Bot filtering

Bot protection automatically filters out fake cart and checkout events generated by bots before they reach destinations like GA4 or Meta. The result: cleaner funnel data, more reliable attribution, and ad platforms that optimise on real users instead of headless traffic.

When to enable it

Turn this on if you're seeing:

• Sudden or unexplained spikes in Add to Cart or Checkout events

• GA4 metrics that look noisy or don't match what your store is actually doing

• Conversion patterns that don't line up with campaigns, merchandising, or site changes

• Evidence of headless or scripted traffic in your destination reports

If your reporting feels untrustworthy and the noise can't be explained by traffic sources, product launches, or paid spend, bots are a likely culprit.

How to enable bot protection

1

Open Littledata

Open the Littledata dashboard from your Shopify admin.

2

Open a destination

Go to Settings for a connected integration, such as GA4 or Klaviyo.

3

Open General

Open the General tab.

4

Turn Bot filtering on

Set Bot filtering to ON.

5

Save

Click Save to apply the change.

How it works

Event-level filtering

Detection happens at the individual event level rather than at the page or session level. This means it also catches direct spam calls to data destinations: bots that bypass your store entirely and fire events straight at a public GA4 measurement ID, Meta pixel, or similar endpoint are filtered just like bots that hit your storefront.

Deterministic signals, minimal false positives

Classification is based on deterministic checks rather than probabilistic scoring or thresholds. An event is only flagged when a clear, reproducible set of conditions is met. This keeps false positives close to zero and avoids the unpredictability of rate-based or score-based bot detection.

Flagged events are dropped, not forwarded

When an event is classified as bot traffic, Littledata drops it before forwarding. It does not reach GA4, Meta, Klaviyo, Google Ads, or any other connected destination, keeping your reporting and ad optimisation signals clean.

What gets caught

• Headless bots that hit your store and fire fake Cart or Checkout activity

• Direct attacks against your destination endpoints, for example bots posting events straight to a public GA4 measurement ID without ever visiting the store

• Consistent volume attacks with a steady cadence

• Randomised or low-frequency, high-quantity attacks where timing alone wouldn't flag them

What's out of scope

• Bots that fully simulate a real browser session

• Auto-checkout bots that complete real purchases (this is what Shopify's built-in bot protection covers)

• Event types other than Cart and Checkout

FAQ

• Will this drop events from real customers? The classification logic is deterministic and built around signals that real browser sessions almost always produce. Real shoppers, even those on strict privacy settings or with ad blockers, will not be filtered.

• Does this affect events other than Cart and Checkout? No. Other events flow through unchanged.

• Where can I see which events were filtered? Dropped bot events are not forwarded to destinations and won't appear in your GA4, Meta, or other reports. During the beta we monitor aggregate filter activity internally to validate accuracy.

• Does this replace Shopify's bot protection? No. Shopify's bot protection prevents auto-checkout bots from completing purchases at the storefront. Littledata's bot protection prevents bot-generated events from contaminating your analytics and ad platform data. Most stores benefit from running both.

• Can I disable it later? Yes. Turn Bot filtering off in that destination's General tab and save. Events then resume forwarding to that destination as normal.