What Is a Honeypot Trap?
A honeypot trap is a detection technique that places hidden links or pages on your website that are invisible to human users (hidden via CSS display:none or placed off-screen) but visible to bots that parse the raw HTML. When a bot follows the hidden link, it reveals itself as an automated client, allowing you to identify and block it.
Why Honeypots Matter for Bot Detection
Honeypots catch bots that other detection methods miss. A sophisticated scraper may use a realistic user-agent string and mimic human request timing, but it will still follow hidden links that a real browser user would never see. Honeypots are a zero-false-positive detection method — legitimate users and well-behaved bots (which respect robots.txt Disallow on the honeypot path) never trigger them.
How to Set Up Honeypots
Create a hidden link in your HTML (CSS hidden, not visible), pointing to a dedicated honeypot URL. Block the honeypot URL in robots.txt (so legitimate bots avoid it). Log all requests to the honeypot URL. Any bot that requests it is ignoring robots.txt and following invisible links — clear evidence of scraping.
📖 Related Article: Identifying and Blocking Malicious Bots — Read our in-depth guide for practical examples and advanced techniques.
Analyze This in Your Own Logs
LogBeast parses, visualizes, and alerts on server log data — see crawl patterns, bot activity, and errors in seconds.
Try LogBeast Free