Skip to main content

Whitelisting the Cookiebot scanner

Comments

16 comments

  • webmaster

    Cookiebot support, can you please get in contact with Google and fix this?
    We all have to make filters and stuff to bann your monthly scanning from our Google Search Console listings.

    This is not ok.

    20
  • Roel Cuijpers

    Hi! The thing I'm doing now is creating a User Agent variable in GTM and using this to create a pageview trigger that checks for "Cookiebot" in the user agent variable. If this is the case, do not deploy the GA4 tag. Maybe it will help you along. 

    0
  • JImmy Dovholt

    We need you to set up your crawler to "do not track" or something when visiting sites. Not only Google Analytics are affected by this, but also the native analytics in Shopfy et al.

    11
  • George

    Cookiebot support, your IPs do not work for filtering traffic in Direct - GA4, when the scanner is running!!! Following all the filtering instructions, the bot traffic will still appear in GA4. What should I do about it?

    6
  • Béate Vervaecke

    It would be nice if a date of update was added to this page.
    Also: I didn't get a notice about the update on this page. 

    3
  • Hendrik Oostenenk

    Same for me, all above listed ip's are marked as internal_traffic, but google_analytics is still report spikes on the report day. 

    1
  • DS

    Beware, the list in this article is not up to date. Last week I noticed the following Cookiebot IP addresses in our server logs.

    • 147.243.91.141
    • 147.243.91.144
    • 147.243.91.150
    • 147.243.109.150
    • 147.243.100.178

    This list may still be incomplete, but those are the ones I was able to identify as Cookiebot from the User-Agent request header.

    1
  • DS

    @Cookiebot support: If users are not able to keep your bot out of analytics based on the IP address, you are forcing your users to follow @Roel Cuijpers' suggestion to exclude any analytics tags when Cookiebot crawls our websites. The side effect is that such tags will no longer be included in your scan report. If the report and cookie declaration are incomplete, then what is the point of having it?

    3
  • Malgorzata Gazda

    I have the same problem as George. Please let me know how to counteract this.

    0
  • Marcus Isherwood

    This really needs to get fixed. I have one client looking to remove Cookiebot now because of spikes in traffic, even after all these IP's are excluded

    2
  • Lukas

    It used to work fine, but after you expanded to 18 IP Adresses it does not anymore, maybe u have more IP's that are not listed here?

    Got the scan traffic in the GA4  both this month and the last month.

    1
  • Dorus Arts

    How do you identify this bot traffic being cookiebot? We do see spikes on screen resolution of 1024x786 every start of the month. 

    0
  • Advelo Łukasz Fajkis

    Hi. This is irritating to me too. Maybe you need to force cookiebot support using other methods. There is considerable competition on the market. I'm currently looking for something else, because their service in this context is embarrassing. They haven't been able to fix a simple mistake for over a year. The only thing they can do is issue invoices every month!

    1
  • Matus Szepesi

    We are experiencing traffic spikes as well.

    I have set up filtering by IP, by user agent on client side and on server side as well. 

    Our client did manual cookie scan, and we had experienced traffic spike

    Also we checked access logs, none of IP above was listed in access logs, and not even user agent string containing Cookiebot.

    0
  • 291E6263-CE06-4A81-BBD8-1533485EC63F

    Contacted support team on this issue as the boot traffic keep showing up in the GA4. No valid response in the last 3-4 weeks. Can someone confirm that IP  list is up to date? I've added IP addresses listed in the comments but Boot still showed up yestarday in my reports.
    Anyone can recommend different tool that can be filtered out form GA4?

    Thanks,

    1
  • Sascha

    Cookiebot: please fix this mess!

    The rules detailed on this page are not working. I added all IP addresses listed here (including the additional 5 in the comments - thanks for this) to the GA4 internal and data filters and also added a Blocking trigger for GA4 whenever the user_agent contains "cookiebot". For sanity checking, I also started sending user_agent as custom parameter. Now, I started a manual Scan to verify the settings.

    And then I see that the use_agent does not even include "cookiebot" (see screenshot). This is a rather low traffic site, so 99% of the hits that came in in the past 15 minutes are from the manually triggered Cookiebot scan.

    I have recommended Cookiebot to various of my clients for consent management, and am now dealing for months with them seeing traffic spikes in their analytics every month despite having these rules in place. And I go in every month again after they have another traffic spike to try to lock down GA4 tracking even more.

    And now I just figured out that what is written here does not actually apply.

    I'm seriously considering moving my clients to a different platform.

    9

Please sign in to leave a comment.