edge enforcement is lowkey becoming the sweet spot where client-side and server-side finally meet in the middle. Publishers running Cloudflare Workers or Lambda@Edge can validate JWTs right at the CDN in under 10ms, split up cache keys based on what users are entitled to, and serve up different cached versions without ever letting unauthenticated traffic anywhere near the origin - basically you're getting server-side security with client-side caching economics, which is kind of a best-of-both-worlds vibe. And on the Googlebot verification thing, it's worth breaking down the bidirectional DNS check because it's pretty slick-- the reverse lookup has to spit back a hostname ending in .googlebot.com or .google.com, and then a forward lookup on that hostname needs to resolve right back to the original IP - spoofers can fake the PTR record all day long, but they straight up can't get Google's DNS servers to complete that round trip, so they're cooked. And calling dynamic/propensity walls metered but smarter honestly undersells them - these things are learning from behavioral signals like scroll velocity, session patterns, and reading depth, so if your access patterns start looking sus like bypass behavior, you'll hit progressively harder walls on future visits. The FT reported a wild 92% conversion lift after switching to ML-driven walls, mainly because the model gets really good at spotting high-propensity users and hitting them with the paywall ask at exactly the right moment instead of just throwing uniform friction at everyone