ChatGPT-User, robots.txt, and User-Requested Fetches
ChatGPT-User identifies certain web requests initiated by a person using ChatGPT, a Custom GPT, or an external action. It is not OpenAI’s automatic search or training crawler. OpenAI notes that robots.txt rules may not apply to these user-triggered requests, so private content requires real access controls.
Copy-paste robots.txt example
User-agent: ChatGPT-User
Disallow: /
ChatGPT-User is not a conventional crawler
ChatGPT-User is an OpenAI user-agent used for certain actions initiated by a ChatGPT user. A person may ask ChatGPT or a Custom GPT to open a page, retrieve information, or interact with an external application. The resulting request can identify itself as ChatGPT-User.
This behavior differs from a bot that continuously explores the public web. OpenAI explicitly says ChatGPT-User is not used for automatic web crawling. It is also not the control that determines whether pages are eligible for ChatGPT search.
Why robots.txt may not be decisive
Robots.txt was designed primarily for automated crawlers. Because ChatGPT-User requests are triggered by a person, OpenAI states that robots.txt rules may not apply. You can publish a ChatGPT-User group to express a preference, but it should not be treated as a guaranteed access-control barrier.
The sample rule on this page shows the explicit token a site owner might use. Its practical effect can differ from an automatic crawler block, so test the behavior that matters to your site and avoid claims that the rule makes private data inaccessible.
Use the correct OpenAI control
OAI-SearchBot: manages automatic crawling for ChatGPT search visibility.
GPTBot: manages crawling of content that may be used for foundation-model training.
ChatGPT-User: identifies certain user-requested visits and actions.
Blocking ChatGPT-User does not substitute for blocking GPTBot, and it does not opt a page out of ChatGPT search. Those decisions belong in their own user-agent groups.
How to protect content that must stay private
Use authentication, authorization, expiring links, server-side permission checks, and appropriate API security for non-public resources. Do not expose secrets in HTML or rely on a disallow rule to hide a URL. The robots.txt file is public, and a user-directed request can involve behavior outside the assumptions of ordinary crawl management.
For paid content, account dashboards, internal tools, and personal data, the server should deny unauthorized requests regardless of the reported user-agent. User-agent strings can be spoofed, so they are useful for classification and logging, not identity by themselves.
Practical policy and verification
Decide whether user-requested AI access is useful for the page.
Publish a ChatGPT-User rule only as one part of that policy.
Set OAI-SearchBot and GPTBot independently.
Check server logs for the full user-agent and compare source addresses with OpenAI’s current published ranges when verification is necessary.
Test sensitive endpoints as an unauthenticated visitor; they must remain protected even when the user-agent is changed.
Is ChatGPT-User used to crawl the web automatically?
No. OpenAI describes ChatGPT-User as a user-agent for certain actions initiated by ChatGPT users, Custom GPTs, or external actions rather than an automatic web crawler.
Will robots.txt always block ChatGPT-User?
No guarantee is stated. OpenAI notes that robots.txt rules may not apply because the requests are initiated by a user. Use server-side access control for anything private.
Does blocking ChatGPT-User remove a site from ChatGPT search?
No. OAI-SearchBot is the robots.txt control for ChatGPT search crawling and search opt-outs.
Does ChatGPT-User control AI training permission?
No. GPTBot is the separate OpenAI crawler used for content that may contribute to foundation-model training.
Can I trust the ChatGPT-User string as proof that a request is from OpenAI?
Not by itself. User-agent strings can be spoofed. Compare the source with OpenAI’s current published IP ranges when authenticity matters.
We use essential storage for security and core features. With your permission, we may also use analytics and advertising technologies. Rejecting optional technologies does not block access to the site.
Non-essential categories are off unless you choose to enable them. You can return to these settings at any time from the footer.
Global Privacy Control is active.Your browser has requested an opt-out from sale, sharing, and targeted advertising. Advertising remains disabled.
Strictly necessary
Supports security, server sessions, form protection, administrator sign-in, and remembering your privacy choice.
Analytics
Allows Google Analytics to measure visits and interactions so the site can be improved. It is not loaded before permission.
Advertising and cross-site measurement
Allows advertising technologies when they are configured. This may involve ad delivery, fraud prevention, measurement, personalization, or cross-context advertising.
Your choice is stored for 180 days using a first-party preference cookie. A material policy change can ask you to choose again.