How We Detect AI Bots on Our Website: A Technical Deep-Dive

AI bots are crawling the web at unprecedented scale. GPTBot, ClaudeBot, Googlebot, and dozens of others visit millions of sites daily. Most site owners have no idea which bots visit, how often, or what they do. We built a detection system to find out. Here's how it works. Layer 1: User-Agent Detection The simplest approach: match user-agent strings against known bot signatures. We maintain a database of 30+ AI bot user-agents including GPTBot, ClaudeBot, CCBot, Bytespider, PetalBot, and others. This catches roughly 80% of known bots. The signatures are checked in Next.js middleware on every request, adding less than 1ms latency. Simple but effective. Layer 2: Behavioral Fingerprinting Some bots disguise their user-agent. We detect these through behavior: Request timing — bots are more regular than humans Header patterns — bots often omit Accept-Language TLS fingerprints — JA3/JA4 fingerprinting reveals bot clients Navigation patterns — bots don't scroll, hover, or generate mouse events

How We Detect AI Bots on Our Website: A Technical Deep-Dive

Related Articles

Rivian gets another $1B from Volkswagen

Uses for nested promises

Yes, you need a smart bird feeder in your life - and this one's on sale

Apple pulls the plug on its high-priced, oft-neglected Mac Pro desktop

Applying accessibility fixes with stealth for the greater good

Related Articles

News
Rivian gets another $1B from Volkswagen
TechCrunch • 1w ago

News
Uses for nested promises
Lobsters • 1w ago

News
Yes, you need a smart bird feeder in your life - and this one's on sale
ZDNet • 1w ago

News
Apple pulls the plug on its high-priced, oft-neglected Mac Pro desktop
Ars Technica • 1w ago

News
Applying accessibility fixes with stealth for the greater good
Lobsters • 1w ago