Discuss and resolve questions on Liquid, JavaScript, themes, sales channels, and site speed enhancements.
Hello
We have noted a large spike in bot traffic, especially with Headless browsers.
Is there any way to block incoming queries from headless browsers such as Puppeteer et al? One key variable we can likely zero in onto is to lock outdated user agents. These headless browsers are often not up to date, like a "real" human where there are generally forced browser updates.
Any input or experience with this would be appreciated
URL for those who want to read up on this:
https://www.imperva.com/blog/seven-tips-to-protect-retail-businesses-this-holiday-season/
Hey,
This is something I've been thinking about lately as well. Shopify Plus does have added bot protections.
Here's what I've developed so far. While I can't completely stop bots from visiting the site, you can paste the code into theme.liquid right before the </head> tag to at least make life difficult for them once they get to the site.
The script checks for a few potential indicators commonly associated with headless browsers (such as Puppeteer), which a real user typically wouldn't exhibit. If any of these conditions are met, it redirects the bot to a /blocked page, which you can create just like any other Shopify page.
Feel free to use or modify it as you wish. I haven't overly tested this, so use at your own risk! 🙂 One challenge, is that some of these are flagged when customising your theme - because of course, that isn't a standard browser!
<script>
// Custom headless browser detection script designed by Ollie from autoBlogger, use however you like
(function() {
var isHeadless = false;
// Function to check headless browser conditions
function detectHeadless() {
// Check for WebDriver property (common in headless browsers)
if (navigator.webdriver) {
return true;
}
// Check for Headless Chrome in the user agent string
if (navigator.userAgent.includes("HeadlessChrome")) {
return true;
}
// Check for missing or unusual window features typically absent in headless browsers
if (!window.matchMedia) {
return true;
}
// Ensure document.body exists before dispatching mouse events
if (document.body) {
// Test for mouse movement: Headless browsers might not trigger mouse events normally
var mouseEvent = document.createEvent('MouseEvents');
mouseEvent.initEvent('mousemove', true, true);
document.body.dispatchEvent(mouseEvent);
// If no mouse movement is detected (or prevented), it's likely headless
if (mouseEvent.defaultPrevented) {
return true;
}
}
return true; // No headless browser indicators found
}
isHeadless = detectHeadless();
if (isHeadless && window.location.href.indexOf('/blocked') === -1) {
window.location.href = '/blocked';
}
})();
</script>
autoBlogger: Seamlessly scheduled, fully automated, AI-powered, and SEO-optimised blogging with a host of free extras! Start your 14-day free trial today!
As 2024 wraps up, the dropshipping landscape is already shifting towards 2025's trends....
By JasonH Nov 27, 2024Hey Community! It’s time to share some appreciation and celebrate what we have accomplis...
By JasonH Nov 14, 2024In today’s interview, we sat down with @BSS-Commerce to discuss practical strategies f...
By JasonH Nov 13, 2024