How to Block Referral Traffic in Google Analytics 4
Seeing strange or unexpected websites in your Google Analytics 4 referral report can scramble your data and make it hard to understand what’s actually working. This guide will walk you through exactly how to identify harmful referral traffic and block it, so you can trust your analytics again.
What is Referral Traffic?
Referral traffic is a simple concept: it’s the segment of your website visitors who arrive by clicking a link on another website rather than coming directly or from a search engine. Think of it as a digital word-of-mouth recommendation.
For example, if a popular blog reviews your product and includes a link to your store, every visitor who clicks that link will be counted as referral traffic from that blog. In a perfect world, all your referral traffic would be from legitimate sources like:
- Blogs or news articles that mention your business.
- Partner websites that you collaborate with.
- Social media sites where users share your content (though GA4 is smart enough to categorize most major social networks under "Organic Social," some may still appear as referrals).
- Review sites and directories where your business is listed.
This kind of traffic is valuable because it’s often highly qualified. The visitor has a demonstrated interest in what you offer, as they were just on a related site. Properly analyzing this data helps you understand which blogs, partners, and media placements are driving real engagement and conversions.
Why You Need to Block Some Referral Traffic
Not all referral traffic is good. In fact, some of it can be actively harmful to your data integrity, throwing off key metrics and leading you to make poor business decisions. The main culprits are referral spam, payment gateway redirects, and self-referrals.
1. Referral Spam
Referral spam is a black-hat SEO tactic where bots generate fake visits to your website. These aren't real people visiting your site, they are automated programs that ping your tracking code to make it look like you received a visit from their spammy domain.
Why do they do this? Their goal is to get their URL to appear in your analytics reports. They hope you'll get curious, see their domain name in your reports, and visit their site. It’s a trick to get your attention.
This "ghost traffic" has several negative effects:
- Inflated Session Counts: It makes you think you have more traffic than you actually do, giving you a false sense of performance.
- Skewed Engagement Metrics: Since these bots usually visit one page and leave instantly, they result in near-0 second session durations and 100% bounce rates. This drags down your site-wide engagement averages.
- Misleading Conversion Data: The spam traffic obviously never converts, which can dilute your overall conversion rate and make your genuine marketing efforts look less effective than they are.
Free PDF Guide
AI for Data Analysis Crash Course
Learn how to get AI to do data analysis for you — the best tools, prompts, and workflows to go from raw data to insights without writing a single line of code.
2. Payment Gateway Referrals
This is an equally frustrating but much less malicious issue. If you run an e-commerce store, a customer’s journey might look like this:
Clicks a Google Ad > Visits your product page > Adds to cart > Clicks "Checkout with PayPal" > Is redirected to paypal.com to log in > Confirms payment > Is redirected back to your "Thank You" page.
When the user returns from paypal.com to your thank you page, Google Analytics 4 can mistakenly see this as a new session starting, with PayPal as the referring source. GA4 registers "paypal.com" as the source that led to the purchase, completely ignoring the Google Ad that actually started the journey. This breaks your marketing attribution and makes it impossible to know which of your campaigns are actually driving sales. A properly configured setup tells your customer's journey and gives accurate data which shows which campaigns are giving a strong result.
Common examples of payment gateways that cause this issue include PayPal, Stripe, and other third-party payment processors.
3. Self-Referrals
Have you ever seen your own domain (e.g., yourdomain.com) listed as a top referring source? This is a "self-referral," and it's a clear signal of a tracking setup issue.
It typically happens when a user moves between different subdomains on your site (like from blog.yourdomain.com to www.yourdomain.com) or if your GA4 tracking isn't configured correctly across all pages. Just like with payment gateways, a self-referral can create a new session mid-visit, breaking the original traffic source and crediting the "sale" or "conversion" to itself. This makes it impossible to track the true user journey and understand how people initially discovered your site.
How to Find Unwanted Referral Traffic in GA4
Before you can block bad referrals, you need to find them. The process is straightforward and takes just a few clicks inside your Google Analytics 4 property.
Step 1: Navigate to the Traffic Acquisition Report In your GA4 dashboard, go to the left-hand navigation panel and click on Reports > Acquisition > Traffic acquisition.
Step 2: Look for Your Referral Sources The report that loads shows your traffic grouped by source/medium. In the table below the charts, look for sources that are obviously spam, like URLs with strange names you don't recognize or domains that seem completely unrelated to your business. Common spam referrers will often have domain names designed to grab your attention like “seo-scam-website.com” or variations of button, traffic and share-related domains designed to confuse you.
Pay close attention to the engagement metrics for each source. Spam traffic almost always has:
- A very low number of engaged sessions.
- An average engagement time of 0m 00s.
- Only 1 or 2 users, but a disproportionately high session count.
