What is Web Bot Auth?

Web Bot Auth is a method for a bot or AI agent to cryptographically prove its identity on every request, instead of relying on an easily-spoofed user-agent string or a published IP range. It builds on HTTP Message Signatures (RFC 9421): the agent signs each outgoing request with an Ed25519 private key, publishes its public key as a JWKS at a /.well-known/http-message-signatures-directory URL, and includes a Signature-Agent header naming the signing domain. A site (or its CDN) can then verify the signature and know, with cryptographic certainty, which agent is calling.

Who is behind Web Bot Auth and is it a real standard?

It started as a Cloudflare proposal but has moved well beyond one vendor. The IETF chartered a WebBotAuth working group in early 2026 to develop it as an internet standard, with a standards-track spec milestone in April 2026 and a best-current-practice document targeted for August 2026. Amazon, Cloudflare, Akamai and OpenAI are all pushing the same standard, and Amazon Bedrock AgentCore Browser can automatically sign requests with it. The core architecture draft (draft-meunier-web-bot-auth-architecture) is active.

How is this different from robots.txt or IP allowlists?

robots.txt is a request a bot can ignore, and IP allowlists are brittle — ranges change, and anyone on that range can impersonate the bot. Web Bot Auth flips the model: instead of 'we think this IP belongs to GPTBot,' the agent proves 'I am this agent' with a signature only it can produce. Per-request signing also guards against replay attacks. It's identity by cryptography, not by reputation or guesswork — which is why Cloudflare is folding it into its Verified Bots program.

Is everyone signing their crawlers yet?

No — adoption is early and uneven. As of May 2026, Google's main Googlebot indexing crawler is NOT signing requests; only Google's AI-browsing Google-Agent signs. Cloudflare's verification is rolling out (available on Free and Pro plans, expanding to Business and Enterprise). So in practice you'll see a mix for a while: some agents signed and verifiable, most legacy crawlers still identified the old way. Treat Web Bot Auth as the emerging direction, not the current default.

How does this connect to AI agents and MCP?

Web Bot Auth is part of a wider 2026 push to give AI agents real identity. Complementary IETF drafts cover AI-agent authentication and authorization (some reusing OAuth and WIMSE), and an Agent Identity Protocol (AIP) aimed at the Model Context Protocol layer. As agents act on the web at scale, sites increasingly want to know which agent is calling and on whose behalf — so signing and agent-identity standards are converging with the agentic-scraping stack we cover separately.

All systems operational•IP pool status

Dashboard Login/Signup Purchase Guide All Proxies

Web Scraping & AI · Standards · May 2026 · 11-min read

Web Bot Auth in 2026: How Cryptographically Signed AI Agents Change the Closing Web

Q: Does Web Bot Auth make mobile proxies obsolete for data collection?

No — they solve different problems. Web Bot Auth is for declared bots that WANT to be recognized as bots so a site can allow or charge them (think an AI company's official crawler). It's an identity badge for automated traffic. Collecting publicly accessible data as a normal browser on a real residential/mobile IP is the opposite use case: presenting as an ordinary visitor, not a declared bot. Two legitimate futures are emerging in parallel — verifiable declared agents, and real-visitor collection — and most public-data work lives in the second.

The web spent two years learning to block AI bots. Now there's a counter-movement: let the good ones prove who they are. Web Bot Auth has bots sign every request with a cryptographic key — no more spoofable user-agents or brittle IP allowlists. Here's the researched, no-hype guide to verifiable agents, who's adopting it, and what it does and doesn't solve.

Coronium Technical Team

Published May 29, 2026

Verified 2026-05-29

RFC 9421

HTTP Message Signatures

Ed25519

per-request signing key

IETF WG

chartered early 2026

4 backers

Cloudflare · Amazon · Akamai · OpenAI

TL;DR

Web Bot Auth lets a bot cryptographically prove its identity per request via HTTP Message Signatures (RFC 9421) — an Ed25519 key, a Signature-Agent header, and a published JWKS directory. It replaces spoofable user-agents and brittle IP allowlists with provable identity. Backed by Cloudflare, Amazon, Akamai, OpenAI; an IETF working group was chartered in 2026. Adoption is early (Googlebot indexing isn't signing yet; only Google's AI-browsing agent is). It's for declared bots that want to be recognized — the opposite of real-visitor collection on mobile IPs. Both futures are real.

