Datadome
This documentation provides detailed information about our endpoints, parameters, and responses, designed to help you efficiently bypass Datadome's protection.
What is Datadome?
Datadome is an advanced bot management system that protects websites from various automated threats such as scraping, credential stuffing, and DDoS attacks at the application layer (layer 7). It identifies and blocks bots, sometimes resulting in false positives that can ban legitimate users, often based on factors like TLS fingerprints and the order of HTTP headers.
One of the major challenges posed by Datadome is its sensitive detection methods. It checks TLS signatures, which makes emulating genuine browser behavior crucial for bypassing it. It also closely monitors the sequence of headers in requests. As such, an effective bypass solution must carefully replicate a browser’s request patterns to evade detection.
To reduce the chances of being blocked, using a rotating proxy list is recommended. IP bans are a common issue, and rotating IPs can help minimize disruption. If you're interacting with websites using Datadome, you should also monitor for a specific cookie (datadome
) that indicates protection is in place. When the site detects suspicious behavior, it may challenge users with mechanisms like sliding captchas or interstitial pages.
How Datadome Works
In order to access a Datadome website under protection you may need on first join or after some requests to solve a challenge that will generate you a datadome
cookie that will garant you the access to the website for a certain amount of time. So if you see that a webite has a datadome
cookie, you can be sure that it's using Datadome.
Datadome-protected websites often issue challenges after a certain number of interactions. These challenges generate a datadome
cookie that allows further access to the site for a set period. Here's a breakdown of the two main challenges Datadome typically presents:
Datadome challenges
GeeTest (Sliding Captcha) This requires solving a sliding puzzle before access is granted
Interstitial Device Check This newer challenge verifies a user’s device, sometimes displaying a blank page or a "Verify your device" message.
Detecting Datadome Websites
When you try to access a website protected by Datadome, you may receive a response with a status code 403
and a body containing a strange html, let's take a look into it*
The imporant thing here is the dd
dict, that is used in order to build the challenge URL. Based on the rt
value you can already know what kind of challenge you are going to face:
i
- interstitialc
- captcha slide
*Keep in mind that some websites may uses custom implementation and may return a JSON or a different format of the HTML file.
Some websites using Datadome
Most of the tickets websites are using Incapsula to protect their website. Here are some examples of websites using Incapsula and the cookies/challenge they require:
Our API
Our API allows you to bypass the Datadome protection by solving the challenges and generating the datadome
cookie. You can use our API to automate the process of solving the challenges and access the protected websites without any hassle.
Last updated