Bots poison the data your search and personalisation learn from
Search ranking, merchandising, personalisation and CDP segments are trained on queries and clicks. Those systems learn from whoever generates the engagement. When a meaningful share of storefront traffic is automated, they learn from bots, and the damage looks like ordinary data.
Five ways the poisoning shows up
None of these announce themselves. Each one arrives as slightly wrong numbers that get trusted.
Fake trending queries
Scrapers that walk your search endpoint inject thousands of queries no human typed. Anything that ranks or suggests by query frequency, from trending searches to autosuggest, starts reflecting what the bots asked for.
Click-through distortion
Ranking systems trained on engagement treat clicks as votes. A crawler that methodically clicks through every result votes for everything equally, diluting the signal that separates what customers actually want from what merely exists.
Merchandising decisions on phantom demand
Product views inflated by catalogue crawlers read as interest. Teams reorder categories, boost products and write trading reports against demand that was a price harvester doing its rounds.
Segment and journey pollution in CDPs
Engagement platforms build segments and trigger journeys from behavioural events. Bots that execute JavaScript generate events like anyone else, entering segments, skewing counts, and in the worst case triggering automations aimed at customers who do not exist.
A/B tests that lie
Automated traffic rarely converts and does not distribute evenly across variants. Enough of it in an experiment moves uplift numbers, and decisions get made on arithmetic contaminated by clients that were never going to buy.
Why pixel-level bot filtering doesn't save you
Search and personalisation vendors filter known bots from their pixel data, and that is worth having. But a pixel shares the same blind spot as every tag: it observes JavaScript-executing clients and recognisable user agents. Scrapers that hit search URLs directly never fire it, and bots that run real browsers with clean user agents pass straight through. Filtering at the signal layer cannot see the traffic that never reached the signal layer.
The complete view exists in one place: the CDN, where every request is logged before any tag, pixel or integration runs. That is where automated traffic is measurable, attributable to networks, and stoppable.
Symptoms worth checking this week
- Trending or suggested queries that no customer would plausibly type
- Search analytics volume that grows while conversion from search falls
- Products with high views and near-zero add-to-basket across long periods
- Segments whose size jumps without a campaign to explain it
- Search endpoint origin load out of proportion to visible search usage
Stop it at the door, not in the data
On Salesforce B2C Commerce, Blankitt Edge reads the eCDN logs and shows the automated share of your traffic, ranks the offending networks, separates real crawlers from impostors, and puts a ready-to-apply eCDN WAF rule on every alert. Cleaner traffic in, cleaner signals for everything downstream: analytics, search, merchandising and personalisation alike.
Fair questions
Can bots really affect Bloomreach or other search and personalisation tools?
Any system trained on engagement signals learns from whoever generates the engagement. Search, merchandising and personalisation platforms, Bloomreach and Algolia and SFCC Einstein among them, rank and recommend using queries, clicks and product interactions. Vendors apply their own bot filtering to pixel data, but pixel-level filtering shares the tag blind spot: it sees JavaScript-executing clients and known user agents. The honest question to ask any vendor is which non-human traffic reaches their training data. The honest answer starts with knowing your automated share at the CDN layer.
Does robots.txt stop bots from hitting site search?
No. robots.txt is a request, not a control, and abusive scrapers ignore it by definition. Well-behaved crawlers like Googlebot generally respect it, which creates a perverse outcome: the polite bots stay out of your search endpoint while the abusive ones keep hammering it.
How do I tell if my search data is already polluted?
Look for the mismatch patterns: query volume rising while search conversion falls, trending terms no customer would type, high-view zero-basket products, and origin load on search endpoints out of line with visible usage. Then get the denominator: at the CDN layer, measure how much of your search-endpoint traffic is automated. On Salesforce B2C Commerce the eCDN logs plus Cloudflare bot scoring answer that directly.
Does Blankitt Edge integrate with Bloomreach?
It does not need to, and that is the point. Edge sits upstream at the CDN, where every request is visible before any pixel or integration fires. It detects the scrapers and abusive networks hitting your storefront, including search and category endpoints, and gives you the evidence and the eCDN WAF rule to stop them. Cleaner traffic in means cleaner signals for every downstream tool, Bloomreach included, with no integration to build or maintain.
What does Edge detect today around search abuse?
A dedicated search-abuse detector shipped in July 2026: per-network velocity on the search and suggestion endpoints against each network’s own baseline, bot-score gated, with Cloudflare-verified crawlers excluded so Googlebot can never trip it. It joins the 20+ detector set alongside path-level abuse detection, the offenders ranking, the bots-and-agents view, and the ready-to-apply eCDN rule on every alert.
Bloomreach, Algolia and Salesforce are trademarks of their respective owners. Blankitt is an independent product and is not affiliated with any of them. Corrections welcome at [email protected].