Skip to content

robots.txt.liquid · Default rules

What Shopify's Default robots.txt Blocks (and Why)

Shopify's default /robots.txt blocks six URL patterns out of the box: /admin, /cart, /checkout, /collections/*+* (filtered duplicates), /search, and /policies/1. Each exists for a reason, and the reasons fall into three categories: security/UX (admin, cart, checkout), duplicate content (filter combinations), and thin content (internal search, auto-generated policy pages). The blocks are the platform's opinionated defaults — the merchant gets them without touching robots.txt.liquid.

Published Verified 2026-05-22

The six default-blocked patterns

Per Shopify's Editing-robots-txt help page, the default-blocked patterns are: /admin (the merchant admin), /cart (the cart page), /checkout (the checkout flow), /collections/*+* (filtered collection URLs that produce duplicate content), /search (internal search results pages), and /policies/ (auto-generated policy pages). The verbatim rendered /robots.txt on a default Shopify store shows these as Disallow rules under the User-agent: * block.

text The Shopify default robots.txt rule set (verbatim shape) 
 User-agent: * Disallow: /admin Disallow: /cart Disallow: /checkout Disallow: /collections/*+* Disallow: /search Disallow: /policies/ Sitemap: https://yourstore.com/sitemap.xml

The exact ruleset varies slightly across Shopify infrastructure rollouts and may include additional protective patterns Shopify adds over time. The six above are the documented defaults as of May 20261.

/admin, /cart, /checkout — the security blocks

The first three blocks are security and UX protections. /admin is the Shopify merchant admin; no public crawler should ever index it. /cart is the customer's shopping cart, which is empty for any crawler and uniquely stateful for any logged-in customer — neither is content worth indexing. /checkout is the payment flow, and indexing it would be a security and UX disaster (Google deep-linking customers into a half-rendered checkout). Each block exists because there is no version of the page that would be valuable in search.

Worth knowing: the /admin block does not prevent unauthorized access to the admin (the admin has its own authentication). It only prevents crawlers from listing admin URLs in search results. The same applies to /checkout — the block is a crawl-prevention layer, not the only security layer.

/collections/*+* — the filter duplicate block

The /collections/*+* pattern is a robots.txt wildcard matching any collection URL with a + character in the path. The + is how Shopify's native multi-facet filter system serializes selections — /collections/dresses/red+xl, /collections/shoes/leather+size-9. The wildcard catches all such combinations. The block exists to suppress combinatorial duplicate-content explosion: a 10-facet collection generates thousands of URL combinations, most with overlapping content and no search demand. Google's faceted navigation guidance treats this as a primary cause of wasted crawl budget on ecommerce sites.

Google's faceted-navigation doc3 recommends the robots.txt block approach as one of three valid strategies (alongside canonical-to-base and noindex). Shopify chose the robots.txt approach as the platform default. For deeper coverage of this specific pattern, see /shopify-seo/filtered-collections/.

/search and /policies/ — the thin-content blocks

The /search block prevents indexing of internal search result pages — infinite combinations, all thin. The /policies/ block prevents indexing of the auto-generated policy pages (refund policy, shipping policy, terms of service, privacy policy) that Shopify generates at /policies/refund-policy, /policies/shipping-policy, etc. The policy block is a platform-aesthetic choice: Shopify wants the canonical policy URLs to be the merchant's custom pages (typically at /pages/refund-policy), not the auto-generated versions.

The /policies/ block is the most-misunderstood of the six. Some merchants assume it means Shopify doesn't want policy content indexed at all. That's wrong — Shopify wants policy content indexed via the merchant's customised /pages/... URLs, not the auto-generated /policies/... ones. The merchant who wants their refund policy in Google links to /pages/refund-policy from the footer, not /policies/refund-policy.

Why you should never unblock any of these

The six default blocks were chosen by Shopify's SEO team after analysing patterns across millions of stores. They reflect best practice for the ecommerce category. Unblocking any of them introduces a known problem with no upside: /admin would surface merchant URLs in search; /cart and /checkout would create privacy and UX problems; /collections/*+* would dilute crawl budget across thousands of thin URLs; /search would expose infinite combinatorial search result pages; /policies/ would create canonical conflicts with the merchant's customised /pages/ versions. Shopify's verbatim warning applies: 'Incorrect use of the feature can result in loss of all traffic.'

The right pattern for any URL you want indexed: don't unblock the default. Build a named, curated page at a different path. Want refund policy in Google? Create /pages/refund-policy and link to it from the footer. Want a high-intent search query to rank? Build a named collection page at /collections/red-wedding-dresses. Want a specific filter combination indexed? Same answer — build a named collection.

For the rules layered on top of these defaults — AI-bot blocking, app-route disallow, additional sitemaps — see the robots.txt.liquid hub and the AI-bot leaf at /shopify-seo/robots-txt-ai-bots/.

Keep reading