Incapsula / Imperva
This documentation provides detailed information about our endpoints, parameters, and responses, designed to help you efficiently bypass Incapsula's (known as Imperva) protection.
What is Incapsula (now Imperva)?
Incapsula is a Web Application Firewall that shields websites from attacks like DDoS, bot traffic, and other threats by scrutinizing web traffic and determining whether it is human or automated. It often requires specific cookies, such as reese84
or ___utmvc
, to allow access to the website.
How to Detect if a Website is Using Incapsula
Websites protected by Incapsula typically use these cookies to validate user sessions:
reese84: Required on many ticketing websites; generated via a valid encrypted payload.
___utmvc: A cookie that checks browser information and is often seen on sites that use Incapsula.
You can detect Incapsula protection by observing the presence of these cookies in the network requests. If the website serves an interstitial block or requires interaction with these cookies, it’s an indicator that the site uses Incapsula for security.
How Incapsula Works
When accessing an Incapsula-protected website, your request may be intercepted by the WAF. The site checks for the presence of the required cookies (reese84
, ___utmvc
). Without these, you’ll either be blocked or challenged. For example:
reese84 WAF: Requires both the
reese84
cookie and solving a captcha (such as GeeTest) to navigate the site.___utmvc WAF: In this case, a solved GeeTest captcha provides the necessary cookies to continue browsing.
Incapsula Cookies and Challenges
Incapsula uses two cookies to track users and allow access:
reese84 Cookie: This is generated using a valid payload. Without it, many websites will block your session.
___utmvc Cookie: This cookie validates browser-specific information .
If you encounter them on a website, it is protected by Incapsula / Imperva.
Incapsula WAF Challenges
Incapsula recently introduced a new WAF for Reese84's websites (that currently get a direct block), with a different type based on the GeeTest captcha. It is present only on some websites with the addition of either the ___utmvc
or reese84
cookie, for example, the SmythsToys website.
reese84 WAF
In case of a reese84 WAF, the website will require a new valid reese84 cookie and a solved GeeTest captcha.
___utmvc WAF
Unlike the other challenges, it requires only the GeeTest captcha token and will set you some incap_sh_xxx
cookies.
Detecting Incapsula-Protected Websites
A typical interaction with an Incapsula-protected website can involve these cookies or challenges. Depending on the site's configuration, you might be required to solve a GeeTest captcha or handle a direct block page that generates the necessary cookies.
Examples of Incapsula-Protected Websites
Many high-traffic and ticketing websites utilize Incapsula for security. These websites typically use reese84
or ___utmvc
cookies to protect their users, and examples include:
Many ticketing websites use Incapsula to protect their platforms. Here are some examples:
✅
✅
✅*
✅
✅
✅
✅
✅
*Only some Ticketmaster EU websites a reese84 WAF.
Last updated