Verification, not vibes.
Anyone can spoof a user-agent string. Lume verifies the real ones (with signatures, reverse DNS, and published IP ranges) and flags the fakes.
Three ways Lume proves who’s real
Standard-neutral and multi-signal: Lume verifies signatures where present, and falls back to reverse DNS and published IP ranges everywhere else. One verdict per request. We don’t gatekeep who’s allowed; we tell you who’s authentic.
HTTP Message Signatures
Web Bot Auth · RFC 9421 · Ed25519Agents sign each request with a private key. Lume checks the signature against the operator’s published key directory: cryptographic proof of identity, where the operator supports it.
Forward-confirmed reverse DNS
FCrDNSResolve the request IP’s hostname, then resolve that hostname back to an IP and confirm it matches. Proves the request came from the operator’s own infrastructure.
Published IP ranges
Kept fresh automaticallyMatch the request IP against the operator’s officially published address ranges. Lume live-fetches these so a rotated range never silently breaks a verdict.
The 7 operators Lume verifies today
Cryptographically verified vs. self-declared. Know which is which.
Every other agent in the catalog is classified by user-agent and network signals and labeled honestly. Lume never marks an agent verified unless it can prove it.
What “verified” means in your dashboard
Every request carries a verdict. Declared identity is what the request claims; verified is what Lume could prove.
Stop trusting the user-agent string.
See which agents are real on your site. Free plan, one ingest token, set up in minutes.
Start for free →