Verifying Applebot
Applebot is the crawler behind Apple features such as Siri and Spotlight Suggestions. Because any client can copy its user-agent string, verifying a request claiming to be Applebot means confirming the source rather than trusting the token. Apple documents Applebot and identification guidance, and the standard reverse-DNS-then-forward-DNS technique applies.
What this means
Applebot is Apple's web crawler. Its content informs Apple products such as Siri and Spotlight Suggestions. Apple publishes documentation describing Applebot, the user-agent token it uses, and how operators can identify it.
Verification matters because the Applebot token can be copied by any client. A real Applebot request comes from Apple's infrastructure; a fake one only carries the string. Treat the user agent as a claim and confirm the source before granting it any special treatment.
How to verify
Use the same reverse-then-forward DNS technique that applies to Googlebot and Bingbot. Take the request's source IP, do a reverse DNS (PTR) lookup, confirm the hostname resolves to an Apple-controlled domain, then do a forward DNS lookup on that hostname and confirm it returns the original IP.
Apple also documents Applebot's identification details; follow Apple's guidance for the authoritative domain and any published address information. A request that fails the round-trip, or resolves outside Apple's space, is not genuine Applebot.
- User-agent token: Applebot (a claim, not proof)
- Reverse DNS → Apple host → forward DNS back to the same IP
- Cross-check against Apple's published Applebot guidance
How it appears in analytics and logs
A user agent containing the Applebot token is only a claim. A verified Applebot request resolves, by reverse DNS, to an Apple-controlled host that forward-resolves back to the same IP; anything else is likely a spoof and should be treated as suspicious bot traffic.
Diagnostic use case
Confirm that a request claiming to be Applebot is genuinely from Apple before allowing privileged behaviour or counting it as legitimate crawl coverage.
What WebmasterID can help detect
WebmasterID classifies Applebot server-side and flags requests that carry the token but fail source verification, so spoofed Applebot traffic does not pass as genuine Apple crawling on your bot-intelligence surface.
Common mistakes
- Trusting the Applebot user agent without any source verification.
- Forwarding only — skipping the reverse-then-forward round-trip that detects spoofs.
- Blocking Applebot by accident and reducing visibility in Siri/Spotlight Suggestions.
Privacy and accuracy notes
Verification uses only network metadata (source IP, DNS), never visitor identity. Applebot is a crawler, not a person; WebmasterID records the verified or unverified result as a bot event only.
Frequently asked questions
- Is checking the user agent enough to confirm Applebot?
- No. The token can be copied. Confirm the source IP resolves by reverse DNS to an Apple host and that the hostname forward-resolves back to the same IP, in line with Apple's published guidance.
Related pages
- Applebot — Apple's web crawler
Applebot is the web crawler operated by Apple, used to power features such as Siri and Spotlight Suggestions. It uses the Applebot robots.txt token and supports reverse-DNS verification. It is distinct from Applebot-Extended, a separate token governing use of crawled content for Apple's generative models.
- How to verify Bingbot
The Bingbot user agent is commonly spoofed, so a request claiming to be Bingbot should be verified rather than trusted. Microsoft documents a reverse-DNS method: the source IP should resolve into search.msn.com, confirmed by a forward lookup back to the same IP. Bing also publishes IP information for verification.
- Crawler IP verification methods
Because user-agent strings are trivially copied, the reliable way to confirm a crawler is to check its source. The two documented methods are reverse DNS with a forward-confirm step, and matching the source IP against the engine's published IP ranges. Together they defend against spoofed crawler traffic.
- Bot intelligence
Flags crawlers that carry a token but fail source verification.
Sources and verification notes
- Apple — About ApplebotApple's official Applebot identification and control documentation.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.