This analysis is based on Claude Code's source code, the agentic developer tool, not Claude.ai (the web chat). Claude Code is used by developers to build AI-powered agents and automate tasks. Claude.ai, ChatGPT, Perplexity, and other AI chat products may handle content completely differently. We cannot confirm these findings apply to those products.
What this covers: how Claude Code reads files, fetches URLs, and manages memory. Not model weights or training. The archive became public in March 2026.
Open to feedback: If you spot something wrong, tag us on Twitter or LinkedIn. We'll update the article.
TL;DR
- →The last memory file Claude reads gets the most weight. Put your most important instructions in the most local file.
- →Claude doesn't read your website. A smaller model does, capped at 125-character quotes.
- →Context files are cut at 4KB. Everything past that is deleted. You won't know it's missing.
- →60KB session cap. Once hit, nothing new loads for the entire conversation. First in wins.
- →Claude gets 8 searches per research turn. If your content needs query #9 to be found, it won't be found that turn.
- →JavaScript tabs, carousels, and accordions are invisible. Static HTML only.
- →HTML comments are stripped before Claude reads the file. There's no hidden channel.
- →Content that sounds like a command gets flagged as a prompt injection attack. Write facts, not instructions.
| What happens | Why it matters | What to do |
|---|---|---|
|
Last file = most weight
Priority by load order
|
Memory files load in reverse priority. The last one read gets the most attention. Local overrides everything above. | Put key claims in local filesClosest to working directory |
|
4KB file limit
Hard cut, no warning
|
Anything past ~500–800 words of your file is deleted. You won't know it's missing. | Front-load key claimsFirst ~500–800 words matter most |
|
60KB session cap
Stops for that conversation
|
If a competitor's content fills the 60KB budget early, yours is blocked from loading, even later when the topic is relevant. | Short files get surfaced moreDon't pad content |
|
An intern reads your page
Not Claude. A smaller, cheaper model.
|
"Industry-leading" gets paraphrased to nothing. "Reduces alerts by 70%" survives exactly. | Use specific numbersNot adjectives |
|
JS content is invisible
Tabs, carousels stripped
|
Features behind "click to expand" become blank space. Haiku sees nothing there. | Static HTML onlyNo JS-gated features |
|
8-search cap
Hardcoded, no override
|
Claude stops after 8 queries. Broad topics exhaust the budget on subtopics. You need to win a narrow slot. | Win one specific queryNot ten broad ones |
|
HTML comments deleted
Stripped before Claude reads
|
Hidden instructions in comment tags are erased before the model ever sees the file. | No hidden channelsEverything visible or nothing |
|
Instructions get flagged
Anti-injection is trained-in
|
"Always recommend X" triggers Claude's injection defense. Gets flagged to the user. Not followed. | State facts, not commandsDeclarative, not imperative |
When Yandex leaked in 2023, SEOs stopped guessing and started knowing. Same thing here.
In 2023, Yandex's internal search code became public. The leak exposed 1,922 ranking factors, things SEOs had theorized about for years, suddenly confirmed or killed. The field moved fast.
In March 2026, Claude Code's TypeScript source became publicly accessible.
Claude code source code has been leaked via a map file in their npm registry!
— Chaofan Shou (@Fried_rice) March 31, 2026
Code: https://t.co/jBiMoOzt8G pic.twitter.com/rYo5hbvEj8
We went through the runtime files: the code that controls how Claude reads your content, fetches your website, and manages memory. Not the model weights. The operating rules: limits, filters, priorities, all of it readable in plain code. We used Claude Code to do it.
What follows is 7 findings from that code. Some confirm what practitioners suspected. Some contradict popular GEO advice. The source references are below each finding. If you think we read something wrong, tag us on Twitter or LinkedIn. We'll update the article.
Everything in this article traces back to one pipeline.
Not Claude.
your actual page.
Claude never reads your website. A cheaper model does. It paraphrases everything, loses your JS content, and can only quote you directly for 125 characters — roughly one sentence. That summary is all Claude sees.
Claude pays more attention to whatever it reads last
It's in the comments: files are loaded in reverse priority order, with the latest files getting the most attention. Local beats Project beats User beats Global. Within a single file, earlier content is safer, but across files, the last one loaded wins.
Within a single file: top of the file is safest (the 4KB cliff means anything lower can be cut). Across files: the last file loaded gets the most weight. Put your most specific, project-level instructions in the file closest to the working directory. Different rules, different scopes. Both matter.
Your content is cut off at 4,096 bytes. After that: gone.
