Perplexity has two distinct automated systems that visit your site: PerplexityBot, the indexing crawler that feeds its AI search results, and Perplexity Shopper, the transacting agent that buys products on behalf of Pro users. They require different responses. Blocking one does not affect the other.
This guide focuses on Perplexity Shopper, the agent that loads your site in a real browser, navigates your product catalogue, and can complete purchases.
What Is Perplexity Shopper?
Quick answer: Perplexity Shopper (also called "Buy with Pro") is Perplexity's AI purchasing agent for Pro subscribers. A user tells Perplexity what to buy, and the agent opens a real browser session, finds the product on a relevant retailer's site, and completes the transaction. It uses stored payment details and ships to a pre-configured address.
Unlike PerplexityBot, which is a declared crawler with a known user-agent and published IP ranges, Perplexity Shopper operates as a real browser session. It executes JavaScript, loads your full page stack, and interacts with your checkout flow. From your server's perspective, it looks like a standard browser visit.
The agent is designed for convenience: a user says "order the blue Nike running shoes in size 10" and Perplexity finds the best-priced option on a retailer's site and buys it. Your site becomes a fulfilment endpoint for Perplexity's commerce layer.
Shopper vs. PerplexityBot: A Critical Distinction
Quick answer: PerplexityBot is a declared indexing crawler with a known user-agent (PerplexityBot/1.0). Perplexity Shopper is a transacting agent that runs inside a real browser. The two require different detection approaches. robots.txt rules targeting PerplexityBot have no effect on Shopper sessions.
| Attribute | PerplexityBot | Perplexity Shopper |
|---|---|---|
| Purpose | Crawls and indexes content for AI search | Completes purchases on behalf of users |
| User-agent | PerplexityBot/1.0 (declared) | Standard Chrome (undeclared) |
| Execution | HTTP requests, no JavaScript | Full browser, JavaScript-executing |
| robots.txt compliance | Designed to comply | Not applicable (transacting mode) |
| Detection approach | User-agent matching, IP blocklisting | Browser-layer behavioural signals |
This distinction matters because most engineers reach for robots.txt first. For PerplexityBot, that works for path-level control. For Perplexity Shopper, it does nothing useful: the agent never identifies itself, and blocking /checkout via robots.txt just cancels the user's real purchase.
What Perplexity Shopper Does on Your Site
Quick answer: Perplexity Shopper navigates your product catalogue to find a specific item, checks pricing and availability, and traverses your checkout. In doing so, it collects your pricing data, maps your checkout structure, and intermediates the customer relationship between your brand and the buyer.
The data collection risk is similar to Amazon Buy for Me. While completing a legitimate transaction, Shopper:
- Reads your full product pricing and availability, including any dynamic pricing that changes based on session state
- Maps your checkout funnel, including payment options, shipping tiers, and promotional code fields
- Bypasses your email capture, post-purchase flows, and remarketing triggers because no human completes the session
- Creates a customer record where the real customer's attribution belongs to Perplexity, not to your owned channels
The commercial impact is cleaner than it looks from the outside. The transaction completes. The revenue hits. But the customer relationship, the data layer, and the remarketing opportunity all sit with Perplexity.
Why Standard Detection Fails
Quick answer: Perplexity Shopper presents as a standard Chrome session with no identifying headers or user-agent strings in transacting mode. Network-layer tools see a normal browser visit. Without browser-layer visibility, the session is indistinguishable from a human customer.
IP-based detection is unreliable for the same reasons it fails against other agentic shoppers. Perplexity may route Shopper sessions through residential proxies, shared cloud infrastructure, or CDN endpoints. There is no published IP range list for Shopper sessions comparable to what Perplexity publishes for PerplexityBot.
Header inspection at the WAF or CDN layer catches only the user-agent string and basic HTTP headers, both of which a standard browser session populates correctly. The session looks clean at every layer that network tools inspect.
The gap is architectural. Network-layer tools were built to inspect requests, not to observe behaviour inside an executing browser session. That is the layer where Perplexity Shopper's identity becomes visible.
Browser-Layer Signals for Perplexity Shopper Detection
Quick answer: cside observes interaction timing, navigation linearity, form fill behaviour, and fingerprint consistency inside the browser session. Perplexity Shopper's machine-executed checkout has a behavioural signature that is consistently distinguishable from human browsing.
Key detection signals:
- Navigation path: A human buyer typically browses category pages, reads product descriptions, and compares options before adding to cart. Shopper enters directly at a specific product URL and proceeds to checkout without exploration.
- Scroll and interaction patterns: Humans scroll inconsistently, pause, re-read. Shopper scrolls to interact with required elements only, in a predictable sequence.
- Field completion timing: Human form fill has natural latency per field. Agent-executed form fill is instantaneous and does not include the micro-corrections (backspace, re-type) that human entry produces.
- Session history: A human browser session has context from prior navigation (referrer, cached assets, cookie state). An agent session presents a clean initial state regardless of what any prior session history might look like.
cside engineers bypassed traditional bot detection in 81 out of 100 test scenarios. Perplexity Shopper is precisely the kind of agent those tools miss: it completes real transactions in a real browser with no visible indicators at the network layer.
Concrete Detection Scenario: Shopper on a Home Goods Retailer
A Perplexity Pro user asks Shopper to "find the cheapest stainless steel French press in stock and order it to my address." Shopper opens a Chromium session, resolves search results, and navigates directly to a product page on a UK home goods retailer. The session presents a standard Chrome 123 user-agent and an IP address associated with a residential ISP in Bristol. The retailer's WAF passes it without query.
cside instruments the session from first paint. Shopper loads the product page and triggers an add-to-cart event in 3.1 seconds, with zero scroll beyond the fold and no hover latency on the button. It enters guest checkout, completes all five form fields in 1.4 seconds total, and submits payment without pausing on the card number field. No autofill API events fire. The fingerprint shows a clean browser profile: no installed extensions, no prior cookies, no local storage entries from previous visits.
A human completing the same checkout averages 6 minutes and generates 23 distinct input events on the payment form alone. cside's classification engine flags the session at checkout entry, allowing the retailer to apply a policy decision before the order commits.
Response Options
Quick answer: Once you can identify Perplexity Shopper sessions, your response depends on whether you want to accept Perplexity-intermediated purchases. If you do, segment the traffic and protect your data touchpoints. If you don't, block at the checkout stage after classification.
| Goal | Approach |
|---|---|
| Accept the purchase, protect data | Flag Shopper sessions in analytics, suppress dynamic pricing triggers, add agent-segment to post-purchase flows |
| Require human checkout | Introduce behavioural challenge at cart or checkout for sessions matching Shopper signals |
| Reject Perplexity-intermediated orders | Block sessions matching Shopper behavioural signature at checkout entry |
| Monitor without action | Log and classify all Shopper sessions; build a traffic baseline before deciding policy |
Gartner projects that 20% of online purchases will run through AI agents by 2030. Start with monitoring. Understanding the volume and behaviour of Perplexity Shopper traffic on your site is the foundation for any policy decision. Blocking without a traffic baseline means you may be cancelling a non-trivial number of real purchases.
