Have your say in Community Polls: What was/is your greatest motivation to start your own business?

Strategies to block bots - does Shopify support these?

Strategies to block bots - does Shopify support these?

SouthQc
Visitor
3 0 0

Hello

 

We have noted a large spike in bot traffic, especially with Headless browsers. 

Is there any way to block incoming queries from headless browsers such as Puppeteer et al?   One key variable we can likely zero in onto is to lock outdated user agents.  These headless browsers are often not up to date, like a "real" human where there are generally forced browser updates. 

 

Any input or experience with this would be appreciated

 

 

URL for those who want to read up on this:

https://www.imperva.com/blog/seven-tips-to-protect-retail-businesses-this-holiday-season/

 

 

Reply 1 (1)

Olllie
Shopify Partner
100 9 17

Hey,

 

This is something I've been thinking about lately as well. Shopify Plus does have added bot protections. 

Here 

 

Here's what I've developed so far. While I can't completely stop bots from visiting the site, you can paste the code into theme.liquid right before the </head> tag to at least make life difficult for them once they get to the site.

 

The script checks for a few potential indicators commonly associated with headless browsers (such as Puppeteer), which a real user typically wouldn't exhibit. If any of these conditions are met, it redirects the bot to a /blocked page, which you can create just like any other Shopify page.

 

Feel free to use or modify it as you wish. I haven't overly tested this, so use at your own risk! 🙂  One challenge, is that some of these are flagged when customising your theme - because of course, that isn't a standard browser!

 

 

 

<script>
// Custom headless browser detection script designed by Ollie from autoBlogger, use however you like
  (function() {
    var isHeadless = false;

    // Function to check headless browser conditions
    function detectHeadless() {

      // Check for WebDriver property (common in headless browsers)
      if (navigator.webdriver) {
        return true;
      }

      // Check for Headless Chrome in the user agent string
      if (navigator.userAgent.includes("HeadlessChrome")) {
        return true;
      }

      // Check for missing or unusual window features typically absent in headless browsers
      if (!window.matchMedia) {
        return true;
      }

      // Ensure document.body exists before dispatching mouse events
      if (document.body) {
        // Test for mouse movement: Headless browsers might not trigger mouse events normally
        var mouseEvent = document.createEvent('MouseEvents');
        mouseEvent.initEvent('mousemove', true, true);
        document.body.dispatchEvent(mouseEvent);
        
        // If no mouse movement is detected (or prevented), it's likely headless
        if (mouseEvent.defaultPrevented) {
          return true;
        }
      }

      return true; // No headless browser indicators found
    }

    isHeadless = detectHeadless();

    if (isHeadless && window.location.href.indexOf('/blocked') === -1) {
      window.location.href = '/blocked';
    }
  })();
</script>

 

 

 

 

Ollie | Founder & Developer of autoBlogger

autoBlogger: Seamlessly scheduled, fully automated, AI-powered, and SEO-optimised blogging with a host of free extras! Start your 14-day free trial today!



Discover more at autoBlogger.bot!