Traffic Limits and Overages

Information on how Pantheon measures site traffic


Pantheon defines plan levels based on traffic to help site owners pick the right plan based on expected or historical traffic. To verify that sites receive traffic within their plan limit, we count requests served by the platform from the CMS.

Overage Protection

All Performance plans include Overage Protection to prevent one-time traffic spikes from causing billing issues. If the change to traffic behavior is sustained, the site will eventually be moved to the appropriate Performance plan. This provides billing protection against externally driven spikes, or for businesses that have an annual “big event” but otherwise operate at a lower “normal” rate.

Basic plan sites do not have this protective feature and would see a change to their bill in the applicable billing period. The overage charge is $2.50 per 1,000 visits (no proration).

Traffic Metrics

Pantheon tracks two traffic metrics which relate to site plan levels: Visits and Pages Served. These are available in the Site Dashboard, and are refreshed daily.

The data comes directly from our Global CDN, which tracks all requests for resources on Pantheon. However, known bots and crawlers do not count towards site traffic limits, nor do we meter requests for static assets (e.g. CSS or images).


Pantheon defines Visits as traffic from unique consumers in a 24 hour period. We identify unique consumers as a combination of user agent (device/browser) and IP address (network source).

Pages Served

Pages Served is the number of requests for resources generated by the CMS (WordPress or Drupal). Most commonly these are HTML web pages, but they also include non-HTML resources such as JSON, RSS, or XML-RPC. The number of Pages Served allowed for each Site Plan is five times the maximum monthly Site Visits.

For both metrics, we count based on the total volume of requests, which includes visitors receiving pages (or other CMS-generated resources) which are served from our Global CDN cache.

For details, see Metrics in the Site Dashboard.

Traffic Spikes

A traffic spike is a pattern of traffic that exceeds the site plan limit and lasts in duration up to the limit defined by plan's Overage Protection, if applicable. For details, see Pricing Comparison.

Sustained Traffic

Sustained traffic is two consecutive months of being over the site plan limit.

Static Assets

Static requests (images PDFs, CSS, JS, etc) are not included in our normal traffic metrics. Under regular CMS use-cases, these supporting requests to render HTML pages for users with browsers are not a concern.

However we do reserve the right to review individual sites that are excessive bandwidth consumers. If sites are serving static assets at an excessive rate, this can be considered plan abuse.

404s and Other Client Errors

Pantheon only counts pages returned, considered 200 level, in traffic metrics. The Platform does not count "redirects" which are returned as 300 level and "client errors," which are returned as 400 level, as part of plan traffic limits.

Bots and Crawlers

Although it places load on the platform, Pantheon excludes automated traffic from legitimate crawlers and bots that would otherwise count towards your website's total traffic. We do this by examining the user-agent of traffic, as well as the source IP address.

Having high performance responses to crawlers is beneficial to SEO, which is one reason people choose Pantheon, but we respect that you cannot control this kind of traffic. We are continually refining our model to ensure our traffic reports are as accurate as possible.

Frequently Asked Questions

How will Pantheon reach out to me if my site has an overage?

For sites on the Basic plan, overages are charged at the end of the month.

For sites on Performance plans, we will notify you if your site exceeds the limit for the plan. If this happens on the following month, your site will be bumped to the appropriate plan. Overage protection keeps you from being charged in the first month of sustained traffic.

How will Pantheon let me know my site will automatically be bumped to the next level?

You will receive a communication that you are over on month one, and again on month two when the plan level is changed.

What if my site's metrics exceed the limit of the Performance Extra Large Plan?

The Performance Extra Large Plan allows for 300,000 monthly visits and 1.5 million monthly page views. High traffic sites should be moved to an Elite plan. To learn about moving to an Elite Plan, please contact us.

If you need time or are unable to commit to an annual contract, sites that exceed the Performance Extra Large limits will be upgraded to a Performance 2X Large Plan, which has a limit of 600,000 monthly visits and 3 million monthly page views. The 2X Large plan is not available for purchase via our dashboard, but can be applied by our Support team. Prices for the 2X Large plan are as follows:

Payment TypePrice
List Monthly$2,000
List Annual$22,000

Note that the annual plan prices are list as annual cost.

How can I change my Performance size plan if I need to scale up to handle more traffic?

You can upgrade your plan in your dashboard at any time. You may not be able to downgrade to a smaller performance size plan based on your traffic history.

Why doesn't Pantheon's traffic metrics match my other analytics?

Analytics suites (e.g. Google Analytics) are measuring fundamentally different things vs Pantheon's request log. While analytics suites focus on measuring visits, our request log more comprehensively measures traffic.

We track every single request to the platform, whereas analytics tools will typically only track complete "pageviews" where an HTML page including a tracking snippet is completely loaded by a browser and can fire off a subsequent request to the analytics platform.

For example, the following traffic will be collected in our logs, but will not be present in most analytics:

  • API requests (e.g. XML-RPC, which can be disabled in WordPress and was removed from Drupal 8 core) and AJAX requests.
  • Browsers/users that block cookies or javascript, including adblockers or private mode.
  • Users that close the browser before the tracking script loads.
  • A page where there is no tracking code, or where a javascript error prevents the tracking code from firing.
  • Automated traffic from bots or load testing.
  • Content pre-fetching by browsers or apps.

Analytics implementations can be variable. It may be that your analytics solution isn't tracking all pages served for good reason. For example, you may exclude CMS administrators to give you a view of "visitors only".

Content pre-fetching increasingly plays a role in driving up traffic metrics without having the same impact on visitor-centric analytics. Speculatively loading pages in the background is a common tactic to improve the user experience on the web, which we support people using. However, this does generate more overall traffic from the perspective of the platform.

What about load tests or penetration tests?

We encourage customers to load test prior to releasing a big update. We also fully support customers who want to penetration test their site, which can result in significant spikes in traffic.

However, if you are load or pen testing in extreme excess of your plan limits, or do so on a regular and repeated basis, we reserve the right to charge for a plan that is appropriate to the load placed on the platform.

If you identify a platform issue, please let us know. If an issue is identified with your codebase, we can recommend a Partner or connect you with our Professional Services team to help you with remediation.

What about legitimate traffic spikes?

We understand that the internet can make any website famous overnight and that this isn't under your control. Pantheon's platform is specifically designed to shine under this circumstance, and it's one of the main reasons people choose us to run their sites.

Luckily, traffic spikes are easily discerned, and we take this into account when it comes to monitoring plan abuse. However, similar to the above, if a site is achieving internet fame on a regular basis, we reserve the right to right-size the site's plan in relation to the load it puts on the platform.

What about Denial of Service and other attacks?

We are well aware that malicious actors can create a ton of traffic out of nowhere and that this is not a fair measure of what a customer should pay for. We are more than willing to investigate discrepancies between our traffic measurements and other site analytics on a case by case basis.

As above, in cases where these events are regular or sustained, we reserve the right to right-size a site plan. If a site's real load on the platform is consistently higher than what appears in end-user analytics, fairness demands that the site plan fit its usage.

See Also