# Incapsula / Imperva
## **What is Incapsula (now Imperva)?**
Incapsula is a Web Application Firewall that shields websites from attacks like DDoS, bot traffic, and other threats by scrutinizing web traffic and determining whether it is human or automated. It often requires specific cookies, such as `reese84` or `___utmvc`, to allow access to the website.
## **How to Detect if a Website is Using Incapsula**
Websites protected by Incapsula typically use these cookies to validate user sessions:
* **reese84**: Required on many ticketing websites; generated via a valid encrypted payload.
* **\_\_\_utmvc**: A cookie that checks browser information and is often seen on sites that use Incapsula.
You can detect Incapsula protection by observing the presence of these cookies in the network requests. If the website serves an interstitial block or requires interaction with these cookies, it’s an indicator that the site uses Incapsula for security.
## **How Incapsula Works**
When accessing an Incapsula-protected website, your request may be intercepted by the WAF. The site checks for the presence of the required cookies (`reese84`, `___utmvc`). Without these, you’ll either be blocked or challenged. For example:
* **reese84 WAF**: Requires both the `reese84` cookie and solving a captcha (such as GeeTest) to navigate the site.
* **\_\_\_utmvc WAF**: In this case, a solved GeeTest captcha provides the necessary cookies to continue browsing.
## **Incapsula Cookies and Challenges**
Incapsula uses two cookies to track users and allow access:
* **reese84 Cookie**: This is generated using a valid payload. Without it, many websites will block your session.
* **\_\_\_utmvc Cookie**: This cookie validates browser-specific information .
If you encounter them on a website, it is protected by Incapsula / Imperva.
### **Incapsula WAF Challenges**
Incapsula recently introduced a new WAF for Reese84's websites (that currently get a direct block), with a different type based on the [GeeTest captcha](https://www.geetest.com/). It is present only on some websites with the addition of either the `___utmvc` or `reese84` cookie, for example, the SmythsToys website.
#### reese84 WAF
In case of a reese84 WAF, the website will require a new valid reese84 cookie and a solved GeeTest captcha.
#### \_\_\_utmvc WAF
Unlike the other challenges, it requires only the GeeTest captcha token and will set you some `incap_sh_xxx`cookies.
## **Detecting Incapsula-Protected Websites**
A typical interaction with an Incapsula-protected website can involve these cookies or challenges. Depending on the site's configuration, you might be required to solve a GeeTest captcha or handle a direct block page that generates the necessary cookies.
### **Examples of Incapsula-Protected Websites**
Many high-traffic and ticketing websites utilize Incapsula for security. These websites typically use `reese84` or `___utmvc`cookies to protect their users, and examples include:
Many ticketing websites use Incapsula to protect their platforms. Here are some examples:
| Website | reese84 | \_\_\_utmvc | WAF |
| ---------------------------------------------------------------------------- | ------- | ----------- | --- |
| [ticketmaster.com](https://www.ticketmaster.com/) (and other US domains) | ✅ | | |
| [ticketmaster.co.uk](https://www.ticketmaster.co.uk/) (and other EU domains) | ✅ | | ✅\* |
| [tickets.rolandgarros.com](https://tickets.rolandgarros.com/) | | ✅ | |
| [smythstoys.com](https://www.smythstoys.com/) | ✅ | ✅ | ✅ |
| [eticketing.co.uk](https://www.eticketing.co.uk/) | ✅ | | |
\**Only some Ticketmaster EU websites a reese84 WAF.*