GPTBot is OpenAI’s automated crawler for content that may be used to improve and train generative AI foundation models. To opt a site out of future GPTBot crawling, add a specific GPTBot group to robots.txt. This setting is separate from OAI-SearchBot and ChatGPT-User.
Copy-paste robots.txt example
User-agent: GPTBot
Disallow: /
What GPTBot is used for
GPTBot is OpenAI’s automated web crawler for content that may contribute to the development, usefulness, and safety of generative AI foundation models. OpenAI documents GPTBot separately from its search crawler and user-triggered agent, which means site owners can set a training preference without automatically removing the site from ChatGPT search.
The important distinction is purpose: GPTBot is the training-oriented crawler. OAI-SearchBot is used for ChatGPT search visibility, while ChatGPT-User may fetch a page after a person asks ChatGPT or a Custom GPT to access it.
How to block GPTBot in robots.txt
To disallow GPTBot across the entire host, publish the rule shown in the example on this page. The file must be available at the root of that exact host, such as https://example.com/robots.txt. If the same business uses separate subdomains, each subdomain can have its own robots.txt policy.
You can also disallow selected paths instead of the whole site. For example, a publisher might allow public articles while disallowing an archive or member area. However, robots.txt is a public crawling instruction, not a privacy control. Sensitive pages still need authentication and appropriate server-side protection.
Blocking GPTBot does not block ChatGPT search
OpenAI states that GPTBot and OAI-SearchBot are independent controls. A common publisher policy is therefore to block GPTBot while allowing OAI-SearchBot. That combination expresses two different choices: do not use future crawled content for foundation-model training, but continue allowing the site to be discovered and cited in ChatGPT search features.
Do not use a broad User-agent: * block unless you actually intend to affect regular search engines and every other compliant crawler. A crawler-specific group is safer when your goal concerns GPTBot alone.
Review the complete file before publishing
Merge the GPTBot group with any existing search-engine, sitemap, or platform rules.
Confirm that the file remains valid plain text and is served with an HTTP 200 response.
Open the live robots.txt URL in a browser after deployment.
Test both GPTBot and OAI-SearchBot separately with the robots.txt checker.
Use server logs and OpenAI’s published IP ranges when you need to verify that a request claiming to be GPTBot is authentic.
What the rule can and cannot do
Disallowing GPTBot signals that material from the blocked host or path should not be used in future foundation-model training crawls. It does not remove information already published elsewhere, delete existing model knowledge, prevent people from copying a page, or secure a private resource. For those goals, use access control, contractual measures, and content-removal procedures in addition to robots.txt.
Does blocking GPTBot also remove my site from ChatGPT search?
No. GPTBot and OAI-SearchBot are separate controls. You can block GPTBot for training purposes while allowing OAI-SearchBot for ChatGPT search visibility.
Does a GPTBot block delete content already learned by a model?
No. A robots.txt rule controls future compliant crawling. It is not a retroactive deletion request and does not remove copies held by other websites or services.
Can I block GPTBot only from selected folders?
Yes. Use path-specific Disallow rules under the GPTBot group. Private or sensitive folders must still be protected with authentication because robots.txt is publicly readable.
Should I block GPTBot with User-agent: *?
Usually not when GPTBot is your only concern. A wildcard block may also affect search engines and other compliant crawlers. Use the specific GPTBot token for a targeted policy.
How can I verify a request that claims to be GPTBot?
Check the request against OpenAI’s current published IP ranges and review the user-agent in your server logs. A user-agent string by itself can be spoofed.
We use essential storage for security and core features. With your permission, we may also use analytics and advertising technologies. Rejecting optional technologies does not block access to the site.
Non-essential categories are off unless you choose to enable them. You can return to these settings at any time from the footer.
Global Privacy Control is active.Your browser has requested an opt-out from sale, sharing, and targeted advertising. Advertising remains disabled.
Strictly necessary
Supports security, server sessions, form protection, administrator sign-in, and remembering your privacy choice.
Analytics
Allows Google Analytics to measure visits and interactions so the site can be improved. It is not loaded before permission.
Advertising and cross-site measurement
Allows advertising technologies when they are configured. This may involve ad delivery, fraud prevention, measurement, personalization, or cross-context advertising.
Your choice is stored for 180 days using a first-party preference cookie. A material policy change can ask you to choose again.