The modern web is full of bots. Start detecting them to better understand your traffic and optimize your Nuxt app for both human users and automated agents.
Nuxt Robots provides bot detection that works on both server and client side, from simple heuristics using HTTP header User-Agent checks to advanced client-side detection using BotD.
The module classifies bots into categories based on their intended purpose and trustworthiness. Trusted bots are legitimate services that respect robots.txt and provide value to websites, while untrusted bots include automation tools, scrapers, and potentially malicious crawlers.
Search engines that index content for public search results and respect standard web protocols.
googlebot, google.com/bot.htmlbingbot, msnbotSocial platforms that crawl content for link previews, cards, and social sharing features.
facebookexternalhit, facebook.comtwitterbot, twitterProfessional SEO and analytics services that provide legitimate website analysis and insights.
ahrefsbot, ahrefs.commj12bot, majestic12.co.uk/botAI companies and research organizations training models or providing AI-powered services.
gptbot, openai.comanthropicBrowser automation and testing frameworks that may be used for legitimate testing or malicious scraping.
selenium, webdriverplaywrightCommand-line HTTP clients and programmatic request libraries often used for automated data extraction.
curlpython-requests, pythonNetwork scanning and vulnerability assessment tools that may indicate malicious reconnaissance.
nmap, insecure.orgniktoDedicated web scraping frameworks designed for automated data collection.
scrapy, scrapy.orgscraperMissing a bot? Submit a quick PR :) View and contribute to bot definitions →
Since server-side detection only uses HTTP headers, detection can only work for bots that correctly identify themselves in the User-Agent header.
You can detect bots inside a Nitro route, middleware, or API handler.
import { getBotDetection } from '#robots/server/composables/getBotDetection'
export default defineEventHandler((e) => {
const detection = getBotDetection(e)
if (detection.isBot) {
return { message: `${detection.botName} bot detected`, category: detection.botCategory }
}
return { message: 'Human user' }
})
For full behavior, please consult the getBotDetection API docs.
When using bot detection in Nuxt, it will use the User-Agent header by default. You can optionally use the BotD fingerprinting library to detect advanced automation tools by setting fingerprint: true.
<script setup lang="ts">
import { useBotDetection } from '#robots/app/composables/useBotDetection'
const { isBot, botName, botCategory, trusted } = useBotDetection({
fingerprint: true, // detects using botd
})
</script>
<template>
<div v-if="isBot">
Bot detected: {{ botName }} ({{ botCategory }})
</div>
</template>
See the useBotDetection() API docs for full usage details.
When using fingerprint: true, the composable will load the BotD
library when the window is idle and perform client-side fingerprinting to detect advanced bots and automation tools.
This fingerprinting is computationally expensive for end users' CPUs, so you should be mindful of when you enable it. For example, you may consider only enabling it for sensitive pages where bot detection is critical.
That said, the composable aims to be performant and will cache the bot result in the user's local storage under the '__nuxt_robots:botd' key so it will only run once.
localStorage.getItem('__nuxt_robots:botd') // returns the cached bot detection result - used internally already
The properties returned from the composable are all refs. It's important to watch these for changes if you're using fingerprinting, as the results will not be immediately available when the composable is called.
import { useBotDetection } from '#robots/app/composables/useBotDetection'
import { watch } from 'vue'
const { isBot } = useBotDetection({
fingerprint: true,
})
watch(isBot, (detected) => {
if (detected) {
console.log(`Bot detected!`)
}
})
Alternatively you can use the onFingerprintResult callback to handle the result when fingerprinting completes.
import { useBotDetection } from '#robots/app/composables/useBotDetection'
const botd = useBotDetection({
fingerprint: true,
onFingerprintResult(result) {
// Fingerprinting completed
console.log('Detection result:', result)
},
})