Message Signatures Are Now Part Of Our Verified Bots Program, Simplifying Bot Authentication
Cloudflare, July 1,2025
As a site owner, how do you know which bots to allow on your site, and which you'd like to block?
Existing identification methods rely on a combination of IP address range (which may be shared by other services, or change over time) and user-agent header (easily spoofable). These have limitations and deficiencies. In our last blog post, we proposed using HTTP Message Signatures: a way for developers of bots, agents, and crawlers to clearly identify themselves by cryptographically signing requests originating from their service.