gRPC metadata is a useful mechanism for implementing authentication, tracing, and application-specific features. It is important that applications configure a limit on received metadata size, since metadata is not flow-controlled and large amounts can severely degrade performance. But configuring metadata limits can be tricky - what if the client accidentally starts sending too much metadata? Or worse, what if some proxy between client and server configures a lower metadata limit than the server? This talk will explore these questions and more, including how applications can learn to protect against such issues in the future.