Skip to main content
Skip table of contents

How do I detect and exclude robots / abnormal traffic?

There is no easy way to officially attest that it’s bot traffic. However, some signs may warn you:

  • 1 page view per visit only

  • no time spent per visit (0 seconds) or abnormally low time spent (for example, a few seconds across many visits)

  • 1 unique visitor = 1 visit

  • source = Direct traffic only (often with no referrer URL)

  • sudden peak on a given day/hour (or other unnatural “burst” patterns)

  • consistent device/browser patterns (for example, the same device type and browser repeated across a large volume of visits)

  • unusual ISP / connected organization (for example, data centers or hosting providers)

  • unexpected geography (for example, traffic from an unrelated country or an unusual city compared to your normal audience)

Try to target the bot activity as much as possible:

  • which page(s) is/are targeted (for example, a single entry page with no clear reason)?

  • which browser and/or operating system?

  • which city/country?

  • which organization/ISP?

What Piano already excludes automatically

Piano relies on industry-standard bot identification signals, including the IAB/ABC International Spiders and Bots List (updated frequently), to exclude known bots based on identifiers such as user-agent, IP address, and/or network information.

In addition, extremely abnormal traffic can be automatically flagged as non-human. For example, visits generating more than 250,000 events are automatically detected and treated as bot traffic.

Because new crawlers and automation sources appear regularly, not all non-human traffic is immediately covered by standard lists—especially when bots spoof common browsers or vary their patterns.

Excluding suspicious traffic

Data Management rule

Most of the time, traffic can be excluded via a Data Management exclusion rule based on a combination of criteria. It’s easiest to use this method if the bot uses an old/unusual browser version and/or if the bot is located in an unusual city (i.e., some small US town while all the site traffic is located in France).

Most common properties that can be used:

  • city

  • organisation (connected organization / ISP)

  • user agent

Additional properties (such as operating system or device category) can help refine exclusions to reduce the risk of filtering legitimate users.

Important considerations

  • Exclusions are not retroactive: they apply to events collected after the rule is created.

  • If you need historical data corrected, you may need a data regeneration request, please contact Support Team (this is generally a paid service).

  • Use caution: overly broad rules (for example, excluding an entire city or country) may remove legitimate traffic.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close