IP validation
The IP validation method aims to identify all of the IP addresses that a bot may use to send requests.
Cloudflare can achieve this in two ways:
- Using IP list provided by the bot owner: The bot owner can host a public list of IP ranges (for example, Googlebot's list ↗). Cloudflare fetches and uses this list directly for validation.
- Using Domain-based reverse DNS: The bot owner can provide a domain (or set of domains) that their bot requests originate from. Cloudflare collects the IP addresses observed in the requests with the bot's user agent, and performs reverse DNS lookups. If the reverse DNS of an IP resolves to one of the provided domains, Cloudflare considers it valid and stores it.
To verify a bot using a public IP list, you need to provide:
- A fixed and limited set of IP addresses, which can be verified via publicly accessible plain-text,
JSON, orCSV. - IP addresses used solely by the bot owner.
- A user-agent match pattern.
To verify a bot using reverse DNS, you need to provide:
- A list of domain suffixes to validate DNS records.
- IP addresses should have PTR records set correctly.
- A user-agent match pattern.
User-agent patterns that match generic user-agents will be rejected by the Verified Bots API. When you add a user-agent pattern that is considered very common to the Verified Bot form, you may encounter an error message that will prompt you to correct the user-agent before you can submit again.
Generic user-agents include:
DartGo-http-clientGuzzleHttpGoogle ChromeMozilla FirefoxSafariNessusWebsocket++cloudflare-gofasthttpgotnginx-ssl early hintsnodenode-fetchokhttppython-requestsuTorrent
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark