HTTP status codes are the internet’s traffic signals. 200 means “OK, here’s your content.” 404 means “Not found.” But one code has been waiting 25 years for its moment: 402 Payment Required.
The Forgotten Status Code
HTTP 402 was reserved in 1997 for future payment systems. But micropayments never took off, so 402 sat unused—until now.
Firecrawl added 402 support in October 2025. AI crawlers hit a paywall, receive payment instructions, pay, and get a license token granting access.
This is what the open web needs: enforcement at the protocol level.
How 402 Actually Works
When an AI crawler requests content:
- WordPress detects AI bot (User-Agent: GPTBot, ClaudeBot, etc.)
- Checks for valid license token in URL parameters
- Returns 402 if unpaid with payment instructions:
HTTP/1.1 402 Payment Required
WWW-Authenticate: Bearer realm="Copyright.sh"
Link: <https://ledger.copyright.sh/api/v1/licenses/acquire>; rel="payment"
Content-Type: application/json{
"price": "0.15",
"currency": "USD",
"tokens": 1500,
"license": "allow;distribution:private"
}
- AI company pays and receives JWT license token
- Re-requests with token, gets HTTP 200 + content
Why This Changes Everything
Before 402: robots.txt says “please don’t crawl me” (ignored by rogue actors)
After 402: WordPress says “pay first, access later” (enforced at HTTP level)
It’s the difference between asking nicely and actually enforcing boundaries.
The Technical Details
Copyright.sh’s WordPress plugin implements local-first 402 enforcement:
- No on-path API calls (sub-10ms overhead)
- JWT tokens verified via cached JWKS (JSON Web Key Set)
- Search engines whitelisted (SEO-safe)
- Subscription-style pricing (no micropayment friction)
Content stays protected. Performance stays fast. SEO stays intact.
That’s 402 done right.
Leave a Reply