Any user with Admin permissions can selectively manage and control what sessions are captured within Fullstory.
To supplement domain blocking, you also have the ability to add filters for client IP addresses and User-Agent strings.
Simply navigate to Settings > Data Capture and Privacy > Data Capture to add targeted exclusions. Exclusions need to be added one at a time (we don't accept comma separated lists).
Block IPs
Many customers want to omit traffic generated by their employees who work behind a shared IP address. When you add an IP address to the list under Settings > Data Capture and Privacy > Data Capture, any client browser with that IP address that visits your site won’t have Fullstory data captured. Additionally, to save time, you can add IP addresses in bulk from this same view.
You can wildcard (*) each part of the IP address, where each part is separated by "." (IPv4) or ":" (IPv6). For example, if you wanted to block both 192.168.1.2 and 192.168.1.17, you could simply supply 192.168.1.*.
In addition to blocking IP address by wildcard, Fullstory also supports CIDR IP notations for blocking purposes.
Block User-Agents
Robots and automated crawlers aren’t usually an issue for web applications that exist behind a log in. Many of our customers run Fullstory on public facing, content-rich sites, and robots can generate lots of unwanted sessions.
We automatically block a list of common bot user agents and you can manually add User-Agent strings to prevent these visits from generating sessions. If the string you specify is contained at all in the User-Agent reported by the robot when it visits, we won’t capture data.
Please note, especially when adding User-Agent strings manually, that User-Agent blocking is case-sensitive.
Here is the list of bots we block automatically:
- Googlebot
- Bingbot
- Slurp
- DuckDuckBot
- Baiduspider
- YandexBot
- Sogou
- Exabot
- facebot
- facebookexternalhit
- ia_archiver
- moatbot
- HeadlessChrome
- Pinterestbot
- Pingdom
- YandexRenderResourcesBot
- YandexMobileBot
- PetalBot
- DatadogSynthetics
- RuxitSynthetic
- AdsBot-Google
- AdsBot-Google-Mobile
- Google Web Preview
- Google-Ads-Conversions
- Google-Ads-Qualify
- Google-AdWords
- Google-Adwords-DisplayAds-WebRender
- Google-AdWords-Express
- Google-InspectionTool
- Google-PageRenderer
- Google-Read-Aloud
- Google-Safety
- Google-Structured-Data-Testing-Tool
- Storebot-Google
- Mediapartners-Google
Note: Common bot traffic is blocked by default for newly created accounts. However, there are times you may find it useful to watch sessions from bots to understand exactly how they interact with and consume resources on your site.
For example, this may be because they are using programmed monitoring services to ensure great uptime and catch user experience issues, or they may need to see how much robot traffic they are getting to hold a marketing partner accountable.
Admins can add or remove common bot traffic blocking in Settings > Data Capture.
You can find the User-Agent string for each session in the session replay view. At the top right of the screen, we'll show details under the user's name. Click on the browser and operating system to view the full User-Agent string.
It's important to note that the User-Agent details will only be available for a user during a session playback and not available on their main user card, since the details are specific to the session and can change as users log in from different browsers or machines.
After you've copied the User-Agent details, navigate to Settings > Data Capture & Privacy > Data Capture and select "Add blocked UA..." under the Blocked User-Agents section. From here, you can paste your selection to block visits by these robots.
Identifying Unwanted IP Addresses or User Agents
If you're unsure how to identify potentially harmful IP Addresses or User-Agents, using a dashboard card to monitor session volume by user dimension is a great way to start. Use this recipe as a guide to creating your own dimensionality card to monitor session volume by IP Address or User-Agent.