HTTP 402, x402, and pay-per-crawl make AI-agent access programmable, but every paid request can become wallet, resource, timing, facilitator, and intent metadata.
Pay Per Crawl and the Paid Web: Privacy Risks of HTTP 402
HTTP 402 makes machine payments clean for servers. For privacy, it creates a new trail: every paid resource can become a record of what an agent wanted to read, scrape, or buy.
Privacy frame: agent payments are authority systems. The useful question is not whether a protocol is modern. The useful question is who can spend, who approves, who settles, who stores logs, and how quickly the user can revoke it.
Primary sources
The clean engineering story
A server returns Payment Required with payment instructions. The client pays, retries, and receives the resource. That is simpler than accounts, invoices, subscriptions, or sales calls for small paid API access.
For crawler and agent use, that simplicity is the point. The machine can decide whether a paid response is worth it and settle programmatically.
The privacy cost
The payment event can expose the resource path, amount, recipient, wallet, facilitator, time, retry pattern, and crawler identity. Even when the content request is encrypted in transit, the payment layer may keep its own logs.
If the same wallet pays for multiple research tasks, the wallet becomes a cross-site identifier. If the same agent identity pays and browses, payment metadataData about data, such as who contacted whom, when, from what device, and from which location. Metadata often remains exposed even when content is encrypted.Glossary → and browsing metadata reinforce each other.
- Paid failed attempts are still intent signals.
- Small payments can still deanonymize through repetition.
- Wallet funding history can matter more than the request itself.
- Facilitator logs are part of the privacy model.
Cunicula default
Treat paid crawl as a separate identity compartment. Use one wallet or payment instrument per project. Do not mix sensitive research, main accounts, and general crawling in one wallet.
Where the work is sensitive, keep a human approval step or a policy budget in place. Paying per request should not mean the agent can buy every page it sees.
Before using paid crawl
- Separate wallet per crawler purpose.
- No address reuse across sensitive jobs.
- Tiny prepaid budget, not a broad wallet grant.
- Separate network and account identity for sensitive research.
- Review facilitator and server logs as part of the threat model.
Use the Agent Money matrix and the agent-money directory filter to compare live Cunicula provider records.
Frequently Asked Questions
Why is HTTP 402 a privacy issue for AI agents?
A paid HTTP request can reveal which resource an agent tried to access, when it retried, which wallet or facilitator paid, and which account or crawler identity was involved.
Can pay-per-crawl be private?
Only with strict compartmentalization. Use separate wallets or payment instruments, avoid address reuse, keep crawler identities separate, and do not mix sensitive research with main accounts.