GPTBot robots.txt Rules for AI Training Control

GPTBot is OpenAI’s automated crawler for content that may be used to improve and train generative AI foundation models. To opt a site out of future GPTBot crawling, add a specific GPTBot group to robots.txt. This setting is separate from OAI-SearchBot and ChatGPT-User.

Website blocking an AI training crawler while keeping a separate search discovery route open

Copy-paste robots.txt example

User-agent: GPTBot
Disallow: /

What GPTBot is used for

GPTBot is OpenAI’s automated web crawler for content that may contribute to the development, usefulness, and safety of generative AI foundation models. OpenAI documents GPTBot separately from its search crawler and user-triggered agent, which means site owners can set a training preference without automatically removing the site from ChatGPT search.

The important distinction is purpose: GPTBot is the training-oriented crawler. OAI-SearchBot is used for ChatGPT search visibility, while ChatGPT-User may fetch a page after a person asks ChatGPT or a Custom GPT to access it.

How to block GPTBot in robots.txt

To disallow GPTBot across the entire host, publish the rule shown in the example on this page. The file must be available at the root of that exact host, such as https://example.com/robots.txt. If the same business uses separate subdomains, each subdomain can have its own robots.txt policy.

You can also disallow selected paths instead of the whole site. For example, a publisher might allow public articles while disallowing an archive or member area. However, robots.txt is a public crawling instruction, not a privacy control. Sensitive pages still need authentication and appropriate server-side protection.

Blocking GPTBot does not block ChatGPT search

OpenAI states that GPTBot and OAI-SearchBot are independent controls. A common publisher policy is therefore to block GPTBot while allowing OAI-SearchBot. That combination expresses two different choices: do not use future crawled content for foundation-model training, but continue allowing the site to be discovered and cited in ChatGPT search features.

Do not use a broad User-agent: * block unless you actually intend to affect regular search engines and every other compliant crawler. A crawler-specific group is safer when your goal concerns GPTBot alone.

Review the complete file before publishing

  1. Merge the GPTBot group with any existing search-engine, sitemap, or platform rules.
  2. Confirm that the file remains valid plain text and is served with an HTTP 200 response.
  3. Open the live robots.txt URL in a browser after deployment.
  4. Test both GPTBot and OAI-SearchBot separately with the robots.txt checker.
  5. Use server logs and OpenAI’s published IP ranges when you need to verify that a request claiming to be GPTBot is authentic.

What the rule can and cannot do

Disallowing GPTBot signals that material from the blocked host or path should not be used in future foundation-model training crawls. It does not remove information already published elsewhere, delete existing model knowledge, prevent people from copying a page, or secure a private resource. For those goals, use access control, contractual measures, and content-removal procedures in addition to robots.txt.

OpenAI’s current crawler definitions and published verification ranges are available in the official OpenAI crawler documentation.

FAQ

Does blocking GPTBot also remove my site from ChatGPT search?

No. GPTBot and OAI-SearchBot are separate controls. You can block GPTBot for training purposes while allowing OAI-SearchBot for ChatGPT search visibility.

Does a GPTBot block delete content already learned by a model?

No. A robots.txt rule controls future compliant crawling. It is not a retroactive deletion request and does not remove copies held by other websites or services.

Can I block GPTBot only from selected folders?

Yes. Use path-specific Disallow rules under the GPTBot group. Private or sensitive folders must still be protected with authentication because robots.txt is publicly readable.

Should I block GPTBot with User-agent: *?

Usually not when GPTBot is your only concern. A wildcard block may also affect search engines and other compliant crawlers. Use the specific GPTBot token for a targeted policy.

How can I verify a request that claims to be GPTBot?

Check the request against OpenAI’s current published IP ranges and review the user-agent in your server logs. A user-agent string by itself can be spoofed.

Related tools

Related pages