About PanacheBot

PanacheBot is the crawler used by Panache to run continuous monitoring checks on your website. It checks security headers, SSL certificates, uptime, SEO metadata, exposed files, and more.

User-Agent

PanacheBot/1.0 (+https://withpanache.dev/bot)

All requests from PanacheBot use this User-Agent string. You can use it to identify our bot in your server logs or firewall rules.

Identification header

X-Panache-Bot: <site-token>

Every request includes this header with a short token derived from the monitored site. This lets you verify the request comes from Panache and whitelist it specifically.

Cryptographic verification

Every request from PanacheBot is signed using RFC 9421 HTTP Message Signatures with Ed25519. This allows you to cryptographically verify that a request genuinely comes from Panache, not a spoofed User-Agent.

Public key available at /.well-known/http-message-signatures-directory

PanacheBot is listed on the bots.fyi

Request frequency

PanacheBot makes approximately 4 to 6 HTTP requests per site per check cycle. Check intervals range from 1 minute (uptime) to 24 hours (SEO, broken links). Requests are rate-limited to avoid overloading your server.

Whitelisting PanacheBot

If your site uses bot protection (Vercel Firewall, Cloudflare, etc.), PanacheBot may get blocked. Here's how to allow it through:

Vercel Firewall

Go to your project settings, then Security, then Firewall. Add a rule to skip bot protection when the header X-Panache-Bot is present.

Cloudflare WAF

In your Cloudflare dashboard, create a WAF custom rule to allow requests where the User-Agent contains PanacheBot.

Other providers

Whitelist requests matching User-Agent PanacheBot/1.0 or containing the X-Panache-Bot header.

Questions?

If you have questions about PanacheBot or need help whitelisting it, reach out at hello@withpanache.dev