Technical SEO15 min readJuly 17, 2026

AI Crawler Controls in 2026: Separate Search Visibility, Model Training, and User-Directed Fetches

Compare OpenAI, Google, Anthropic, and Perplexity crawler controls for search, training, user fetches, robots.txt, WAFs, IP ranges, and logs.

Crawler policy / three decisions
01Search visibilitySearch crawler
02Model trainingTraining crawler
03User-directed fetchUser action
Search, training, and user fetches are separate lanesPolicy · delivery · verification

“Block AI bots” is no longer a coherent technical instruction. The same provider may operate one crawler for search discovery, another for possible model training, and a user-triggered agent that retrieves a page because a person asked it to. Those requests can have different robots behavior, different identity evidence, and different consequences for visibility.

A useful policy begins with purpose. Decide whether a page should be eligible for search answers, whether its content may be considered for model training, whether a user-directed assistant may retrieve it, and whether an authenticated agent may complete an action. Then map each decision to documented controls and verify what your origin actually serves. Purpose is not network identity: a provider may reuse a crawl or stored copy across documented uses, and a verified request proves a fetch—not every downstream use of the bytes.

Section 01

Start with three read decisions—and one action boundary

Search inclusion, model training, and user-directed retrieval are three separate read purposes. A service business may want public service pages discoverable in ChatGPT Search while signaling that those pages should not be used for training OpenAI foundation models. A publisher may allow Google Search, including AI Overviews and AI Mode, while using Google-Extended to control specified Gemini training and grounding uses outside Search. A private portal should rely on authentication rather than assuming a robots rule makes the content private. State-changing agent actions are a fourth, higher-risk boundary governed by application security rather than crawler policy.

The policy questions that must not be collapsed
PurposeBusiness questionTypical control layer
Search discoveryMay this page be indexed or surfaced as a supporting result?Provider crawler rule, indexability, and result-preview controls
Model trainingMay crawled content be considered for future foundation-model training?Provider-specific training token or documented opt-out
User-directed retrievalMay an assistant fetch this page in response to a person's request?Provider agent rule where honored, plus real access controls
Agent actionMay software submit, book, buy, or change state?Authentication, authorization, CSRF protection, confirmation, and audit logs
Section 02

OpenAI: OAI-SearchBot is not GPTBot

OpenAI documents OAI-SearchBot as the crawler used to surface websites in ChatGPT search features. It recommends allowing the user agent and requests from its published IP ranges to help ensure inclusion. OpenAI states that sites opted out of OAI-SearchBot will not be shown in ChatGPT search answers, although navigational links can still appear in specified circumstances. A robots change can take approximately 24 hours to propagate through OpenAI's search systems.

GPTBot has a different purpose. OpenAI says it crawls content that may be used to make generative AI foundation models more useful and safe, and that disallowing GPTBot indicates the site's content should not be used in training those models. The settings are independent: allowing OAI-SearchBot while disallowing GPTBot is a documented configuration, not a workaround.

ChatGPT-User supports certain actions initiated by a person in ChatGPT or a Custom GPT. OpenAI says it is not an automatic web crawler, is not used to determine Search inclusion, and may not be governed by robots rules because the request is user initiated. It publishes a separate IP-range endpoint for this agent. A WAF policy that allows OAI-SearchBot but blocks every browser-like or user-triggered request may therefore produce a different result from the robots policy.

OpenAI verification

  • Inspect the live robots response for OAI-SearchBot and GPTBot separately.
  • Confirm that CDN and WAF rules do not contradict the intended robots policy.
  • Validate source IPs against OpenAI's current published JSON ranges rather than trusting the user-agent string alone.
  • Check representative public pages for successful status codes and usable HTML.
  • Wait through the documented adjustment period before repeating inclusion tests.
  • Treat observed ChatGPT links and tagged referrals as separate evidence from crawler access.
Section 03

Google: Search access and Google-Extended have different effects

Google's AI Overviews and AI Mode are features of Google Search. Google says Googlebot is the site-owner control for how content is crawled for Search, including those generative AI features. Blocking Googlebot prevents recrawling and can remove the content and snippet eligibility needed for ordinary and generative Search supporting links. A URL discovered elsewhere can still be known or appear without a useful snippet, so crawl blocking is not a guaranteed URL-removal control.

Google-Extended is a standalone robots product token, not a separate HTTP user agent. Google says it controls whether content Google crawls may be used to train future Gemini models that power Gemini Apps and the Vertex AI Gemini API, and for grounding in those specified products. Google explicitly states that Google-Extended does not affect inclusion or ranking in Google Search.

