How is this different from Google Analytics?

Google Analytics shows you traffic. Shadow shows you traffic, AI bot activity, what AI platforms say about your brand, AND tells you what to do about all of it. It's analytics + AI intelligence + action steps in one tool.

Do I need to install anything?

For basic monitoring (bot detection, AI perception, readiness score) — nope, just enter your URL. For full visitor analytics (clicks, behavior, sessions), add one script tag. One-click integrations for Vercel, Shopify, WordPress, and more.

Will it slow down my site?

No. The script is under 5KB and loads async. Zero impact on page speed or Core Web Vitals. External monitoring has literally no impact — it watches from the outside.

What AI bots does Shadow detect?

All of them. GPTBot, ClaudeBot, PerplexityBot, Google-Extended, Bytespider, Amazonbot, and dozens more. The Shadow Network means new bots get identified across all users instantly.

What do you mean by "actionable steps"?

Shadow doesn't just show you graphs. It says things like: "ChatGPT has your pricing wrong — add structured data to /pricing to fix it" or "Your bounce rate on /features is 68% — here's why and what to change." Specific, do-it-today recommendations.

Can Shadow block bots?

Shadow is a telescope, not a shield. It shows you who's visiting and what AI says about you. It generates block rules and robots.txt configs you can apply — but it doesn't intercept traffic.

Yes. Shadow never collects PII. IP addresses are hashed after classification. No cookies on your visitors. All Shadow Network data is anonymized. GDPR compliant by design.

How do I add a noai meta tag to Framer?

Open your Framer project → click the gear icon → Site Settings → General tab → scroll to Custom Code → paste in the Start of tag field. Click Save and re-publish. This adds the tag sitewide. No paid plan required for custom code on Framer.

Can I block AI bots on Framer without Cloudflare?

Yes — for bots that respect meta tags, the noai tag via Project Settings → Custom Code is enough. This covers most major AI training bots including GPTBot, ClaudeBot, and Google-Extended. The only bots you can't stop without Cloudflare are those that ignore robots.txt and meta tags entirely (like Bytespider). For full protection, Cloudflare WAF is the recommended addition.

Will blocking AI bots affect Framer SEO or Google ranking?

No. Blocking AI training bots (GPTBot, ClaudeBot, CCBot, Google-Extended, Bytespider) has zero effect on Googlebot or Bingbot. Your Framer site continues to rank normally in Google and Bing search. The only tradeoff is AI search visibility — blocking OAI-SearchBot removes you from ChatGPT Search; blocking PerplexityBot removes you from Perplexity results.

Does Framer's free plan support custom code injection?

Custom Code requires a Framer paid plan (Mini or higher). Free plan sites on framer.app subdomains do not support custom code injection. If you're on the free plan, the only available protection is Cloudflare WAF — but Cloudflare requires a custom domain. Upgrade to any Framer paid plan to unlock Custom Code.

How do I set up a custom robots.txt on Framer using Cloudflare Workers?

Proxy your Framer site through Cloudflare, then create a Cloudflare Worker that intercepts requests to /robots.txt and returns your custom content. In the Worker script, check if the request URL path is /robots.txt and return a custom Response with your AI bot Disallow rules. Attach the Worker to your domain via a Route rule matching yourdomain.com/robots.txt.

FramerNew9 min read

How to Block AI Bots on Framer

Framer doesn't have a built-in robots.txt editor — but you can still block AI crawlers with a noai meta tag via Custom Code (works on paid plans) and Cloudflare WAF. Here's everything, including the robots.txt workaround.

Framer limitation: no built-in robots.txt editor

Unlike WordPress, Webflow, or Wix, Framer serves a default robots.txt that you cannot edit through the dashboard. To serve custom Disallow rules, you'll need a Cloudflare Worker (covered in Method 3). The noai meta tag (Method 1) and Cloudflare WAF (Method 2) provide solid protection without it — start there.

Quick fix — paste into Framer Project Settings → Custom Code → Start of <head>

This tag tells AI training bots not to use your content. Requires a Framer paid plan.

<meta name="robots" content="noai, noimageai">

For full blocking including bots that ignore meta tags, add Cloudflare WAF (Method 2).

Method 1: noai Meta Tag via Custom Code (Paid Plans)

The fastest method. Adding a noai meta tag instructs AI training bots not to scrape or train on your content — and it works for all major training crawlers that follow the standard.

