Recently there have been a lot of cases when users receive spam traffic in Google Analytics 4. Most often it is referral spam traffic, usually with the location Poland and the same referral sites, these are the most common: news.grets.store, static.seders.website, trast.mantero.online, ofer.bartikus.site.
On the Internet you can find a recommendation to simply add these sites in the GA4 Datastream settings to the List unwanted referrals. But do not do this - it will not solve the problem in any way, but will simply move the source of this traffic to the Direct category.
Unfortunately GA4 also has no way to filter traffic by referral, only by IP address (at least for now).
Stape received a few requests from our clients to add a bot detection feature. That is why we created an easy-to-use power-up that helps to identify whether the hit was sent from a bot and the likelihood that it was a bot.
In this blog post, we will show how to use Stape's bot detection power-up as well as other options for filtering bit traffic in GA4.
To solve this problem, you can use Stape's ‘Bot detection’ power-up. Just enable it in the power-ups interface of your container on Stape.
Once activated, with all requests to the server, you will receive two additional parameters X-Device-Bot (true or false) and X-Device-Bot-Score (a score between 1 and 100 probability of a request from a bot) in the request headers with each request:
Then you can simply add this as an additional check to the triggers on the server container:
Now, if the request is determined to be from a bot - your tag will not trigger and the data will not be sent.
If you use Cloudflare and, like everyone else, have a specific country where spam traffic comes from (most of them are from Poland) - you can activate Bot Check for IP addresses from Poland.
This is a good solution, but only if you have no real visitors from the location of the spam traffic otherwise you will definitely affect the number of real visits from there.
You can make the Cloudflare route a bit more dynamic by combining it with threat score. So rather than challenging the whole of Poland, only challenge if from Poland and the threat score is significant enough:
You can add an exception trigger for your GA4 tags if the referral contains your spam domains. It is quite easy to do this:
For example: news.grets.store|static.seders.website|another.domain
Thus, the exception trigger will prevent the tags from working if the referral contains one of your spam domains and this data will not be included in GA4.
Some users suspect that bots automatically find their measurement id on pages and use it to send spam events from other resources.
In this case, you can on your web container in Google Tag and events use a random not real GA4 measurement id, and on the server overwrite it with a real one.
It's very easy to do:
So from the browser side it will not be possible to determine your real GA4 ID, but at the same time on the server it will be replaced with your real ID and the data will be sent to the correct GA property.
Note that this will not help you if spam traffic is generated by bots visiting your site, in which case you should also try to implement the previous options.
There is nothing stopping you from using not only one of the above options for limiting spam queries in GA4, but also their combinations or all of them at the same time.
If you use any other solutions for this - let us know in the comments and we'd be happy to add your option to this list.
Don't worry, we've got you covered! Click on Get help and we will send you a free quote.