WEBMASTER INFORMATION · CONTRASTAPI/1.31.0

ContrastAPI Bot

You probably arrived here because you saw ContrastAPI/1.31.0 (+https://contrastcyber.com/bot) in your server access log. Here is who we are and how to opt out.

Who we are

ContrastAPI is a security-intelligence API consumed by AI coding agents (Claude Code, Cursor, Cline, Windsurf) and human security analysts. When an end-user asks our customers' agents to look up information about your site, our infrastructure issues a small number of passive HTTP requests on their behalf — typically reading robots.txt, following a redirect chain, or fetching public meta tags from your homepage.

What we don't do

RULE We do not crawl your site recursively.
RULE We do not bypass robots.txt.
RULE We do not attempt SMTP RCPT TO probes for email verification.
RULE We do not solicit POST/PUT/DELETE — read-only requests only.
RULE We do not exceed 60 requests per 60 seconds against any single registered domain (eTLD+1), counting all subdomains together.

How to opt out

Add the following to your robots.txt:

User-agent: ContrastAPI
Disallow: /

We honour this for endpoints that fetch your HTML (seo_audit, brand_assets). We can also block your domain at our edge — contact us with the registered domain.

Abuse contact

If you believe ContrastAPI is hitting your site abusively, email [email protected] with the registered domain and a short window of access-log lines. We respond within 24h on weekdays.