Key Takeaways
- Configuring your robots.txt is only half the battle — you must actively verify that AI crawlers can reach your pages through all layers of your infrastructure
- Use curl with specific user agent strings to simulate GPTBot, PerplexityBot, and other AI crawlers from the command line
- Check your server access logs for real crawler visits and the HTTP status codes they receive — this is the most reliable verification method
- Test through every layer: robots.txt, CDN, WAF, rate limiting, geographic restrictions, and CAPTCHA challenges
- Automate your verification with monthly checks and immediate re-testing after any infrastructure changes
Want to skip the manual testing? Run a free AI crawler access scan — checks all major AI bots in 60 seconds, no signup required.
Table of Contents
Why Verification Matters
You have updated your robots.txt to allow AI crawlers. You have reviewed the complete list of AI crawler bots and confirmed the right user agents are permitted. But here is the uncomfortable truth: robots.txt compliance is voluntary, and it is only one of many layers between an AI crawler and your content.
Your CDN might be blocking bots at the edge. Your WAF might be issuing CAPTCHA challenges. Your hosting provider might be rate-limiting unfamiliar user agents. Your server configuration might be returning 403 errors to non-browser requests. Any one of these layers can silently prevent AI crawlers from reading your content — even when your robots.txt is perfectly configured.
Verification is the process of confirming, through multiple methods, that AI crawlers are actually receiving your page content with a 200 OK response. Without verification, you are guessing.
Testing with curl: Simulating AI Crawlers
The most direct way to test AI crawler access is to simulate a crawler request from your command line using curl. This sends a request to your site with the same user agent string that the actual AI bot uses.
GPTBot verification
curl -s -o /dev/null -w "%{http_code}" \
-A "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)" \
https://yoursite.com/
A 200 response means GPTBot can access the page. A 403 means it is blocked.
Testing all major AI crawlers
Run these commands in sequence to test every important AI crawler:
# OAI-SearchBot (ChatGPT search)
curl -s -o /dev/null -w "%{http_code}" \
-A "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot)" \
https://yoursite.com/
# ChatGPT-User (link previews)
curl -s -o /dev/null -w "%{http_code}" \
-A "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ChatGPT-User/1.0; +https://openai.com/bot)" \
https://yoursite.com/
# PerplexityBot
curl -s -o /dev/null -w "%{http_code}" \
-A "Mozilla/5.0 (compatible; PerplexityBot/1.0; +https://perplexity.ai/perplexitybot)" \
https://yoursite.com/
# ClaudeBot (Anthropic)
curl -s -o /dev/null -w "%{http_code}" \
-A "Mozilla/5.0 (compatible; ClaudeBot/1.0; +https://www.anthropic.com/claude-bot)" \
https://yoursite.com/
# Applebot-Extended (Apple Intelligence)
curl -s -o /dev/null -w "%{http_code}" \
-A "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Applebot-Extended" \
https://yoursite.com/
Interpreting results
| Status Code | Meaning | Action Required | |---|---|---| | 200 | Access granted | None — crawler can read your content | | 301/302 | Redirect | Follow the redirect chain — the final destination must return 200 | | 403 | Forbidden | Check WAF, CDN, or server-level blocking | | 429 | Rate limited | Adjust rate limiting thresholds for known AI bots | | 503 | Service unavailable | Often a CAPTCHA challenge — check bot protection settings |
Getting the full response
To see what content the crawler actually receives (not just the status code), remove the output-suppression flags:
curl -A "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)" \
https://yoursite.com/ | head -100
If the response contains a CAPTCHA page, a "Please verify you are human" message, or an empty body, the crawler is effectively blocked even if the status code is 200.
Analyzing Server Access Logs
While curl tests simulate crawler behavior, server log analysis shows you what real AI crawlers experience when they visit your site. This is the most reliable verification method because it reflects actual production conditions.
Finding AI crawlers in your logs
Search your access logs for known AI bot user agent strings:
# Search for all AI crawler activity
grep -E "(GPTBot|OAI-SearchBot|ChatGPT-User|PerplexityBot|ClaudeBot|Bytespider|Applebot-Extended)" \
/var/log/nginx/access.log
What to look for
A healthy log entry for an AI crawler looks like this:
66.249.64.100 - - [22/Mar/2026:10:15:33 +0000] "GET /blog/ai-seo-guide HTTP/1.1" 200 45230 "-" "Mozilla/5.0 (compatible; PerplexityBot/1.0; +https://perplexity.ai/perplexitybot)"
The critical fields are the HTTP method (GET), the path being requested, and the status code (200). If you see 403 or 503 status codes for AI crawler requests, something in your stack is blocking them.
