I had a truly maddening problem where my /embed/ functionality was sometimes returning full pages to CURL commands and online services like redirect-checker.org, etc.
It turned out, it was Yoast's URL parameter stripping. I had failed to update Yoast's settings with some new parameters I was using, and what Yyoast never tells you is that when you're logged in, it lets everything work fine, and only strips parameters for non-logged in users. It just lets you proceed on your way thinking everything is working fine until you can't figure out why curl -I https://mysite.com/blah?param1¶m2 is getting a 301 redirect while https://mysite.com/blah?param1¶m2 is loading fine in your browser. This is especially fun on sites like mine where things like /embed/ and ?embed get written back and forth to each other internally.
I lost several hours to this.
Yoast's docs say there's a way of registering parameters but, helpfully/s, never tells you what it is, and I can't find it online.
I've permanently turned off the url parameter stripping. I have everything properly tagged with canonical tags, so no worries about duplicate content for SEO purposes, and now, and I know I'm not getting served a slightly different URL (because I'm logged in) than the rest of the world is seeing.
