Bot Protection

10-layer detection. Zero noise.

10-Layer Detection

Every request runs through 10 checks before it reaches your dashboard

Four checks run in the browser before any data is sent. Six more run server-side when the event arrives. If any single layer flags a request, it is blocked or tagged.

This is not a static blocklist. The system combines client-side signals like GPU rendering, browser languages, and execution timing with server-side checks like datacenter IP matching, fingerprint velocity, and interaction analysis.

Headless browsers caught by WebDriver detection before they send a single event
Distributed scrapers caught by fingerprint velocity: 100+ events from the same browser profile in 10 minutes
AI crawlers identified by user agent pattern matching across 79+ known bot signatures

Detection Pipeline

1 WebDriver detection navigator.webdriver

2 Software GPU check SwiftShader / llvmpipe

3 Browser language count languages = 0

4 Execution timing 0ms = automation

5 User agent patterns 79+ signatures

6 Datacenter IP ranges 3,430 CIDR ranges

7 Spam referrer filter 2,322 domains

8 Fingerprint velocity 100+/10min = blocked

9 Interaction analysis scroll + no interaction

10 Behavioral scoring mouse, scroll, input

Client-side (browser) Server-side (API)

AI Bot Tracking

Know exactly which AI bots crawl your site

Clickport identifies and catalogs 57 AI bots across three categories: live retrieval (ChatGPT, Claude, Perplexity searching your site in real time), search indexing (AI-powered search engines building their index), and model training (bots scraping content for training data).

The AI Crawlers section in your Bot Center shows which bots visited, how many requests they made, and when they last crawled. Separate from regular bot filtering so you always have visibility into AI activity.

See if GPTBot is training on your content, even if you blocked it in robots.txt
Track which AI search engines are indexing your pages for live answers
Monitor crawl frequency and volume per bot over time

Bot Protection Active

Learn more

1,232

bots blocked in last 30 days (44.9% of traffic)

AI Crawlers (447)

IndexSearch Indexing 396 ▼

TrainModel Training 51 ▼

meta-externalagent Meta 46

Bytespider ByteDance 5

Other Blocked Bots 764 ▼

Traffic Quality

16.8%

zero-engagement sessions (253 of 1,510)

Desktop 15.2% (107 of 702) ▼

LG (992-1199)27%

XL (1200-1399)15.7%

XXL (1400+)14.7%

Mobile 17.2% (129 of 751) ▼

XS (<576)17.3%

SM (576-767)14.3%

Tablet 29.8% (17 of 57) ▼

MD (768-991)11.1%

Hide detection sources

• 3,443 datacenter IPs

• 5,419 VPN ranges (whitelisted)

• 2,332 spam domains

• 129 bot UA patterns

Updated: 19/05/2026

Traffic Quality

A single score that tells you if your traffic is real

The Traffic Quality metric measures the percentage of sessions with zero engagement: no scroll, no clicks, minimal time on page. A low percentage means clean traffic. A high percentage means something is off.

Drill into the breakdown by device type and screen size. Bots that spoof mobile devices tend to cluster on specific resolutions. When you see 80% zero-engagement on one screen size but 12% on others, you have found the problem.

Green (<25%): healthy traffic. Most visitors are real.
Yellow (25-40%): worth investigating. Check sources and screen sizes.
Red (>40%): significant bot activity. Time to dig into sessions.

Traffic Quality

42.3%

zero-engagement sessions (3,847 of 9,103)

Desktop 11.2% (412 of 3,680)

Mobile 67.4% (3,289 of 4,881) ▼

XS (<576)89.1%

SM (576-767)17.8%

Tablet 8.4% (12 of 142)

Manual Controls

Flag, delete, or block. You stay in control.

Automated detection catches the majority, but sometimes you spot something the system missed. Open any session, review the journey, and flag it as a bot with one click. Flagged sessions are permanently excluded from all dashboards and metrics, retroactively.

Need to remove a session entirely? One click deletes it from the database. No events, no session row, no noise.

Flag a suspicious session: excluded everywhere, immediately, permanently
Delete a session entirely: complete removal from your data
Retroactive scope: flagged and deleted sessions disappear from historical numbers

Sessions

🇺🇸

/pricing → /features → /register

Chrome 124 · Desktop · 3:42 · Scroll 86%

🇷🇺

Chrome 119 · Desktop · 0:01 · Scroll 0%

🇩🇪

/blog/seo-guide → /blog/tracking

Firefox 126 · Desktop · 5:18 · Scroll 92%

🇨🇳

/wp-login.php

Python-urllib · Desktop · 0:00 · Scroll 0%

Always up to date, always fast.

Blocklist Infrastructure

3,430

Datacenter IP ranges

2,322

Spam referrer domains

79+

Bot UA patterns

5,430

VPN ranges whitelisted

Auto-refreshed weekly. 7-day cache TTL.

Blocklists

Curated and auto-refreshed

Datacenter IPs, spam referrers, and bot signatures are sourced from maintained community lists and updated automatically every week. VPN ranges are whitelisted separately so real users behind VPNs are never blocked.

Performance Impact

Tracker size (gzipped) < 2.2 KB

Signal overhead per event < 300 bytes

Client-side checks < 1 ms

Server-side detection < 0.5 ms

Lighthouse impact None

All detection runs inline with normal event processing. No extra requests, no external dependencies, no performance penalty.

Zero overhead

10 checks, zero performance cost

All bot detection runs inside the existing tracker and API pipeline. No additional scripts, no third-party services, no network requests. Your visitors never notice it.

Explore more features

Engagement

Separate real readers from noise

Scroll depth, time on page, and copy detection. Know who read your content.

Sessions

Inspect any visitor's journey

Full session timeline with pages, events, and engagement. Flag or delete suspicious sessions.

Privacy

Privacy is the architecture

No cookies, no consent banners, no personal data. GDPR-compliant from the first request.