Frequency analysis
Check how often AI crawlers visit and which pages they request most:
# Count requests per AI crawler
grep -oE "(GPTBot|OAI-SearchBot|ChatGPT-User|PerplexityBot|ClaudeBot)" \
/var/log/nginx/access.log | sort | uniq -c | sort -rn
# Check status codes for AI crawlers
grep "GPTBot" /var/log/nginx/access.log | \
awk '{print $9}' | sort | uniq -c | sort -rn
If a particular AI crawler never appears in your logs, it either has not discovered your site yet or it is being blocked before the request reaches your web server — typically at the CDN or network level.
Online Testing Tools
Not everyone has command-line access or server log access. Several online tools can verify AI crawler access without technical expertise.
AImetrico free scanner
The fastest option for a comprehensive check. Enter your URL and AImetrico tests access for all major AI crawlers simultaneously, reporting which bots can reach your content and which are blocked. Results include specific recommendations for fixing any issues found.
Google Search Console robots.txt Tester
While designed for Googlebot, you can use it to validate your robots.txt syntax and test whether specific user agents are allowed or disallowed for particular URLs. Navigate to Search Console, select your property, and look for the robots.txt Tester under the legacy tools section.
Robots.txt validators
Tools like technicalseo.com's robots.txt validator let you paste your robots.txt content and test any user agent string against any URL path. This confirms your robots.txt logic is correct — though it does not test CDN, WAF, or server-level blocking.
Fetch-as-bot services
Several services (such as httpstatus.io or similar tools) let you specify a custom user agent and fetch a URL, returning the full response headers and body. This replicates the curl approach through a web interface.
Testing Each Infrastructure Layer
AI crawler access depends on multiple infrastructure layers working together. A failure at any single layer blocks the crawler entirely. Test each layer independently.
Layer 1: robots.txt
Fetch your robots.txt directly and check the rules for each AI bot:
curl https://yoursite.com/robots.txt
Look for User-agent: GPTBot (and other AI bots) followed by Allow: / or specific path allowances. If you see Disallow: /, that bot is blocked at this layer. For detailed robots.txt configuration, see our robots.txt for AI crawlers guide.
Layer 2: CDN and edge network
If you use Cloudflare, Fastly, Vercel, or another CDN, the edge network processes requests before they reach your server. CDN bot management features can block, challenge, or rate-limit AI crawlers silently. Test by comparing responses from your CDN URL versus your origin server IP directly.
Layer 3: WAF (Web Application Firewall)
WAF rules designed to block malicious bots often catch AI crawlers as collateral damage. Check your WAF dashboard for blocked requests from AI bot user agents. Look for rules that block based on behavior patterns (rapid sequential requests, non-browser headers) rather than specific user agents.
Layer 4: Server configuration
Your web server (Nginx, Apache, IIS) may have its own access rules. Check for IP-based blocking, user-agent filtering, or geographic restrictions in your server configuration files.
Layer 5: Application layer
CMS plugins (especially WordPress security plugins like Wordfence or Sucuri) can block bots at the application level. Check your security plugin settings for bot-blocking rules.
Automated Monitoring Setup
Manual verification catches issues at a point in time. Automated monitoring catches regressions as they happen.
Simple cron-based monitoring
Create a bash script that tests AI crawler access daily and alerts you when something breaks:
#!/bin/bash
SITE="https://yoursite.com"
BOTS=("GPTBot/1.2" "PerplexityBot/1.0" "ClaudeBot/1.0" "OAI-SearchBot/1.0")
for BOT in "${BOTS[@]}"; do
STATUS=$(curl -s -o /dev/null -w "%{http_code}" -A "$BOT" "$SITE")
if [ "$STATUS" != "200" ]; then
echo "ALERT: $BOT received $STATUS from $SITE" | \
mail -s "AI Crawler Blocked" admin@yoursite.com
fi
done
Schedule this with cron to run daily or weekly. Any status code other than 200 triggers an email alert.
