What QATechBot does
| Aspect | Detail |
|---|---|
| Purpose | Execute authorized end-to-end tests (clicks, navigation, forms) in a real browser, driven by customer-defined test cases. |
| Category | Monitoring & testing automation (not a search engine or content harvester). |
| Scope | URLs under applications and environments the customer adds in QA.tech. |
User-Agent
Requests from QA.tech browser automation append an identifiable suffix so you can recognize the bot in logs and WAF rules. Suffix (always present on bot traffic):User-Agent is typically a standard Chromium-based string plus this suffix (device presets may vary the base browser UA).
Standalone fetches that identify as the bot (e.g. when reading robots.txt) use:
Verifying QATechBot traffic
If you use Cloudflare Verified Bot (or similar controls), QA.tech supports verification in two complementary ways:1. IP allowlist and reverse DNS
-
Published IPv4 prefixes:
https://app.qa.tech/.well-known/qatech-ips.json
(JSON withipv4Prefixentries, updated as infrastructure changes.) -
Reverse DNS: Egress IPs resolve (PTR) to
bot.qa.tech, and forward DNS forbot.qa.techmatches those same static IPs—so IP ownership can be validated end-to-end.
2. Web Bot Auth (signed requests)
For top-level page navigations, QA.tech may attach HTTP Message Signatures (Web Bot Auth) so verifiers can cryptographically confirm the request came from QA.tech.- Public key directory:
https://app.qa.tech/.well-known/http-message-signatures-directory
robots.txt
Where QA.tech performs discovery or policy checks againstrobots.txt, requests use the QATechBot/1.0 user agent and respect normal robots rules for the customer’s configured URLs.
Privacy and authorization
- Tests run on behalf of the QA.tech customer who configured the target application.
- QA.tech does not use QATechBot to index or bulk-scrape arbitrary sites.
- If you believe traffic is unauthorized, contact your counterpart at the organization using QA.tech, or reach out to QA.tech support.