We are regularly seeing 404 errors (in the console of the users' browser) for "canary.css" and "canary.js".
I need to have the Bot Detector plugin enabled to support the Metrics Recorder and Social Media plugins, so I can't just deactivate it.
What can I do to stop the 404s?
If the URL is for canary.css and canary.js rather than P_BotDetector_Canary, then Bot Detector thinks that you have the CleanURLs plugin enabled and that your .htaccess is properly set up such that CleanURLs will work. Is it right about both of those things?
It would also aid debugging to know a bit more about the URL structure of your site. On which pages do the users see 404s, and are those pages accessed via a CleanURL? What are the URLs that 404 (not just the trailing component, but the whole thing; it's possible we've got an issue in how we handle relative paths). Feel free to anonymize your URLs (e.g., by replacing your domain with example.com) or email privately if you'd rather not post URL information publicly.