Framer Mini plan or higher required

1
Open your project in Framer.
2
Click the gear icon (⚙) in the top-right to open Site Settings.
3
Go to the General tab → scroll down to Custom Code.

In the Start of <head> tag field, paste:

<meta name="robots" content="noai, noimageai">

5
Click Save.
6
Publish your site — custom code changes require a new publish to take effect. Click Publish in the Framer toolbar.

Verify it worked: After publishing, visit your live site → right-click → View Page Source → search for noai. Confirm the meta tag appears inside the <head> section.

Per-page custom code: Framer also supports custom code per page. In the Pages panel, right-click a page → Page Settings → Custom Code → Start of <head>. Use this if you only want to protect specific pages. Site-wide protection via Site Settings is recommended.

Method 2: Cloudflare WAF (Strongest — Blocks at the Edge)

Routing your Framer site through Cloudflare and adding WAF rules blocks AI bots before they reach your site entirely. This is the most effective method for bots that ignore meta tags (like Bytespider) and works on all Framer plans including the Mini plan.

Setting up Cloudflare with Framer

1.Add your custom domain to Cloudflare (free plan). Change your domain's nameservers to Cloudflare at your registrar.
2.In Cloudflare DNS, add a CNAME record: www → your Framer subdomain (e.g. your-project.framer.app). Enable the orange cloud (proxied).
3.For the apex domain (@), add an A record with Framer's IP address, or set up a redirect from @ to www. Enable the orange cloud proxy.
4.Set Cloudflare SSL/TLS mode to Full. Framer provides its own SSL, so Flexible will cause certificate errors.
5.In Framer, go to Site Settings → Domain → verify your custom domain is still connected. Framer may need to re-verify after nameserver changes.

Add the WAF blocking rule

1Cloudflare → your domain → Security → WAF → Custom Rules → Create rule.
2Click Edit expression and paste:

(http.user_agent contains "GPTBot") or
(http.user_agent contains "ClaudeBot") or
(http.user_agent contains "anthropic-ai") or
(http.user_agent contains "Google-Extended") or
(http.user_agent contains "Bytespider") or
(http.user_agent contains "CCBot") or
(http.user_agent contains "PerplexityBot") or
(http.user_agent contains "meta-externalagent") or
(http.user_agent contains "DeepSeekBot") or
(http.user_agent contains "MistralBot") or
(http.user_agent contains "xAI-Bot") or
(http.user_agent contains "Diffbot") or
(http.user_agent contains "cohere-ai") or
(http.user_agent contains "AI2Bot") or
(http.user_agent contains "DuckAssistBot") or
(http.user_agent contains "omgilibot") or
(http.user_agent contains "webzio-extended") or
(http.user_agent contains "gemini-deep-research")

Set action to Block. AI bots receive 403 Forbidden — Framer never processes the request.

Method 3: Custom robots.txt via Cloudflare Worker

Since Framer doesn't support custom robots.txt natively, this Worker intercepts requests to /robots.txt and returns your custom rules instead of Framer's default. Requires Cloudflare (free plan works) and a custom domain.

When you need this: If you want well-behaved bots to find and respect a robots.txt Disallow — for example, so that GPTBot shows in server logs as "blocked by robots.txt" rather than just "blocked by WAF". In practice, WAF + noai meta tag is equally effective. This method is for completeness and robots.txt audit tools.

Create the Worker

1Cloudflare → Workers & Pages → Create Worker. Name it something like framer-robots-txt.
2Replace the default script with:

export default {
  async fetch(request) {
    const url = new URL(request.url);

    if (url.pathname === '/robots.txt') {
      const robotsTxt = `User-agent: *
Allow: /

User-agent: GPTBot
Disallow: /

User-agent: ChatGPT-User
Disallow: /

User-agent: OAI-SearchBot
Disallow: /

User-agent: ClaudeBot
Disallow: /

User-agent: anthropic-ai
Disallow: /

User-agent: Google-Extended
Disallow: /

User-agent: Bytespider
Disallow: /

User-agent: CCBot
Disallow: /

User-agent: PerplexityBot
Disallow: /

User-agent: meta-externalagent
Disallow: /

User-agent: Amazonbot
Disallow: /

User-agent: Applebot-Extended
Disallow: /

User-agent: xAI-Bot
Disallow: /

User-agent: DeepSeekBot
Disallow: /

User-agent: MistralBot
Disallow: /

User-agent: Diffbot
Disallow: /

User-agent: cohere-ai
Disallow: /

User-agent: AI2Bot
Disallow: /

User-agent: DuckAssistBot
Disallow: /

User-agent: omgilibot
Disallow: /

User-agent: webzio-extended
Disallow: /

User-agent: gemini-deep-research
Disallow: /

Sitemap: https://yourdomain.com/sitemap.xml`;

      return new Response(robotsTxt, {
        headers: {
          'Content-Type': 'text/plain',
          'Cache-Control': 'public, max-age=86400',
        },
      });
    }

