Bot Detection power-up
Updated Sep 1, 2025
Overview
This power-up automatically checks whether each incoming request comes from a bot (e.g., referral spam, automated scripts). When enabled, it either blocks all requests from bots or adds two headers to every request:
- X-Device-Bot (returns true or false).
- X-Device-Bot-Score (a score ranging from 1 to 100, with 100 indicating a high likelihood of bot traffic).
By creating a Request Header variable for these headers in your sGTM container, you can use Bot Detection signals to filter out unwanted or suspicious hits, or simply block them altogether. For instance, you can prevent GA4 or other tags from firing if the request is identified as bot traffic.
Benefits of Bot Detection
- Cleaner analytics data - spammy bot traffic can inflate metrics, leading to inaccurate conversion rates, referral reports, and audience insights. If you filter out these hits, your analytics reports will reflect more accurate and reliable data based on real users.
- Enhanced security and fraud prevention - malicious bots can drive fraudulent clicks or artificially inflate traffic. Blocking suspicious requests at the server level helps protect your marketing budget from wasted ad spend.
- Ease of setup and maintenance - implementing robust bot detection often requires custom coding or third-party solutions. But the Bot Detection power-up seamlessly integrates with your existing Stape’s sGTM services, allowing you to enable, configure, and maintain bot filtering in a single platform.
How to set up the Bot Detection power-up
1. Log in to your stape.io account.
2. Select your sGTM container on the dashboard.
3. Click Power-ups, then click the Use button next to the Bot Detection panel.
4. Toggle the Bot Detection switch.
5. Select one of the options:
- Add request headers - the power-up will add bot detection request headers to incoming HTTP requests.
- Block requests from bots - the power-up will filter out requests to vendors (e.g. GA4 /collect or Data Tag /data). If you select this option and are using Custom Loader, make sure to activate the Prevent web GTM load toggle to prevent web GTM load for bot/spam traffic.
6. Click Save changes.
7. The Bot Detection power-up has been configured on Stape. Here is an example of how to use the power-up’s data to filter the bot traffic in Google Tag Manager:
1) Create a Variable on the sGTM container with the type Request Header and enter the name X-Device-Bot.
2) Use this variable as an additional condition in your GA4 trigger configuration on the server (or any other triggers where you want to limit the impact of bot traffic).
Testing Bot Detection
To verify that the Bot Detection power-up works correctly: open the server Google Tag Manager container preview → go to the Request tab → click on Incoming HTTP Request → click Show More in the Request Headers section. If you see the X-Device-Bot headers, everything is working properly.
If you're using the Block requests from bots option, you can use the Stape Logs feature to see filtered requests. You can filter blocked requests in Stape Logs by the 403 status code.
Comments