Google-Agent Is Now Official and It Changes How Your Website Gets Visited
A New Kind of Visitor Just Showed Up on the Web
On March 20, 2026, Google quietly added a new entry to its official list of web fetchers. Not a crawler. Not a training bot. An agent.
Google-Agent is the user agent string for AI systems running on Google infrastructure that browse websites on behalf of real users. When someone asks an AI assistant to research a product, compare prices, fill out a form, or pull information from a website, Google-Agent is the thing that actually shows up on the page. Google’s experimental AI browsing tool, Project Mariner, is the first product using it — but it will not be the last.
This is not Googlebot. Googlebot crawls the web continuously, indexing pages for search. Google-Agent only shows up when a human asks it to. That distinction changes everything about how it operates, what rules apply to it, and what it means for your website.
Robots.txt Does Not Apply to Google-Agent
Google classifies Google-Agent as a user-triggered fetcher — the same category that includes Google Read Aloud (text-to-speech), NotebookLM (document analysis), and Feedfetcher (RSS). All of these share one defining property: a human initiated the request. Google’s position is that user-triggered fetchers generally ignore robots.txt rules because the fetch was requested by a person, not by an autonomous system.
The logic is straightforward. If you type a URL into Chrome, the browser fetches the page regardless of what robots.txt says. Google-Agent operates on the same principle — it is acting as the user’s proxy, not as an independent crawler making its own decisions about what to visit.
This is a meaningful departure from how OpenAI and Anthropic handle similar traffic. ChatGPT-User and Claude-User both function as user-triggered fetchers, but they respect robots.txt directives. If you block ChatGPT-User in robots.txt, ChatGPT will not fetch your page when a user asks it to browse. Google made a different call.
The practical consequence is significant. Website owners who relied on robots.txt as a universal access control mechanism now have a gap. If you need to restrict access from Google-Agent specifically, you will need server-side authentication or access controls — the same tools you would use to block a human visitor, not a crawler.
We covered the broader shift in how Google’s crawl infrastructure is evolving this year in How Google Actually Crawls Your Website in 2026 — worth reading alongside this to understand the full picture of what is visiting your site and why.
Cryptographic Bot Identity: Web Bot Auth
The more significant development is buried in a single line of Google’s documentation. Google-Agent is experimenting with the web-bot-auth protocol using the identity https://agent.bot.goog.
Web Bot Auth is an IETF draft standard that works like a digital passport for bots. Each agent holds a private cryptographic key, publishes its public key in a verifiable directory, and cryptographically signs every HTTP request it makes. The website receiving the request can verify the signature and know, with cryptographic certainty, that the visitor is who it claims to be.
User agent strings can be spoofed by anyone — a scraper can set its user agent to say it is Google-Agent in a matter of seconds. Web Bot Auth cannot be faked in the same way. Google adopting this protocol, even experimentally, signals clearly where agent identity is heading. Akamai, Cloudflare, and Amazon’s AgentCore Browser already support the standard. Google’s adoption brings the critical mass that turns an emerging draft into a genuine industry direction.
This matters because the web is about to face a serious identity problem. As AI agent traffic increases, websites need to distinguish between legitimate agents acting on behalf of real users and scrapers, fraudsters, or bad actors pretending to be agents. IP verification helps but does not scale cleanly. Cryptographic signatures scale better and are significantly harder to fake.
Three Types of Visitors — Not Two
Google-Agent effectively creates a three-tier visitor model for the modern web. The first tier is human visitors browsing directly. The second tier is crawlers — systems like Googlebot, GPTBot, and Google-Extended that index content for search and train AI models. The third tier, now official, is agents — systems acting on behalf of specific humans in real time to complete tasks.
Each tier has different access rules, different intentions, and different expectations. A crawler wants to index your content and move on. An agent wants to complete something — reading a product page, comparing options, filling out a contact form, booking an appointment, or extracting a specific piece of information to bring back to the user who asked.