Search-result presentation has additional controls. Google documents noindex for removal and nosnippet, data-nosnippet, and max-snippet for limiting information shown from a page. Those directives have different scopes from a crawler disallow. A crawler must be able to fetch a page to see a meta directive, which is why combining a robots block with a meta instruction can prevent the instruction from being read. When a specific user-agent group matches, it does not inherit rules from the wildcard group; groups for the same specific token may be combined. Restate every intended rule in the matching group and test it with Google's documented robots parser semantics.

Google also documents user-triggered fetchers that are distinct from Googlebot. Current examples include Google-Agent and Google-GeminiNotebook; Google-NotebookLM remains the former product token during a documented transition through August 2026. Google says user-triggered fetchers generally ignore robots.txt because a person initiated the request. Some Google-Agent traffic can additionally carry signed Web Bot Auth evidence. None of those identities should receive privileged application access merely because its user-agent string looks familiar.

Section 04

Anthropic and Perplexity also separate purposes

Anthropic documents three robots. ClaudeBot collects public web content that could contribute to model training. Claude-SearchBot navigates the web to improve search-result quality. Claude-User retrieves content at a user's direction. Anthropic says disabling Claude-SearchBot may reduce a site's visibility and accuracy in user search results, while disabling Claude-User may reduce visibility for user-directed web search. It says its bots honor robots rules and documents a non-standard Crawl-delay extension.

Anthropic's current crawler guidance links to an official bots.json file containing IP prefixes. It warns that blocking those addresses can prevent its bots from reading robots.txt and therefore may not guarantee the intended opt-out. Use the list as dated identity evidence, not a policy substitute: keep explicit robots rules as the documented crawl control, record when the list was retrieved, and recheck it before changing a WAF allowlist.

Perplexity documents PerplexityBot as its search-indexing crawler and Perplexity-User as a user-action agent. Its crawler documentation recommends allowing PerplexityBot and published bot IP ranges for search visibility, and says Perplexity-User generally ignores robots rules because a user requested the fetch. On July 16, 2026, Perplexity separately stated that direct URL summarization for a robots-blocked page had been disabled and that PerplexityBot crawls in compliance with robots.txt. Read those claims narrowly: they establish the stated search-crawler behavior and a disabled direct-summary path, not a universal promise that every user-directed or indirectly discovered workflow obeys the same rule.

Documented provider controls as of July 18, 2026
ProviderAutomated search crawlerTraining-related use or controlUser-triggered fetcherIdentity evidence / limitation
OpenAIOAI-SearchBotGPTBot opt-out for stated foundation-model trainingChatGPT-User; robots may not govern user-initiated requestsPublished IP JSON; a blocked crawler can still leave limited navigational links
GoogleGooglebot for Google Search featuresGoogle-Extended for specified Gemini training and grounding usesGoogle-Agent and Google-GeminiNotebook; user-triggered fetchers generally ignore robotsDNS/IP verification plus Web Bot Auth for some Google-Agent requests; no universal Gemini switch
AnthropicClaude-SearchBotClaudeBot training controlClaude-User; provider says robots rules are honoredOfficial bots.json is dated evidence, not a permanent allowlist
PerplexityPerplexityBot; provider states robots complianceProvider says PerplexityBot is not for foundation-model trainingPerplexity-User; crawler docs say it generally ignores robotsPublished IP ranges; direct blocked-URL summary statement does not settle every indirect path
Section 05

Write a page-class policy before writing robots rules

A single site-wide rule is rarely the best starting point. Public service pages, original research, account pages, staging environments, licensed media, and lead-confirmation pages have different business and privacy requirements. Classify those surfaces first. A public article may be deliberately available to search crawlers. A customer portal must be authenticated. A thank-you page may be public at the transport layer but should usually be noindexed and free of personal data.

Policy design sequence

  1. Inventory page classes and identify the owner of each class.
  2. Decide the desired outcome for search discovery, model training, user retrieval, and agent action.
  3. Map each outcome only to controls the provider officially documents.
  4. Identify where authentication, authorization, or application logic is required instead of robots preferences.
  5. Write the smallest explicit rules that implement the approved decisions.
  6. Review CDN, WAF, bot-management, and hosting defaults for contradictory enforcement.
  7. Record the policy date, source URLs, approver, and next review date.

Avoid unrecognized bot names copied from old lists. Providers rename products, introduce new agents, and change documentation. An unrecognized token can create the appearance of control while doing nothing. Conversely, a wildcard block may catch legitimate search crawlers and remove visibility. Every token in production policy should have a current first-party reference and a stated owner.

