new-site

History

justin f481a1d13c analytics: filter email-scanner / headless traffic out of Umami stats Email security gateways (Microsoft Defender Safe Links / ATP, Proofpoint, Mimecast, Barracuda, etc.) auto-fetch and often render every link in a campaign email to scan for malware. The advanced ones drive a real headless browser, execute JS, and fire Umami pageviews/clicks that masquerade as human visits -- inflating campaign click-through. New site/public/js/pw-bot-filter.js queries multiple real-browser signals and gates Umami via its official data-before-send hook (umamiBeforeSend), dropping all events when the visitor is a bot. Signals (from empirical chromium probing): decisive: navigator.webdriver, HeadlessChrome UA, known scanner UAs, zero/ collapsed screen\|viewport\|outer geometry, window LARGER than the physical screen (impossible on real HW; uses outerW/H so page zoom does not false-positive), software GPU rasterizer (SwiftShader/ llvmpipe/swrast via WebGL UNMASKED_RENDERER), zero logical CPUs. soft (>=2 to trip): tiny screen, inner>screen, low color depth, empty navigator.languages, no input device (no fine/coarse pointer + no hover + 0 touch), no WebGL on a desktop UA. Designed to FAIL OPEN: only strong/corroborated evidence suppresses, so real visitors (incl. zoomed, privacy-tooled, remote-desktop, kiosk) still count. Wired before the Umami tag in Base.astro (Astro pages) and all 86 static public/*/.html pages; both load with defer so order is guaranteed and the hook is defined before Umami reads it. Tested end-to-end with chromium (site/tests/bot-filter.test.sh, 4/4): default headless-new, spoofed-Windows-UA + normal 1366x768 window, and spoofed-UA + 1x1 window are all caught; hook returns null to drop the event.	2026-06-18 02:02:34 -05:00
..
index.html	analytics: filter email-scanner / headless traffic out of Umami stats	2026-06-18 02:02:34 -05:00

justin f481a1d13c analytics: filter email-scanner / headless traffic out of Umami stats

Email security gateways (Microsoft Defender Safe Links / ATP, Proofpoint,
Mimecast, Barracuda, etc.) auto-fetch and often render every link in a
campaign email to scan for malware. The advanced ones drive a real headless
browser, execute JS, and fire Umami pageviews/clicks that masquerade as human
visits -- inflating campaign click-through.

New site/public/js/pw-bot-filter.js queries multiple real-browser signals and
gates Umami via its official data-before-send hook (umamiBeforeSend), dropping
all events when the visitor is a bot. Signals (from empirical chromium probing):
  decisive: navigator.webdriver, HeadlessChrome UA, known scanner UAs, zero/
            collapsed screen|viewport|outer geometry, window LARGER than the
            physical screen (impossible on real HW; uses outerW/H so page zoom
            does not false-positive), software GPU rasterizer (SwiftShader/
            llvmpipe/swrast via WebGL UNMASKED_RENDERER), zero logical CPUs.
  soft (>=2 to trip): tiny screen, inner>screen, low color depth, empty
            navigator.languages, no input device (no fine/coarse pointer + no
            hover + 0 touch), no WebGL on a desktop UA.
Designed to FAIL OPEN: only strong/corroborated evidence suppresses, so real
visitors (incl. zoomed, privacy-tooled, remote-desktop, kiosk) still count.

Wired before the Umami tag in Base.astro (Astro pages) and all 86 static
public/**/*.html pages; both load with defer so order is guaranteed and the
hook is defined before Umami reads it.

Tested end-to-end with chromium (site/tests/bot-filter.test.sh, 4/4):
default headless-new, spoofed-Windows-UA + normal 1366x768 window, and
spoofed-UA + 1x1 window are all caught; hook returns null to drop the event.

2026-06-18 02:02:34 -05:00

index.html

analytics: filter email-scanner / headless traffic out of Umami stats

2026-06-18 02:02:34 -05:00