diff --git a/src/fetch/mod.rs b/src/fetch/mod.rs
index e761a5e..08020ac 100644
--- a/src/fetch/mod.rs
+++ b/src/fetch/mod.rs
@@ -69,10 +69,19 @@ impl IncomingInfo {
             return true;
         }
 
-        // defense against upstream
-        if self.user_agent.contains("Misskey/") || 
-        // Purposefully typoed
-        // https://raw.githubusercontent.com/backrunner/misskey-media-proxy-worker/refs/heads/main/wrangler.toml
+        // defense against known looping user agents
+        //
+        // we do not consider whether there is a Via header or not because
+        // many legitimate CDNs and reverse proxies add their own Via before reaching us
+        // and that does not mean when the request is sent back to them the loop will be detected
+        // and next time it hit us again we will have no idea it's looping since the Via is stripped again
+        if self.user_agent.contains("Misskey/") {
+            return true;
+        }
+
+        // proxies that are once vulnerable but now fixed
+        if !self.via.contains("misskey-media-proxy-worker") &&
+        // Purposefully typoed to match the vulnerable version
         self.user_agent.contains("Edg/119.0.2109.1")
         {
             return true;