Section 06

Verify the live path, not just the file

A correct robots file can coexist with a broken delivery path. A CDN may serve an old cached file. A WAF may challenge the bot before it reaches the origin. A hosting rule may return different content by user agent. JavaScript may hide the important text from a crawler that does not execute the same rendering path. Verification therefore needs requests, responses, and logs.

Production validation gate

  • Fetch `/robots.txt` from the public canonical host and record status, body, headers, and timestamp.
  • Run a synthetic parser or request test with the documented token and label it as configuration evidence, not provider traffic.
  • Where providers publish ranges, compare the observed source address with the current official JSON endpoint.
  • Inspect WAF events for challenges, managed-bot decisions, rate limits, and false positives.
  • Confirm response status, canonical, robots meta directives, and important textual content.
  • Check server logs after the provider's stated propagation window and label only requests with verified provider identity as real crawler traffic.
  • Do not search logs for a Google-Extended HTTP user agent; Google-Extended is a robots product token, not a request identity.
  • Run a separate search-result or citation observation; crawler success alone does not prove visibility.
  • Retain evidence without storing secrets or unnecessary personal request data.
Section 07

Measure the consequence of a policy change

A crawler-policy release should have a change record and an observation window. Capture the old and new robots files, affected page classes, provider documentation, deployment time, CDN purge state, and expected propagation. Then inspect crawler requests, indexability, observed search links, referrals, and lead outcomes as separate measures.

Do not attribute every visibility change to the robots edit. Search systems recrawl on their own schedules, generated answers vary, and provider products change. A controlled audit can show that a crawler became allowed and later fetched the page. It cannot prove that the rule caused a citation unless the design includes adequate controls and repeated observations.

Crawler policy change ledger
Evidence layerRecordClaim allowed
ConfigurationVersioned robots and WAF rulesThe intended policy changed
TransportDated successful or blocked requestsThe tested request received this response
Crawler activityVerified log entriesA documented crawler accessed the URL
Search observationCaptured result, prompt, date, and surfaceThe page appeared in that observation
Indirect discoveryDated link, title, snippet, or third-party source observed without a verified direct fetchThe system knew or displayed limited information; direct crawl is not established
ReferralTagged or attributed landing sessionA visit arrived with that source evidence
OutcomeAccepted lead or revenue recordA business outcome occurred under the stated attribution limits
Primary and authoritative references

Source ledger

These sources support the operating guidance above. Platform behavior and documentation can change, so volatile implementation details should be rechecked before a rollout.

  1. Overview of OpenAI CrawlersOpenAI. Purpose, independence, agent strings, propagation guidance, and published IP endpoints for OpenAI agents.
  2. Publishers and Developers FAQOpenAI Help Center. Search inclusion, navigational-link behavior, noindex, training controls, and referrals.
  3. List of Google's common crawlersGoogle Crawling Infrastructure. Googlebot and Google-Extended effects; last updated July 14, 2026.
  4. AI features and your websiteGoogle Search Central. Search eligibility and preview controls for AI Overviews and AI Mode.
  5. List of Google's user-triggered fetchersGoogle Crawling Infrastructure. Current user-triggered agent tokens, robots behavior, and product-name transition.
  6. Verifying Googlebot and other Google crawlersGoogle Crawling Infrastructure. DNS and published-IP verification methods for Google crawler traffic.
  7. Web Bot AuthGoogle Crawling Infrastructure. Signed identity evidence available for some Google-Agent requests.
  8. How Google interprets the robots.txt specificationGoogle Search Central. Matching groups, wildcard behavior, rule combination, and Google-specific parser semantics.
  9. Does Anthropic crawl data from the web, and how can site owners block the crawler?Anthropic Help Center. ClaudeBot, Claude-SearchBot, Claude-User, robots behavior, and the linked bots.json IP-prefix list with maintenance caveats.
  10. Perplexity CrawlersPerplexity. PerplexityBot, Perplexity-User, published IP ranges, and WAF guidance.
  11. How does Perplexity follow robots.txt?Perplexity Help Center. July 16, 2026 statement about current robots behavior and prior URL-summary behavior.
  12. RFC 9309: Robots Exclusion ProtocolIETF. Standards-track robots syntax, access behavior, caching, and explicit non-authorization boundary.
Implementation

The practical next step

Inventory five representative page classes, decide separately whether each should support search discovery, model training, user-directed retrieval, and agent actions, then test every provider-specific robots group and access rule at the public origin. Preserve direct-fetch, identity, indirect-discovery, and result evidence as separate layers, and re-open every provider reference before deployment.