On this page

What it is
How it works
Who's adopting it
What it doesn't solve
How it fits
FAQ

From "guess the bot" to "prove the bot"

For decades, "is this Googlebot?" was answered by checking a user-agent string (trivially spoofed) and a published IP range (brittle, and anyone on that range can impersonate it). As AI agents multiplied and the web started blocking and charging them, that guesswork became a real problem: how does a site allow the legitimate agents while blocking the rest?

Web Bot Auth answers with cryptography. Instead of inferring identity from network signals, the agent proves it by signing each request with a private key only it holds. The site verifies the signature against the agent's published public key. No spoofing, no IP-range maintenance — provable identity.

How it works: RFC 9421 in three moves

1. The agent holds an Ed25519 key

Each agent generates a unique Ed25519 private key and signs every outgoing request with it. Per-request signing guards against replay attacks — a captured request can't be re-used to impersonate the agent.

2. It signs via HTTP Message Signatures (RFC 9421)

The request carries a signature plus a Signature-Agent header naming the signing domain — the standardized way to attach a verifiable identity to an HTTP request.

3. The site verifies against a published key directory

The agent publishes its public keys as a JWKS at /.well-known/http-message-signatures-directory. The site (or its CDN) fetches the key and verifies the signature — confirming exactly which agent is calling.

GET /article HTTP/1.1
Host: example.com
Signature-Agent: "https://crawler.example-ai.com"
Signature-Input: sig1=("@authority" "signature-agent");keyid="..."
Signature: sig1=:MEUCIQ...base64...:

# The site fetches the agent's JWKS from
#   https://crawler.example-ai.com/.well-known/http-message-signatures-directory
# verifies the Ed25519 signature, and KNOWS this is that agent.

Who's adopting it — and how far along

IETF working group chartered in early 2026; standards-track spec milestone April 2026, best-current-practice doc targeted August 2026 (core architecture: draft-meunier-web-bot-auth-architecture).
Cloudflare, Amazon, Akamai, OpenAI are pushing the same standard. Cloudflare folds it into its Verified Bots program; verification is live on Free/Pro and expanding to Business/Enterprise.
Amazon Bedrock AgentCore Browser can automatically sign requests with Web Bot Auth, reducing CAPTCHA friction for verified agents.
Uneven so far: as of May 2026 Google's main Googlebot indexing crawler is not signing — only Google's AI-browsing Google-Agent is. Expect a mixed landscape for a while.

What it doesn't solve

Web Bot Auth is an identity layer, not an access policy. It proves who is calling — it doesn't decide whether they're allowed, and it doesn't change the economics:

A verified identity can still be blocked or charged — Web Bot Auth makes Pay-Per-Crawl cleaner, not optional.
It only helps bots that want to be identified as bots. It does nothing for — and isn't meant for — collecting public data as an ordinary visitor.
Adoption is early; relying on "verified-only" today would block most legitimate legacy crawlers that don't sign yet.

Two futures, in parallel

The clearest way to read Web Bot Auth: the web is splitting data access into two legitimate lanes.

Declared, verified agents

An AI company's official crawler signs with Web Bot Auth so sites can recognize, allow, or bill it. Identity by cryptography. This is the lane Web Bot Auth serves.

Real-visitor collection

Collecting publicly accessible data as a normal browser on a real residential/mobile IP — not a declared bot. Most public-data work lives here.

These aren't in conflict — they serve different needs. Web Bot Auth is converging with the broader agent-identity work (AI-agent authentication drafts, an Agent Identity Protocol for MCP). Meanwhile, legitimate public-data collection on real IPs continues exactly as covered in is web scraping legal in 2026.

FAQ

Related resources

The Closing Web in 2026 (pillar)

AI crawler blocking, Pay-Per-Crawl, and the data wars in full.

Scraping in the Agentic Era (MCP)

How AI agents collect web data and why the IP layer decides.

robots.txt vs llms.txt vs ai.txt

The other access-control signals, and why the WAF enforces.

Is web scraping legal in 2026?

hiQ, Meta v Bright Data, Reddit v Perplexity & DMCA §1201.

AI Crawler Checker (free tool)

See which AI bots a domain allows or blocks in its robots.txt.

Dedicated mobile proxies

Real carrier IPs for real-visitor public-data collection.

Verified agents are one lane — real visitors are the other

When your work is collecting public data as an ordinary visitor, real 4G/5G carrier IPs across 20+ countries are how you do it.