How do I allowlist Prerender.io's IP addresses?

TL;DR

Prerender.io renders your pages from a fleet of public IPs in two large CIDR blocks (103.207.40.0/22 and 104.224.12.0/22) plus an IPv6 range (2602:2dd::/36). The Sitemap Crawler uses a separate ingress range (5.161.0.0/16). If your site sits behind a firewall, WAF, or CDN that filters by IP, allow these ranges so Prerender.io is not blocked at the network boundary. The canonical, always-up-to-date list lives at ipranges.prerender.io/ipranges-all.txt, so script your allowlist against that file rather than copying static values.

Next up: How do I manage domains in Prerender.io? - add, monitor, and remove domains using your shared Prerender.io token.

Why this matters

If Prerender.io's IP ranges are not allowed at the network boundary, rendering requests never reach your origin server. Your cache stops updating, and AI crawlers and search engines eventually receive stale snapshots or non-200 responses. Allowlisting ensures Prerender.io can fetch your pages, render them, and serve the result back to crawlers without interruption.

Overview

Prerender.io renders pages from a static range of public IP addresses. If your site uses a firewall, web application firewall (WAF), or CDN that restricts access at the network level, you need to allow these IPs so Prerender.io can reach your origin, fetch your pages, and serve the rendered HTML back to AI crawlers and search engines.

If the IPs are not allowed, Prerender.io requests are blocked at the network boundary and never reach your origin. The SEO Score and cache for the affected URLs stops updating, and crawlers eventually start seeing the older snapshot or a non-200 response for those pages.

The most current list of IP ranges lives at ipranges.prerender.io/ipranges-all.txt. The ranges below are the published static blocks, useful as a starting point or for environments that only accept CIDR ranges. For full coverage, script your allowlist against the live file.

Primary IP ranges

These static IP ranges are exclusively used by Prerender.io's rendering fleet:

103.207.40.0/22
104.224.12.0/22
2602:2dd::/36

The first two cover IPv4 traffic. The third covers IPv6.

Allow all three in your firewall or CDN configuration.

Alternative narrow ranges (/24)

Some firewalls and CDNs do not accept wide CIDR blocks like /22. If you are limited to /8, /16, or /24 blocks only, use these narrower equivalents instead:

104.224.12.0/24
104.224.13.0/24
104.224.14.0/24
104.224.15.0/24
103.207.40.0/24
103.207.41.0/24
103.207.42.0/24
103.207.43.0/24

Keep your allowlist current

The IP list does update from time to time as the rendering fleet grows or rotates. To avoid drift:

• Check for updates at least once a month, or script a fetch against the live list.
• The canonical source is https://ipranges.prerender.io/ipranges-all.txt, which is updated whenever the fleet changes.

Egress and ingress IPs

The ranges above are egress IPs, used by the rendering cluster when it fetches pages from your origin. Prerender.io's ingress addresses, used by features like the Sitemap Crawler, are separate.

The Sitemap Crawler uses the range 5.161.0.0/16. If you use sitemap-based recaching or crawl support, allow this range in addition to the rendering egress IPs.

You can also identify the Sitemap Crawler by its User-Agent string and allow it that way instead of, or in addition to, by IP:

Prerender (+https://github.com/prerender/prerender)

IPv6 and Happy Eyeballs

Prerender.io uses RFC 6555 Happy Eyeballs when connecting to your origin. If your infrastructure supports IPv6, Prerender.io will prefer IPv6 addresses, attempting IPv4 and IPv6 in parallel to pick the faster connection. This shortens connection time on dual-stack origins.

Practically, this means you should allow both the IPv4 and IPv6 ranges above. A common cause of intermittent render failures is an IPv6 block at the firewall layer while IPv4 stays open, which then becomes visible only when Happy Eyeballs picks the IPv6 path first.

Traffic origin and server regions

Prerender.io runs its rendering infrastructure across US and EU regions. If you need to restrict traffic to a single region (for example to keep all rendering traffic inside the US), paid customers can request a US-only configuration through support.

Common pitfalls

• Allow both egress IPs and the Sitemap Crawler User-Agent. Allowing just the egress IPs leaves the Sitemap Crawler blocked, and vice versa.
• Check IPv6 separately. Some firewalls block IPv6 by default while leaving IPv4 open. With Happy Eyeballs, you will see intermittent render failures rather than a clean blocklist signal.
• Use the /24 ranges when /22 is not accepted. The narrow ranges cover the same address space as the broader CIDR blocks, but split across eight /24 entries.
• Re-sync against the live list periodically. The static ranges in this article are a starting point, not the complete fleet. The live ipranges-all.txt file is the source of truth.

Get support

If you have allowlisted the ranges above and still see Prerender.io traffic getting blocked, or you need help configuring a US-only setup:

• Email support@prerender.io
• Or click the green Support button in your Prerender.io dashboard and choose Contact Support

To help us diagnose quickly, please include:

• Which firewall, WAF, or CDN you are using (Cloudflare, AWS WAF, Akamai, etc.).
• Whether your allowlist uses the /22 CIDR blocks, the /24 narrow ranges, or a scripted fetch from the live list.
• A sample blocked request: source IP, destination URL, response code, and approximate timestamp.
• Whether the block also affects the Sitemap Crawler User-Agent.

Related articles

• Status codes
• Rendering queues
• How does Prerender.io work?
• How do I add AI crawlers and bots to my integration?