Bot detection

This power-up automatically checks whether each incoming request comes from a bot (e.g., referral spam, automated scripts). It can detect and block suspicious requests before they reach your server or analytics tools. When enabled, it adds two headers to every request: 

• X-Device-Bot (returns true or false)
• X-Device-Bot-Score (a score ranging from 1 to 100, with 100 indicating a high likelihood of bot traffic)

Next, by creating a Request Header variable for these headers in your sGTM container, you can leverage bot detection signals to filter out unwanted or suspicious traffic. For example, you can block GA4 or other tags from firing if the request is identified as bot traffic.

Benefits of Bot Detection power-up

​​1. More accurate analytics data

Bots can create fake visits to your website. This can:

• Make your traffic numbers look higher than they are.
• Show incorrect conversion rates and user behavior.
• Mislead your marketing decisions.

When you filter out bot traffic, your reports show data from real people, so you can trust your analytics.

2. Better security and protection from fraud

Some bots are harmful. They can click on your ads to waste your budget, overload your server with fake traffic, and try to access your data.

Bot Detection helps you detect these harmful requests early, so that you can plan your website and marketing spend safer.

3. Easy to set up and manage

Many bot detection tools need complex code, extra software, and ongoing maintenance.

The Bot Detection power-up works directly with Stape’s server-side GTM container. You can:

• Turn it on easily.
• Adjust settings in one place.
• Keep things running without extra tools.

How to set up the Bot Detection power-up

1. Log in to your stape.io account.

2. Select your sGTM container on the dashboard.

3. Click Power-ups, then click the Use button next to the Bot Detection panel.

4. Toggle the Bot Detection switch.

5. Select one of the options:

• Add request headers - the power-up will add bot detection request headers to incoming HTTP requests.
• Block requests from bots - the power-up will block bot requests to /collect (GA4) and /data (Data Tag) paths. If you select this option and are using Custom Loader, make sure to activate the Prevent web GTM load toggle to prevent web GTM load for bot/spam traffic.

Click Save changes.

6. The Bot Detection power-up has been configured on Stape. Here is an example of how to use the power-up’s data to filter the bot traffic in Google Tag Manager:

1) Create a Variable on the sGTM container with the type Request Header and enter the name X-Device-Bot.

2) Use this variable as an additional condition in your GA4 trigger configuration on the server (or any other triggers where you want to limit the impact of bot traffic).

Use cases of the power-up

• Filtering spam in GA4 with Stape's Bot detection power-up