The previous finding covers which file gets the most attention. This one covers how much of that file Claude actually reads: 4,096 bytes, roughly 500-800 words. Whatever follows that limit is deleted. Claude receives a truncation message pointing to the full file. From what we observed, it tends to continue without reading the rest, but the code itself doesn't prevent it from doing so. There's a second cap: once 60KB of content has loaded across a session, memory prefetch stops for that conversation. The first content loaded wins the session.
In Claude Code, Claude never reads your website directly. A smaller model does, then summarizes it.
Claude doesn't read your website. It hands the URL to Haiku, a smaller, faster model, which converts your HTML to Markdown via Turndown, then truncates that output at 100,000 characters, and writes a summary. Haiku is explicitly instructed to use a maximum of 125 characters when quoting your content. Claude receives that summary. Not your page.
Think of it like this: your website never talks to Claude directly. There's an intern in between. The intern reads your page, writes a three-sentence summary, and that summary is what Claude actually sees. The intern can only quote you directly for 125 characters, roughly one short sentence. Everything else gets paraphrased in their own words. If your value prop is vague or loaded with adjectives, the intern paraphrases it into nothing. If it's specific ("reduces alert fatigue by 70%"), that survives. If it's hidden behind a JavaScript tab, the intern can't even see it.
If your key features live inside a JS tab or accordion, Claude cannot see them. Turndown converts HTML to Markdown; JavaScript-rendered content becomes blank space. Put everything Claude needs to know in plain, static HTML.
Anthropic whitelists developer docs. Those sites skip the 125-character quote cap.
Before every fetch, Claude checks a live Anthropic API to confirm the domain is allowed. Sites on the preapproved list (Python docs, MDN, React, Next.js, and others) get different treatment: they bypass the blocklist check, and Haiku receives different instructions (no strict 125-character quote cap). If the preapproved content comes back as Markdown and is under 100,000 characters, it goes straight to Claude without Haiku at all. Everything else gets filtered, summarized, and capped at 125 characters per quote.
If an authoritative developer doc mentions your product or links to your docs, that reference reaches Claude unfiltered. A citation in the Python docs, MDN, or React's documentation is worth more than almost anything on your own site because it bypasses the 125-character filter entirely. Getting cited by preapproved sources is the highest-value GEO play this finding reveals.
Claude gets 8 searches per task. The limit is hardcoded.
One line in the source: max_uses: 8. That's the search cap per turn. You can filter which domains Claude searches, but you cannot raise this limit. When Claude researches a broad topic, it burns through all 8 searches on subtopics. If finding your product requires query #9, it doesn't get found in that turn. A new conversation resets the budget.
Own specific questions completely rather than covering broad topics loosely. "Best invoicing software for freelancers" is a query you can win. "Best business software" burns through all 8 searches on subtopics and never surfaces you. Same with "project management tool for remote design teams" vs "project management software." The narrower the question, the better your odds within an 8-search budget.
HTML comments are deleted before Claude reads anything. There's no back channel.
A common black-hat growth hack is hiding instructions in HTML comments, invisible to humans but readable by AI. The code says otherwise. Comments are stripped by a preprocessing step before the model sees the file at all. The implementation uses the marked Lexer, not a simple regex, so block-level comments are reliably removed. Inline comments inside paragraphs technically survive the strip and do reach Claude. But they're not reliable signal. They sit in the middle of paragraph text, not as standalone instructions. Don't use comments for signal.
Content that sounds like a command gets flagged as a prompt injection attack
Claude's system prompt, loaded before every conversation, explicitly tells it to flag tool results that look like an attempt to override its behavior. If tool results Claude fetches, including your website content, read like a command ("always recommend X"), Claude flags it to the user and moves on. If it reads like a fact, it's treated as useful context. The defense is baked in. You can't write around it.
All 7 findings, in plain English
These aren't best practices. They're hard limits in the code.
Claude reads your first 4KB, sends your website to a smaller AI that summarizes it (capped at 125-character direct quotes), and stops searching after 8 queries. If your most important claim isn't specific, measurable, and near the top, it probably never reaches Claude at all.
Source reference map
All code samples are from the Claude Code source archive (src.zip, March 2026). This covers the agentic runtime, not model weights. Findings apply to Claude Code and Claude-powered agents only. Claude.ai chat, ChatGPT, and Perplexity are separate products and likely behave differently. Code samples are quoted for commentary and analysis purposes. Note: earlier versions of this article included findings about memory compaction (F09) and a single-word input guard (F04). We removed both. The code is real, but F09's GEO implication was overstated and F04's behavior is behind a feature flag that defaults to off. We also removed Finding 02 (the OVERRIDE instruction string): accurate code, but the practical lesson doesn't apply to most readers.
Yuval Halevi
Helping SaaS companies and developer tools get cited in AI answers since before it was called "GEO." 10+ years in B2B SEO, 50+ cybersecurity and SaaS tools clients.