Incapsula / Imperva

This documentation provides detailed information about our endpoints, parameters, and responses, designed to help you efficiently bypass Incapsula's (known as Imperva) protection.

What is Incapsula (now Imperva)?

Incapsula is a Web Application Firewall that shields websites from attacks like DDoS, bot traffic, and other threats by scrutinizing web traffic and determining whether it is human or automated. It often requires specific cookies, such as reese84 or ___utmvc, to allow access to the website.

How to Detect if a Website is Using Incapsula

Websites protected by Incapsula typically use these cookies to validate user sessions:

reese84: Required on many ticketing websites; generated via a valid encrypted payload.
___utmvc: A cookie that checks browser information and is often seen on sites that use Incapsula.

You can detect Incapsula protection by observing the presence of these cookies in the network requests. If the website serves an interstitial block or requires interaction with these cookies, it’s an indicator that the site uses Incapsula for security.

How Incapsula Works

When accessing an Incapsula-protected website, your request may be intercepted by the WAF. The site checks for the presence of the required cookies (reese84, ___utmvc). Without these, you’ll either be blocked or challenged. For example:

reese84 WAF: Requires both the reese84 cookie and solving a captcha (such as GeeTest) to navigate the site.
___utmvc WAF: In this case, a solved GeeTest captcha provides the necessary cookies to continue browsing.

Incapsula Cookies and Challenges

Incapsula uses two cookies to track users and allow access:

reese84 Cookie: This is generated using a valid payload. Without it, many websites will block your session.
___utmvc Cookie: This cookie validates browser-specific information .

If you encounter them on a website, it is protected by Incapsula / Imperva.

Incapsula WAF Challenges

Incapsula recently introduced a new WAF for Reese84's websites (that currently get a direct block), with a different type based on the GeeTest captcha. It is present only on some websites with the addition of either the ___utmvc or reese84 cookie, for example, the SmythsToys website.

reese84 WAF

In case of a reese84 WAF, the website will require a new valid reese84 cookie and a solved GeeTest captcha.

___utmvc WAF

Unlike the other challenges, it requires only the GeeTest captcha token and will set you some incap_sh_xxxcookies.

Detecting Incapsula-Protected Websites

A typical interaction with an Incapsula-protected website can involve these cookies or challenges. Depending on the site's configuration, you might be required to solve a GeeTest captcha or handle a direct block page that generates the necessary cookies.

Examples of Incapsula-Protected Websites

Many high-traffic and ticketing websites utilize Incapsula for security. These websites typically use reese84 or ___utmvccookies to protect their users, and examples include:

Many ticketing websites use Incapsula to protect their platforms. Here are some examples:

Website

reese84

___utmvc

WAF

ticketmaster.com (and other US domains)

✅

ticketmaster.co.uk (and other EU domains)

✅

✅*

tickets.rolandgarros.com

✅

smythstoys.com

✅

eticketing.co.uk

✅

*Only some Ticketmaster EU websites a reese84 WAF.

PreviousCommon Errors & Troubleshooting Nextreese84 Bypass Solution

Last updated 4 months ago