Traffic Limits and Overages

Information on how Pantheon measures site traffic in visits and pages served.

Discuss in our Forum Discuss in Slack

Pantheon’s customers generate the most value from WebOps, and an essential component of our WebOps platform is ensuring the uptime and performance of your site. Pantheon optimizes for site traffic based on your choice of pricing plan, and we deploy backend resources to support your continued success.

The number of unique visits displayed in Pantheon’s Site Dashboard determines the traffic Pantheon will apply for evaluating use on your site under your pricing plan.

Site Traffic Measurement Model

Pantheon helps ensure your sites are performing at their best by provisioning server-side resources designed to support the traffic associated with your selected pricing plan. When the site traffic consistently exceeds the limits of your plan, Pantheon may automatically adjust you to a pricing plan to better maintain your site performance.

Site traffic consists of two components: Site Visits and Pages Served. The Site Dashboard gives you immediate access to these metrics, which are refreshed daily. Customers should choose the plan that suits their anticipated traffic and continually monitor that choice using Pantheon's Site Dashboard.

Traffic Metrics

The number of unique visits displayed in Pantheon’s Site Dashboard represents the traffic measurement Pantheon will apply for evaluating use on your site under your pricing plan. The Site Dashboard also includes the number of pages served, to help evaluate trends, and project future traffic. Traffic information is refreshed daily.

The data comes directly from our Global CDN, which tracks all requests for resources on Pantheon. However, many known bots and crawlers do not count towards site traffic limits, nor do we meter requests for static assets (images, PDFs, CSS, JS, etc.).


A visitor is a person or device who/that receives information from the site. The platform counts each visitor once per day, regardless of the number of times they return that day or the number of pages they visit that day.

Site Visits

We consider a Site Visit as a 200-level (and some 300-level) response code in response to a visitor, and we identify unique consumers as a combination of user agent (device/browser) and IP address (network source), as shown in the diagram below.

Pages Served

Think of this as something that gets delivered to the visitor: Pages served is the number of requests for resources generated by the CMS (WordPress or Drupal). Most commonly these are HTML web pages, but they also include non-HTML resources such as JSON, RSS, or XML-RPC. These are typically used for bringing data into the site from another source (e.g., a list of places on a map).

The number of Pages Served allowed for each Site Plan is five times the maximum monthly Site Visits.

For both metrics, the platform counts based on the total volume of requests, which includes visitors receiving pages (or other CMS-generated resources) which are served from our Global CDN cache.

Diagram demonstrating how pages served and visits are tracked

As shown here, visits and visitors have different meanings. If two visitors go to the site, and one opens another page but the other leaves, that would be tracked as two visitors; three pages served. If one of those visitors returns again the next day, it would be counted as two visitors, three visits, and four pages served.

How do you know if a visit counts?

The visit counts if it:

  • Is valid
  • Is not a known bot
  • Returns a 200-level response that originates from PHP;

Additionally, if that visit is from a unique IP and user agent combination for the day, then that counts as a unique visitor that day too.

Flowchart shows that traffic is only counted as a visit if the points above are satisfied and it loads successfully.

How does traffic affect performance?

Each site is provisioned for optimal performance based on the traffic load it is expected to handle. Storage, domains, application memory, application containers and many other features are set up to handle the traffic expected in each site type. Depending on the type of traffic your site experiences, or if you expect a heavier load of traffic, you may need to increase the plan size so that you can continue to expect a site that runs smoothly.

Measurement of Traffic

Traffic Metrics

Measurement. Pantheon defines “visits” in the Site Dashboard as set out above under “Site Visits.”

Exclusions. The traffic measurement model above describes those interactions specifically excluded. Inherent in our model is customer feedback. Contact support to request that Pantheon consider additional exclusions if you experience issues with your site and any of the following:

  • Static Assets: Static requests (images, PDFs, CSS, JS, etc) are not included in traffic metrics reporting on the Site Dashboard.
  • Excessive Bandwidth Usage: Individual sites consuming excessive bandwidth may be contacted separately by Pantheon for monitoring and actions required to address any plan abuse.
  • Redirects: The platform does not count the following 300-level redirect responses: 301, 302, 307, 308.
  • 404 and Other Client Errors: "Client errors," which are returned as 400-level responses, do not count as part of plan traffic limits.
  • Bots and Crawlers:
    • A high-performance response to crawlers supports SEO, which is one of the reasons Pantheon is the platform of choice for our customers. Although it places load on the platform, Pantheon excludes select automated traffic from legitimate crawlers and bots that would otherwise count towards your website's total traffic. See above definition of Visits regarding the combination of datasets to determine traffic metrics. Pantheon excludes certain activity on your Site Dashboard (e.g., Google bot user agent).
    • Some bots and crawlers present themselves as end-user browsers. This makes their behavior difficult to distinguish from human end users. Some bots exhibiting this behavior, while they claim to be regular browsers, remain distinctive enough to exclude from billing.
    • To block specific bots and crawlers from your site, add them to robots.txt or use PHP to block specific User Agents.

Visit our doc on how to investigate traffic incidents for suggestions on how to identify traffic issues and implement a solution.

If there are specific cases that create traffic spikes or events for your site, we encourage you to contact Pantheon support for more tailored tools to support those issues unique to your site.

Traffic Limits and Overages

Pantheon optimizes the resources and performance of your site based on your choice of pricing plan. Your pricing plan determines the backend resources Pantheon deploys to support site performance and to serve the corresponding traffic levels for each plan. Customers should choose the plan that suits their anticipated traffic and continually monitor that choice using Pantheon's Site Dashboard.

