# Bot filtering

Bot protection automatically filters out fake cart and checkout events generated by bots before they reach destinations like GA4 or Meta. The result: cleaner funnel data, more reliable attribution, and ad platforms that optimise on real users instead of headless traffic.

{% hint style="info" %}
Bot protection is event-level data quality filtering. It doesn't block bots from reaching your store, and it doesn't replace Shopify's storefront-level bot mitigation. The two complement each other.
{% endhint %}

## When to enable it

Turn this on if you're seeing:

* Sudden or unexplained spikes in Add to Cart or Checkout events
* GA4 metrics that look noisy or don't match what your store is actually doing
* Conversion patterns that don't line up with campaigns, merchandising, or site changes
* Evidence of headless or scripted traffic in your destination reports

If your reporting feels untrustworthy and the noise can't be explained by traffic sources, product launches, or paid spend, bots are a likely culprit.

## How to enable bot protection

{% stepper %}
{% step %}

#### Open Littledata

Open the Littledata dashboard from your Shopify admin.
{% endstep %}

{% step %}

#### Open a destination

Go to **Settings** for a connected integration, such as GA4 or Klaviyo.

<div align="left" data-with-frame="true"><figure><img src="/files/RWRCPCPsrNFfLmWPZmH5" alt=""><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

#### Open General

Open the **General** tab.
{% endstep %}

{% step %}

#### Turn Bot filtering on

Set **Bot filtering** to **ON**.

<div data-with-frame="true"><figure><img src="/files/HoQEnGiJ5GxvW98ksbgS" alt=""><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

#### Save

Click **Save** to apply the change.
{% endstep %}
{% endstepper %}

## How it works

### Event-level filtering

Detection happens at the individual event level rather than at the page or session level. This means it also catches direct spam calls to data destinations: bots that bypass your store entirely and fire events straight at a public GA4 measurement ID, Meta pixel, or similar endpoint are filtered just like bots that hit your storefront.

### Deterministic signals, minimal false positives

Classification is based on deterministic checks rather than probabilistic scoring or thresholds. An event is only flagged when a clear, reproducible set of conditions is met. This keeps false positives close to zero and avoids the unpredictability of rate-based or score-based bot detection.

### Flagged events are dropped, not forwarded

When an event is classified as bot traffic, Littledata drops it before forwarding. It does not reach GA4, Meta, Klaviyo, Google Ads, or any other connected destination, keeping your reporting and ad optimisation signals clean.

## What gets caught

* Headless bots that hit your store and fire fake Cart or Checkout activity
* Direct attacks against your destination endpoints, for example bots posting events straight to a public GA4 measurement ID without ever visiting the store
* Consistent volume attacks with a steady cadence
* Randomised or low-frequency, high-quantity attacks where timing alone wouldn't flag them

## What's out of scope

* Bots that fully simulate a real browser session
* Auto-checkout bots that complete real purchases (this is what Shopify's built-in bot protection covers)
* Event types other than Cart and Checkout

## FAQ

* **Will this drop events from real customers?**\
  The classification logic is deterministic and built around signals that real browser sessions almost always produce. Real shoppers, even those on strict privacy settings or with ad blockers, will not be filtered.
* **Does this affect events other than Cart and Checkout?**\
  No. Other events flow through unchanged.
* **Where can I see which events were filtered?**\
  Dropped bot events are not forwarded to destinations and won't appear in your GA4, Meta, or other reports. During the beta we monitor aggregate filter activity internally to validate accuracy.
* **Does this replace Shopify's bot protection?**\
  No. Shopify's bot protection prevents auto-checkout bots from completing purchases at the storefront. Littledata's bot protection prevents bot-generated events from contaminating your analytics and ad platform data. Most stores benefit from running both.
* **Can I disable it later?**\
  Yes. Turn **Bot filtering** off in that destination's **General** tab and save. Events then resume forwarding to that destination as normal.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.littledata.io/shopify/bot-protection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.