Bot detection

This power-up checks each incoming request and looks at signs that point to bot activity. It adds two headers to every request so you can see the result:

• X-Device-Bot (true or false)

• X-Device-Bot-Score (a score from 0 to 100)

The score helps you understand how suspicious the request is. A score between 50 and 75 means some signals look unusual, but we do not block the request because the checked parameters do not fully confirm bot behavior. A score above 75 means all parameters match bot activity, and the request is blocked if blocking is enabled.

You can also use these headers inside your server Google Tag Manager container to filter out unwanted traffic. For example, you can stop GA4 or other tags from firing when the request looks like bot traffic.

Benefits of Bot Detection power-up

​​1. More accurate analytics data

Bots can create fake visits to your website. This can:

• Make your traffic numbers look higher than they are.
• Show incorrect conversion rates and user behavior.
• Mislead your marketing decisions.

When you filter out bot traffic, your reports show data from real people, so you can trust your analytics.

2. Better security and protection from fraud

Some bots are harmful. They can click on your ads to waste your budget, overload your server with fake traffic, and try to access your data.

Bot Detection helps you detect these harmful requests early, so that you can plan your website and marketing spend safer.

3. Easy to set up and manage

Many bot detection tools need complex code, extra software, and ongoing maintenance.

The Bot Detection power-up works directly with Stape’s server-side GTM container. You can:

• Turn it on easily.
• Adjust settings in one place.
• Keep things running without extra tools.

How to set up the Bot Detection power-up

1. Log in to your stape.io account.

2. Select your sGTM container on the dashboard.

3. Click Power-ups, then click the Use button next to the Bot Detection panel.

4. Toggle the Bot Detection switch.

5. Select one of the options:

• Add request headers - the power-up will add bot detection request headers to incoming HTTP requests.
• Block requests from bots - the power-up will block bot requests to /collect (GA4) and /data (Data Tag) paths. If you select this option and are using Custom Loader, make sure to activate the Prevent web GTM load toggle to prevent web GTM load for bot/spam traffic.

Click Save changes.

6. The Bot Detection power-up has been configured on Stape. Here is an example of how to use the power-up’s data to filter the bot traffic in Google Tag Manager:

1) Create a Variable on the sGTM container with the type Request Header and enter the name X-Device-Bot.

2) Use this variable as an additional condition in your GA4 trigger configuration on the server (or any other triggers where you want to limit the impact of bot traffic).

Use cases of the power-up

• Filtering spam in GA4 with Stape's Bot detection power-up