Bot protection heavily relies on the infrastructure your website/web app uses. For example, the anti-bot solution will look very difficult on NGinx Web server, as opposed to Microsoft IIS. Further, you might find yourself with tied hands if you’re using a kind of SaaS solution (for example, a Shopify store will be able to use only anti-bot protection offered by Shopify itself).
I would list 3 main types of bot protection:
Web / App Server plugin
Do you use any of those solutions? How effectively did they prove to be?