New: Hosted CDN tracker at /tracker.js 19 July 2026 · View changelog →
Antlytics logoAntlytics

Bot filtering

Antlytics keeps KPIs focused on human traffic. Most junk is dropped before it becomes a pageview — the tracker still gets HTTP 200, so scrapers learn nothing about filters.

What is filtered today (hard drops)

These never write an events row:

SignalBehaviour
Known bot / crawler / automation user-agentsSilent drop
Known spam referrer hostsSilent drop
Exclude-me cookie (antlytics_exclude=1)Silent drop
Path-velocity abuse (too many distinct paths/hour)Silent drop
Per-site shields (IP, country, path, referrer, hostname)Silent drop
Ingest paused / hostname policySilent drop
Likely datacenter / cloud hosting client IPs (curated IPv4 ranges)Silent drop
Suspicious headers (empty User-Agent, or browser-like UA with no Accept / Accept-Language)Silent drop
Platform rate limitsHTTP 429 (rare)

Datacenter and header filters apply on the browser ingest path. Requests authenticated with a valid site server secret (Authorization: Bearer …, from Settings → Security) skip those two layers so trusted server-side callers in cloud environments are not blocked.

VPN or corporate-cloud exit IPs can occasionally match the datacenter list (same tradeoff as Plausible/Fathom). Use shields or server-side ingest if you need a carve-out; a per-site “relax datacenter filter” toggle is planned later.

See also Privacy behaviour and Usage & fair use.

Dashboard visibility

Open Settings → Shields for the selected site:

  • Totals for the last 7 days by reason
  • Counts only for traffic that was dropped (or rate-limited)

Counters use Redis when configured; local/dev without Redis shows empty stats.

What you can control

  • Shields — block or allow IPs, countries, paths, referrers, hostnames
  • Exclude my visits / Block my IP — stop counting your own traffic
  • Pause ingest — stop accepting events for a site
  • Site server secret — trusted server ingest bypasses hostname + datacenter/header filters

Platform rate limits (per IP and per site) are not customer-editable; use shields to tighten abuse controls.

Related

Something missing? Get in touch and we will update these docs.