    // Pass everything else through to Framer
    return fetch(request);
  },
};

3
Replace yourdomain.com in the Sitemap line with your actual domain. Click Save and Deploy.
4
Go to the Worker settings → Triggers → Routes → Add Route. Enter: yourdomain.com/robots.txt and select your domain's zone.

Verify: Visit https://yourdomain.com/robots.txt. You should see your custom rules. All other requests pass through to Framer normally.

All 25 AI Bots to Block

User agents for the robots.txt Worker and WAF rules:

GPTBot

ChatGPT-User

OAI-SearchBot

ClaudeBot

anthropic-ai

Google-Extended

Bytespider

CCBot

PerplexityBot

meta-externalagent

Amazonbot

Applebot-Extended

xAI-Bot

DeepSeekBot

MistralBot

Diffbot

cohere-ai

AI2Bot

Ai2Bot-Dolma

YouBot

DuckAssistBot

omgili

omgilibot

webzio-extended

gemini-deep-research

Will This Affect My Framer SEO?

Safe to block

✓ Google Search rankings unaffected
✓ Bing rankings unaffected
✓ Framer's auto-generated sitemap unaffected
✓ Google Image Search unaffected
✓ Framer Analytics unaffected

Consider before blocking

⚠ OAI-SearchBot → removes from ChatGPT Search
⚠ PerplexityBot → removes from Perplexity
⚠ DuckAssistBot → removes from Duck.ai
Most Framer portfolio and product sites get negligible traffic from AI search.

What Works on Each Framer Plan

Method	Free	Mini+	Custom Domain
noai meta tag (Custom Code)	✗	✓	—
Cloudflare WAF	Custom domain	Custom domain	✓
Custom robots.txt (Worker)	Custom domain	Custom domain	✓

Frequently Asked Questions

Does Framer have a robots.txt editor?↓

No. Framer serves a default robots.txt you can't edit in the dashboard. To serve a custom robots.txt with AI bot Disallow rules, use a Cloudflare Worker (Method 3) to intercept and rewrite the /robots.txt route. The noai meta tag (Method 1) and Cloudflare WAF (Method 2) are equally effective for actual bot blocking.

Framer says Custom Code is only for paid plans — can I block bots on the free plan?↓

If you have a custom domain on the free plan, you can proxy it through Cloudflare and use WAF rules — that blocks bots at the network layer without needing Custom Code. If you're on a framer.app subdomain with no custom domain, you don't have access to Cloudflare proxying either. In that case, upgrade to Mini (Framer's lowest paid tier) to unlock Custom Code.

Will blocking AI bots break Framer Analytics or SEO scoring?↓

No. Framer Analytics tracks human visitors via a JavaScript snippet, not bot crawls. Blocking AI bot user agents via Cloudflare WAF doesn't affect any Framer Analytics metrics. Framer's built-in SEO features (meta tags, sitemap auto-generation, canonical URLs) are completely unaffected.

My Framer site uses Framer CMS — do I need to do anything extra?↓

No — the same methods cover CMS-generated pages. The noai meta tag in Site Settings applies to all pages including CMS collection pages. The Cloudflare WAF rule applies to all requests to your domain, so CMS pages are covered automatically.

I changed the custom code but it's not showing up. What's wrong?↓

Framer requires a full publish to apply custom code changes — a preview refresh isn't enough. Click Publish in the Framer toolbar, wait a minute for CDN propagation, then hard-refresh your live site (Ctrl+Shift+R / Cmd+Shift+R) and check View Page Source.

Can I add per-page noai tags in Framer?↓

Yes. In the Framer Canvas, select a frame/page → Page Settings (right panel, gear icon or double-click the page root) → Custom Code → Start of <head>. This applies only to that page. For sitewide protection, use Site Settings → General → Custom Code instead — it's less work and ensures every page is covered.

Is your site protected from AI bots?

Run a free scan to check your robots.txt, meta tags, and overall AI readiness score.