When to re-verify immediately
Run a full verification check after any of these events:
- CDN configuration changes
- WAF rule updates
- Server migration or hosting changes
- Security plugin installation or updates
- SSL certificate renewal
- DNS changes
- WordPress or CMS core updates
Common Problems and Fixes
Problem: curl returns 200 but AI still does not cite my content
The content the crawler receives may be different from what humans see. JavaScript-rendered content, lazy-loaded sections, or cookie consent banners that cover the main content can all cause issues. Use curl -A "GPTBot/1.2" https://yoursite.com/ | head -200 to see exactly what the crawler receives.
Problem: robots.txt allows the bot but server returns 403
Your WAF or CDN is overriding robots.txt. Check Cloudflare's bot management, your hosting provider's security settings, and any server-level user-agent filtering rules.
Problem: AI crawlers appear in logs but with 503 errors
This typically means a CAPTCHA challenge is being served. Check your bot protection settings and create exceptions for known AI search bots. See our guide on WAF and bot protection for AI.
Problem: some AI crawlers work but others do not
Each bot has a different user agent string, IP range, and request pattern. A CDN rule might allow GPTBot but block PerplexityBot. Test each crawler individually and check your allow/block rules for all AI bots listed in the AI crawler bots directory.
Verification Checklist
Use this checklist every time you verify AI crawler access:
- robots.txt check — Fetch robots.txt and confirm all search-oriented AI bots are allowed
- curl test per bot — Test GPTBot, OAI-SearchBot, ChatGPT-User, PerplexityBot, ClaudeBot, and Applebot-Extended individually
- Response body inspection — Confirm the response contains your actual page content, not a CAPTCHA or blank page
- Log analysis — Check server logs for real AI crawler visits and their status codes
- CDN dashboard — Review CDN analytics for blocked or challenged bot requests
- WAF review — Check WAF logs for false positives against AI crawler user agents
- Multiple pages — Test your homepage, a blog post, a product page, and your sitemap
- Header inspection — Verify no X-Robots-Tag headers are sending noindex directives to AI bots
Frequently Asked Questions
How do I test if GPTBot can access my website?
Use curl with GPTBot's user agent string: curl -s -o /dev/null -w "%{http_code}" -A "GPTBot/1.2" https://yoursite.com. A 200 status code means access is working. A 403 or 503 means something is blocking the bot. Check your robots.txt first, then your CDN and WAF settings. For a non-technical option, use AImetrico's free scanner.
What tools can verify AI crawler access without using the command line?
AImetrico's free scanner checks all major AI crawlers in 60 seconds. Google's robots.txt Tester in Search Console validates syntax. Technicalseo.com's robots.txt validator tests specific user agents. These tools require no command-line knowledge and give clear pass/fail results.
Why does my robots.txt allow GPTBot but the bot still cannot access my site?
Robots.txt is only one layer of access control. Your CDN (Cloudflare, Fastly), WAF, server-level IP blocks, geographic restrictions, CAPTCHA challenges, or rate limiting can all block AI crawlers even when robots.txt explicitly allows them. Test each layer independently using the methods described in this guide.
How often should I verify AI crawler access?
Run a full verification at least once a month, and immediately after any infrastructure changes — CDN updates, WAF rule modifications, server migrations, or security plugin updates. Automated monitoring with weekly checks is ideal for catching regressions.
Can I check server logs to see if AI crawlers are visiting my site?
Yes. Search your access logs for user agent strings containing GPTBot, OAI-SearchBot, ChatGPT-User, PerplexityBot, ClaudeBot, or Bytespider. Check the HTTP status codes returned. 200 means successful access, while 403 or 503 indicates blocking. Log analysis is the most reliable verification method.
What HTTP status codes indicate AI crawler blocking?
A 403 Forbidden means your server or WAF is actively blocking the crawler. A 503 Service Unavailable often indicates a CAPTCHA challenge. A 429 Too Many Requests means rate limiting. Only a 200 OK (or redirects that resolve to 200) confirms successful access.
Verify all AI crawlers in one click
AImetrico tests GPTBot, PerplexityBot, ClaudeBot, and 10+ more crawlers against your site. Free, instant, no signup.
Trusted by 2,400+ websites