The distinction is not just philosophical. Agents interact with your pages differently than crawlers do. They navigate. They click. They submit forms. They follow multi-step flows. A website that works perfectly for Googlebot and for human visitors may fail completely for an agent if it relies on JavaScript interactions that automated systems cannot follow, or if its form labels are ambiguous, or if its navigation structure is not semantically clear.
What This Means for Your Website Right Now
The first and most immediate action is to start monitoring your server logs for Google-Agent traffic. The user agent string contains compatible; Google-Agent and is identifiable in standard log analysis. Google publishes verified IP ranges for Google-Agent so you can cross-reference incoming requests against official ranges to filter out spoofed user agents. Most sites are not monitoring this traffic at all yet — which means they have no visibility into whether agents are visiting, which pages they are hitting, or whether those visits are succeeding or failing.
The second action is to review your CDN and firewall rules. Security tools that aggressively block non-browser traffic may be rejecting Google-Agent before it reaches your server. If Google’s published IP ranges are not on your allowlist, agent visits are failing silently and you would not know. Check your Cloudflare, Akamai, or equivalent configuration and verify that legitimate agent IP ranges are permitted through.
The third action is to test your forms and interactive flows from an agent perspective. Google-Agent can submit forms and navigate multi-step processes. If your checkout flow, booking system, or contact forms rely on JavaScript patterns that confuse automated systems — hover states that trigger dropdowns, modals that must be clicked in a specific sequence, CAPTCHAs without accessible fallbacks — agent visitors will fail without any error appearing on your end. Semantic HTML, clear labels, and logically structured navigation are not just good SEO practice anymore. They are the foundation of agent compatibility.
The fourth action is to accept that robots.txt is no longer a complete access control tool. For content you need to genuinely restrict — members-only areas, pricing pages, internal tools — use authentication. robots.txt was designed for the crawler era. The agent era requires proper access controls that work regardless of whether the visitor respects the robots.txt convention.
It is also worth noting that Google-Agent’s arrival in March 2026 was part of a broader set of Google developments that month. The Google March 2026 Core Update completed its rollout in the same period — and across both developments, the consistent signal was that Google’s infrastructure is changing faster than most SEOs and site owners are currently tracking.
The Bigger Picture: Agent Traffic Is Not a Future Problem
A year ago, the idea that AI agents would browse websites alongside human visitors was a prediction made at industry conferences. Today, it has a named user agent string, published and verifiable IP ranges, a cryptographic identity protocol in active experimentation, and an entry in Google’s official documentation.
The web did not split into a human layer and a machine layer. It merged. Every page you publish now serves both types of visitors simultaneously, often at the same moment. Googlebot indexes it. Google-Agent visits it on behalf of a user asking a question. A human lands on it from a search result. All three interactions happen with the same page, and all three have different requirements for success.
The sites that show up well in AI-generated answers, that work correctly when an agent visits them, and that convert agent traffic the same way they convert human traffic will be the ones that recognised this shift early and built for it. The technical foundation — semantic HTML, verifiable identity handling, server-side rendering, clean form structure, log monitoring — is available to any site right now. The question is only whether you start building it before agent traffic becomes too significant to ignore.
Opositive Take On It
Google-Agent getting an official user agent string, published IP ranges, and cryptographic identity experimentation in a single documentation update is one of the most significant infrastructure announcements Google has made in years — and it received far less attention than it deserves. At Opositive, we see this as the moment the agentic web stopped being theoretical. The three-tier visitor model is real, it is already operating, and the gap between sites that are built for it and sites that are not is going to widen quickly. The robots.txt implication alone is something every technical SEO needs to brief their clients on — the assumption that you can control access to content through a single file is no longer accurate if Google-Agent is in scope. The cryptographic identity layer is even more interesting for the long term: as the IETF standard matures and more platforms adopt it, the ability to verify exactly which agents are visiting and trust their identity will become a genuine competitive advantage for sites that implement it early. Start with your logs. Know who is visiting. Build from there.