The WarmupRocks bot
If you found this page in your server logs: hello! WarmupRocks is a cache-warming service. A site owner — most likely the operator of the site you saw us on — asked us to periodically request their public pages so that CDN edge caches stay warm and real visitors get fast responses.
User agent
Mozilla/5.0 (compatible; WarmupRocks/1.0; +https://warmup.rocks/bot)Sitemap discovery requests add sitemap discovery to the string.
What the bot does — and doesn't
- Requests only URLs listed in the site's public sitemap (plus URLs the site owner added manually).
- Does not execute JavaScript, does not follow links, does not fill forms.
- Is paced and rate-limited; a typical warming pass touches each URL once per region.
- Sends requests from multiple geographic locations, so IP addresses vary.
Identifying and filtering
Match on the WarmupRocks token in the user agent:
- Analytics: server-side analytics can exclude the UA; client-side analytics never sees us, since no JavaScript runs.
- WAF / bot protection: site owners can additionally configure a custom secret header
(e.g.
x-warm-secret) for their warming requests and write an allow rule for it.
Don't want us on your site?
We only warm sites after the project owner has proven domain ownership — either via a
DNS TXT record (_warmup-rocks.example.com) or a response header
(x-warmup-verify). Unverified projects are never crawled on a schedule. If your site
is still being requested by WarmupRocks and you didn't ask for it, block the user agent or write to
[email protected] — we'll remove the project.