Hello, we use the Data Tag for anonymous tracking — sending data to the server and writing it directly to BigQuery (BQ streaming). We are sending all data with no consent condition set on the tag. When I compare it with GA4 data using Advanced Consent Mode, the numbers are much lower in BQ streaming. Since I am passing consent information as an event parameter in the Data Tag, I can confirm that consented data volumes match, but unconsented data is significantly lower in BQ streaming compared to Advanced Consent Mode in GA4. It is possible that the GA4 data contains bot traffic, as the denied traffic volume is quite high — but I cannot confirm this with certainty. Does the Data Tag have any built-in protection that could cause it to filter bot traffic or traffic from certain countries? Or you you have any idea what can cause the lower traffic (denied) with Data Tag when the trigger is the same and not limited for consent?
Additionally, we are considering whether bots might trigger the GA4 frontend tag but not the Data Tag — as the Data Tag relies on a fetch() call that headless browsers or crawlers might not execute consistently. Could this explain the gap in unconsented data between the two tracking methods?
Zuzana
Hello Zuzana!
To answer your question directly: the Data Tag / Data Client does not have any built-in bot filtering. We don’t filter or block any traffic on our side.
Your hypothesis about bots is likely correct; the Data Tag relies on a fetch() call, which headless browsers and crawlers often don’t execute, while the GA4 tag fires via a standard GTM snippet that many bots do trigger. This could explain why denied traffic volumes differ between both approaches.
To test this theory, you can implement the Bot Detection Power-Up. It adds X-Device-Bot and X-Device-Bot-Score headers to every request, which you can then use as conditions in your sGTM triggers to see exactly how much bot traffic is coming through.
Full setup guide here: Bot Detection Power-Up | Stape
Kind regards,
Mariia
Stape
Hello Mariia, thank you very much for clarification. But as I understand, this is specific Stape server function, if I have server set up via cloud run, I cant use it?
Hi Zuzana.
That’s correct, to use Bot Detection Power-Up method you’ll need to use Stape as the hosting provider for your server GTM container.
For non-Stape-specific methods, you can refer to our article, which describes other methods, such as Cloudflare bot detection: Bot Detection GA4: A Guide to Filtering Spam in Google Analytics 4