Bot filtering
Antlytics keeps KPIs focused on human traffic. Most junk is dropped before it becomes a pageview — the tracker still gets HTTP 200, so scrapers learn nothing about filters.
What is filtered today (hard drops)
These never write an events row:
| Signal | Behaviour |
|---|---|
| Known bot / crawler / automation user-agents | Silent drop |
| Known spam referrer hosts | Silent drop |
Exclude-me cookie (antlytics_exclude=1) | Silent drop |
| Path-velocity abuse (too many distinct paths/hour) | Silent drop |
| Per-site shields (IP, country, path, referrer, hostname) | Silent drop |
| Ingest paused / hostname policy | Silent drop |
| Likely datacenter / cloud hosting client IPs (curated IPv4 ranges) | Silent drop |
Suspicious headers (empty User-Agent, or browser-like UA with no Accept / Accept-Language) | Silent drop |
| Platform rate limits | HTTP 429 (rare) |
Datacenter and header filters apply on the browser ingest path. Requests authenticated with a valid site server secret (Authorization: Bearer …, from Settings → Security) skip those two layers so trusted server-side callers in cloud environments are not blocked.
VPN or corporate-cloud exit IPs can occasionally match the datacenter list (same tradeoff as Plausible/Fathom). Use shields or server-side ingest if you need a carve-out; a per-site “relax datacenter filter” toggle is planned later.
See also Privacy behaviour and Usage & fair use.
Dashboard visibility
Open Settings → Shields for the selected site:
- Totals for the last 7 days by reason
- Counts only for traffic that was dropped (or rate-limited)
Counters use Redis when configured; local/dev without Redis shows empty stats.
What you can control
- Shields — block or allow IPs, countries, paths, referrers, hostnames
- Exclude my visits / Block my IP — stop counting your own traffic
- Pause ingest — stop accepting events for a site
- Site server secret — trusted server ingest bypasses hostname + datacenter/header filters
Platform rate limits (per IP and per site) are not customer-editable; use shields to tighten abuse controls.
Related
- Site reports — LLM-readable markdown of accepted traffic
- Dashboard overview
- First-party proxy — client IP forwarding for accurate shielding
- Ingest API — payload and filtering notes