Industry

Cloudflare and Browser Makers Announce PACT Bot-Verification Protocol

RSS
Human visitors and an authorised agent presenting glowing anonymous tokens to pass through a verified gateway, while a shield blocks a crowd of unverified bots.
PACT issues anonymous tokens that prove a human, or an agent acting for one, is behind a request, separating them from abusive automated traffic without tracking. Illustration: AI-generated.

On 22 June 2026 Cloudflare announced it is working with the makers of the three major browsers, Google Chrome, Microsoft Edge and Mozilla Firefox, alongside Shopify, to develop and standardise a protocol called PACT (Private Access Control Tokens). The stated goal is to give websites a privacy-preserving way to tell legitimate human visitors and authorised agents apart from abusive automated traffic, without relying on CAPTCHAs, forced logins or fingerprinting.

The announcement frames the problem in terms of the changing composition of web traffic. Cloudflare Radar data cited alongside the launch puts automated systems at roughly 58 percent of HTTP requests to web content worldwide, against 42 percent from people. As AI agents begin to carry out tasks like shopping and research on a user’s behalf, the line between a wanted automated visitor and an unwanted one becomes harder to draw with the tools sites currently use.

How does PACT work?

PACT lets a website that already has strong knowledge of a visitor’s identity, for example a site where the user is logged in, issue an anonymous token. The user’s browser stores that token and can present it to other websites as proof that a real person is behind the session, or that an agent is acting on a real person’s behalf. The receiving site gets a high-integrity signal that a human is in the loop without learning who that person is.

By design, the token carries no personal information and cannot be used to track a user or reconstruct their browsing history across sites. Cloudflare’s framing is that this moves trust signals away from the friction-heavy and privacy-invasive methods sites lean on today: CAPTCHAs, mandatory account creation, and device fingerprinting.

The approach is not built from scratch. PACT extends Privacy Pass, the architecture the IETF published as RFC 9576. Apple already ships a related implementation that uses a device’s secure enclave to attest to a user’s identity, and Cloudflare already uses Privacy Pass as one signal in its bot-management products. PACT’s contribution is broader browser support across Chrome, Edge and Firefox, and an explicit focus on the agentic AI traffic that has reshaped the web over the past year.

What PACT is not

It is worth being precise about scope, because early coverage has described PACT as “AI bot gatekeeping” and that framing is only half right.

PACT is a personhood and authorisation signal. It answers the question “is a real person, or an agent authorised by one, behind this request?” It is not a crawler-identity standard. It does not replace the user-agent strings and reverse-DNS verification that site owners use to confirm that a request claiming to be GPTBot or Googlebot really is. Those remain the mechanism for verifying indexing and training crawlers. PACT sits alongside separate industry work on signed agents and bot authentication, such as the Web Bot Auth effort using HTTP Message Signatures, rather than superseding it.

It also does not stop tracking on its own. The tokens themselves are private, but the existing infrastructure for identifying users through IP addresses, fingerprinting and other browser signals stays in place. PACT removes a reason to use some of those methods; it does not remove the methods.

An open question on who issues trust

The announcement leaves the most consequential detail unspecified: who issues the personhood tokens. If the answer is large platforms and infrastructure providers, then the ability to vouch for “real” traffic concentrates among a small number of intermediaries. For a protocol whose purpose is deciding which visitors a site trusts, that is not a minor implementation detail. It determines whether PACT distributes trust or centralises it. This is worth watching as the specification develops.

Current state and timeline

PACT is in development. The partners have committed to building it and submitting it for standardisation, but there is no deployment timeline, and protocols that need to work across billions of browser sessions have historically taken years to ship. Earlier groundwork was submitted to a W3C anti-fraud community group in late 2025; ratified, widely implemented standardisation is a long road from there.

What this means for SEO

For now, nothing changes operationally. There is no PACT setting to configure, no token to issue, and no ranking or crawling behaviour tied to it. This is an announcement of intent from a credible group of backers, not a shipping feature.

The direction is the part worth noting. The web’s access model is slowly being rebuilt around a question that traditional SEO never had to answer: not just “can this client crawl the page?” but “should this client be trusted to act here, and on whose behalf?” That distinction matters most for commerce, booking and SaaS sites where agents will increasingly transact, and least for editorial and content sites whose main concern remains being readable by crawlers and citable by AI answer engines.

There is a measurement angle worth tracking too. Distinguishing human visits from agent and bot activity is already an unsolved problem: agent-driven sessions distort engagement metrics, and AI referrals frequently arrive with no source data, collapsing into (direct)/(none) and adding to dark traffic and attribution loss. As covered under agentic search, analytics tools cannot yet see agents at all, part of the wider shift towards zero-click measurement where visibility increasingly happens without a tracked visit. A reliable request-level signal for whether a real person, or an authorised agent, is behind a request is exactly the kind of primitive that could eventually feed cleaner segmentation, separating automated activity from genuine human engagement at the source rather than after the fact. PACT is anonymous by design, so any such use would be coarse and is not on the table today, but the direction is one for analytics teams to watch.

If PACT or something like it becomes default infrastructure at the browser and CDN level, the practical effect for most publishers is that it is handled for them, the same pattern emerging across agent-readiness more broadly. The signals SEOs control stay the same: accurate entity data, clear structure, direct answers, and content that crawlers and agents can interpret without ambiguity. How those clients prove they are allowed to be there is becoming someone else’s layer of the stack.

Sources

More news