As your site grows on Pantheon, you are able to modify your plan based on the metrics you find in the Site Dashboard. If your traffic is continually over your plan limit, we may automatically adjust you to a pricing plan that better aligns with your traffic growth. This is important to ensure the continued performance of all sites on Pantheon, and to avoid any negative impact to your site as traffic levels change.

Pantheon monitors your site traffic as part of our evaluation of overall site health. To understand the limits associated with your pricing plan, visit the pricing comparison page for additional information.

Overage Protection

Pantheon designed Overage Protection for Performance sites to prevent one-time traffic spikes from causing billing issues. All Performance plans and higher include Overage Protection, which provides billing protection against externally driven spikes, or for businesses that have an annual “big event” but otherwise operate at a lower “normal” rate.

If the change to traffic behavior exceeds your plan limit for any two months of traffic, your site will be moved to the next appropriate plan to help avoid further overages. You will receive notifications of this change ahead of time.

Basic Plans

Basic Sites do not have overage protection. If a Basic Site exceeds the 25,000 visit cap in any given month, the site plan will be automatically upgraded to the Performance plan whose visit limit accommodates the site's traffic.

For more information, see Traffic Limits and Overages.

Frequently Asked Questions

Why doesn't Pantheon's traffic metrics match my other analytics?

Website traffic is an important indicator of a successful website. Analytics suites (e.g. Google Analytics, Similarweb, Mixpanel) each serve a different purpose from Pantheon’s Site Dashboard.

Pantheon tracks every single request to the platform. In contrast, analytics tools will typically only track complete "pageviews" on an HTML page containing a tracking snippet that can fire off a subsequent request to the analytics platform.

This table shows some of the reasons why traffic in the Dashboard may differ from your analytics suite:

Counts as TrafficCounts for Analytics
API RequestYesNo
Automated traffic from bots or load testingYesSometimes
Content pre-fetchingYesSometimes
Pages without a tracking assetYesNo
User closes browser before tracking loadsYesNo
User with adblocker enabledYesSometimes

For example, the following traffic will be collected in our logs, but will not be present in most analytics:

  • API requests (e.g. XML-RPC, which can be disabled in WordPress and was removed from Drupal 8 core) and AJAX requests.
  • Users with adblocking or with browsers features that block cookies or javascript (like Private or Incognito modes)
  • Users that close the browser before the tracking script loads.
  • A page where there is no tracking code, or where a javascript error prevents the tracking code from firing.
  • Automated traffic from bots or load testing.
  • Content pre-fetching by browsers or apps.

Analytics implementations can be variable. It may be that your analytics solution isn't tracking all pages served for good reason. For example, you may exclude CMS administrators to give you a view of "visitors only."

Content pre-fetching increasingly plays a role in driving up traffic metrics without having the same impact on visitor-centric analytics. Speculatively loading pages in the background is a common tactic to improve the user experience on the web, which we support people using. However, this does generate more overall traffic from the perspective of the platform.

What traffic is excluded from Pantheon's metrics?

Certain activities are generally excluded from the calculation of visits and pages served on a case-by-case basis at Pantheon’s discretion, and subject to Pantheon’s Acceptable Usage Policy (AUP). Customers may request that Pantheon consider excluding traffic sources by contacting support if they experience particular issues with configuring their site for any of the following: Static Assets; 404 and other Client Errors; Bots and Crawlers.

Will Pantheon warn me if my site has an overage?

Customers are responsible for monitoring their usage and overage risk using the Site Dashboard. Pantheon periodically reviews customer usage for overages across all plan levels and will contact you directly by email. If the change to traffic behavior exceeds your plan limit for any two months of traffic, your site will be moved to the next appropriate plan to help avoid further overages. These adjustments will be communicated via email.

Where can I manage my plan along with my site traffic?

Your Pantheon Site Dashboard includes site traffic, measured against your plan, and information on pages served and unique visits specifically. You can upgrade your plan from the Site Dashboard at any time.

How can I change my Performance plan if I need to scale up to handle more traffic?

You can upgrade your plan in the Site Dashboard at any time. Pantheon understands traffic levels may vary by season or event for some of our customers, but if you're experiencing sustained traffic that's higher than your plan limit, you can update your plan yourself.

We encourage all customers to take advantage of Overage Protection, which prevents one-time traffic spikes from causing billing issues.

What about legitimate traffic spikes?

The internet can make any website famous overnight, and this may not be under your control. Pantheon's platform is designed to support such events, and it's one of the main reasons people choose us to run their sites. Luckily, traffic spikes are easily discernible and we take this into account when monitoring overages. Sustained traffic overages will continue to require an adjustment to your pricing plan as set out above.

What about load tests or penetration tests?

Load tests and other performance reviews of the Pantheon platform are generally prohibited by our AUP. Although it may result in significant traffic spikes, Pantheon fully supports customers choosing to load test their site (excluding the platform). Contact Pantheon Support prior to performing such tests to make them aware there will be an extraordinary event that should be considered.

If you identify an underlying issue that may affect the platform, please let us know. If an issue is identified with your codebase, Pantheon can recommend a Partner or connect you with our Professional Services team to help you with remediation.

What about Denial of Service and other attacks?

Malicious actors can create unplanned events in traffic, and this is not a fair measure of value a customer receives from our platform. We ask that customers help us identify and support the investigation of these issues. On a case by case basis, Pantheon may choose to waive overages in its judgment weighing factors such as how many clients are affected, to what degree could this have been addressed by customers, and how uniquely Pantheon is positioned to help our customers resolve these issues.

Malicious actors are different from unwanted traffic, which may be unique to a customer’s preferences for the targeted audience of their site. From a traffic measurement perspective, Pantheon is focused on omitting traffic that is objectively malicious.

See Also