELETE request now, which feels a bit more accurate. Blocking crawlers is no longer needed, which also benefits page speed! Thanks again for the input. C.