Also, keep an eye out for payment gateways like paypal.com or checkout.stripe.com. If you see these listed with conversions next to them, you definitely have a problem with referral exclusion.
How to Block Unwanted Referrals in GA4
Thankfully, Google Analytics 4 has a built-in feature to solve this problem. It’s called “List unwanted referrals.” Here is how you can set it up step-by-step.
Important Note: This feature does not affect your historical data. It will only block and filter the specified domains from your reports moving forward.
Step 1: Go to Your Admin Settings
Click on the gear icon labeled Admin at the bottom of the left-hand menu.
Step 2: Access Your Data Stream
In the "Property" column, make sure you have the correct GA4 property selected. Then, click on Data Streams and select your website's data stream (it will be your domain’s URL).
Step 3: Configure Tag Settings
On the next screen, scroll down to the "Google tag" section and click on Configure tag settings.
Step 4: Find the Unwanted Referrals List
In the "Settings" menu, click Show more to expand all available options. Then, click on List unwanted referrals.
Step 5: Add the Domains to Your Exclusion List
You’re now on the exclusion page. Here, you’ll add rules to tell GA4 which domains to ignore as referring sources. Here's a walkthrough of how simple conditions work when adding referral rules in GA4:
- Under "Match type," select from a simplified number of match conditions:
- Once you’ve selected your match type and entered the domain, click the blue "Add Condition" button on the right side followed by a click on "Save" to confirm it.
Let's block:
- Enter Paypal.com for the “Domain”, ensuring the referral sessions driven by PayPal will no longer be considered as a new session, which allows GA4 to maintain its original transaction and source.
- Enter a known spam referrer like Semalt.com.
Hit That Blue “Save” Button!
With your new conditions set up, go to the top of the screen on the far right, click save, and you’re all done. 🥳
That's it! Going forward, Google Analytics won’t count these websites as a referral source when they are blocked.
Best Practices for Maintaining Clean Referral Data
Blocking unwanted referrals isn't a "set it and forget it" task. To keep your data clean over the long term, adopt these best practices.
Free PDF Guide
AI for Data Analysis Crash Course
Learn how to get AI to do data analysis for you — the best tools, prompts, and workflows to go from raw data to insights without writing a single line of code.
1. Conduct Regular Audits
New spam referrers pop up all the time. Schedule a quick check of your Traffic Acquisition report at least once a month. Sort by "Referral" and scan for any new, suspicious domains with poor engagement metrics. Add any new offenders to your unwanted referrals list immediately.
2. Configure Your Domains Correctly
To fix self-referrals, make sure you configure your site domains correctly in GA4. In the same Configure tag settings menu where you found "List unwanted referrals", there's another option just above it called Configure your domains. Here, you should list all the domains that are part of your business website (e.g., yoursite.com, blog.yoursite.com, shop.yoursite.com). This tells GA4 that traffic moving between these domains is part of the same user journey and prevents it from creating a new session.
3. Use Advanced Blocking for Severe Spam
If you are being hit with a very high volume of spam bots, the GA4 exclusion list might not be enough. The bots are still hitting your server, which consumes resources and can slightly slow down your website. In these severe cases, a more technical solution is blocking the spam bots at the server level using your .htaccess file. This involves adding rules that deny access to your site from specific IP addresses or referrer domains, stopping the bots before they can even load your GA4 tag. This is a more advanced technique and should be done carefully to avoid accidentally blocking legitimate traffic.
Final Thoughts
By regularly auditing your referral traffic and using Google Analytics 4's built-in tools, you can filter out the noise from spam bots, payment gateways, and self-referrals. This ensures your data is clean, accurate, and reflects the true performance of your marketing channels, empowering you to make smarter decisions.
Getting your data clean is the first step, but the real challenge is quickly turning that data into usable insights. At Graphed, we help you skip the manual reporting. We connect to analytics and all your marketing data sources - from GA4 to Facebook Ads, and instantly you get dashboards showing what campaigns performed well, helping to save businesses a lot of valuable capital. You ask questions in plain English, and Graphed builds instant visualizations, freeing you to focus on strategy for the campaign, not spreadsheets.
Related Articles
AI Agents for Marketing Analytics: The 10 I Actually Use (And How They Work)
A practitioner guide to AI agents for marketing analytics — 10 agents I actually run, what makes analytics agents different, pitfalls, and how to start.
How to Build AI Agents for Marketing: A Practitioner's Guide From Someone Who Actually Ships Them
How to build AI agents for marketing in 2026 — a practitioner guide from someone who has shipped a dozen, with the lessons that actually cost time.
AI Agents for SEO and Marketing: What I've Actually Built and Shipped in 2026
A practitioner-tested guide to AI agents for SEO and marketing — the 8 agents we actually run at Graphed, what works, and where they quietly fail.