SaaSAnalytics
SaaSAnalytics

Shields

Filter unwanted traffic so your analytics reflect real users. Shields silently discard matching requests without affecting your site's functionality.

What are Shields?

Shields are per-website traffic filters that run at ingestion time. When a request matches a Shield rule, it is silently accepted (HTTP 200) but no session or event is recorded.

Clean data, not blocked users: Shields don't prevent anyone from using your site. They only prevent matching traffic from polluting your analytics data.

Common use cases include excluding your own IP address, filtering out crawler traffic, and blocking known spam referrers that inflate session counts.

How to access

1.

Open Settings

From your dashboard, click the settings icon next to your website name

2.

Navigate to the Shields section

In the left sidebar, click Shields

3.

Configure each filter

Each filter has its own Save button — changes take effect immediately

IP Blocking

Add specific IP addresses whose tracking requests should be silently ignored. This is most commonly used to exclude your own traffic while developing or testing your site.

How it works

  • Enter an IP address (e.g. 192.168.1.1) and click Add
  • Both IPv4 and IPv6 addresses are supported
  • The list is exact-match — CIDR ranges are not supported
  • Click Save to persist the blocked IP list
Find your IP: Visit whatismyip.com to find your current public IP address, then add it to the block list.

Country Filtering

Restrict which countries can contribute tracking data. Uses ISO 3166-1 alpha-2 codes (two uppercase letters).

Off

Default. All countries are tracked.

Allow only

Only requests from listed countries are recorded. All others are silently dropped.

Block

Requests from listed countries are silently dropped. All others are recorded.

Country code examples

USGBDEFRCAAUJPBR

Full list: ISO 3166-1 alpha-2 country codes

Bot Detection

Filter automated traffic by matching against User-Agent strings. Bots, crawlers, and headless browsers are common sources of fake sessions in analytics data.

Built-in patterns

Enable "Block known bots" to activate 13 built-in User-Agent substring patterns:

botcrawlspiderslurpheadlessphantomjsseleniumpuppeteerplaywrightwgetcurl/python-requestsgo-http-client

Any User-Agent containing one of these substrings (case-insensitive) will be filtered.

Custom UA patterns

Add your own User-Agent substrings in addition to the built-in list. Useful for blocking proprietary monitoring tools or internal automation.

Example: entering mymonitor will block any User-Agent containing "mymonitor"

Spam Referrer Filtering

Some domains send fake traffic with your site as the target, inflating session counts. Add known spam domains to filter them out.

How it works

  • Enter a domain substring (e.g. spam.com)
  • The tracker extracts the hostname from the referrer URL and checks if it contains your pattern
  • Matching is case-insensitive; www. prefixes are stripped automatically
  • Click Save to persist your referrer block list
Substring matching: Adding example will block referrers from example.com, sub.example.net, and any hostname containing "example". Be specific enough to avoid unintended matches.

Next steps

With clean data coming in, make the most of it:

  • Set up Goals to track conversions from your real users
  • Export your filtered data as CSV for reporting
  • Share your clean dashboard publicly via a Public Dashboard link