# Datadome

This documentation outlines the technical specifications for our API endpoints, request parameters, and response formats, enabling you to effectively navigate around Datadome's security measures.

Datadome is a Layer 7 security system that protects websites from automated threats like scraping, credential stuffing, and DDoS attacks by identifying and blocking bots based on factors including TLS fingerprints and HTTP header order, which can sometimes lead to false positives blocking legitimate users.

To effectively bypass Datadome, it's crucial to emulate genuine browser behavior, particularly in replicating TLS signatures and the sequence of HTTP headers. Using a rotating proxy list is recommended to minimize disruptions from IP bans. Additionally, monitoring for the presence of the datadome cookie can indicate when protection is active, and being aware of potential challenges like sliding captchas or interstitial pages triggered by suspicious activity detection can help navigate these security measures.

When accessing a website protected by Datadome, you may initially encounter a challenge (e.g., after first connection or subsequent requests) that, upon completion, yields a datadome cookie. This cookie grants temporary access to the website. Notably, the presence of this cookie serves as a reliable indicator that Datadome's protection is indeed in place for that particular site.

Websites secured by Datadome commonly trigger verification processes after multiple interactions. Successfully completing these challenges results in the issuance of a datadome cookie, which temporarily unlocks website access for a predefined duration.

To gain website access, users must successfully solve a dynamic sliding puzzle presented by Datadome's security system. This challenge requires interactive engagement, where users are tasked with rearranging puzzle pieces in a specific sequence to complete the verification process. Notably, puzzle layouts and solutions may vary with each new challenge instance.

Datadome's device verification challenge authenticates a user's device before granting website access. Upon triggering this security measure, users may encounter a temporary blank page or a explicit "Verify your device" notification. This intermediate step validates the device's legitimacy, ensuring only authorized access to the protected website, after which the datadome cookie is issued, allowing for a predefined period of uninterrupted browsing.

When attempting to access a Datadome-secured website, you may receive an HTTP response with a 403 Status Code, indicating forbidden access. The response body often contains unusual HTML content, which warrants closer examination to understand the underlying security mechanism.

To detect if a website is protected by Datadome, you can check if the website returns a datadome cookie in the response headers. If the cookie is present, it indicates that Datadome's protection is active for that particular site.

<html>
<head>
  <title>footlocker.pt</title>
  <style>
    #cmsg {
      animation: A 1.5s;
    }
  </style>
</head>
<body style="margin:0">
  <p id="cmsg">Please enable JS and disable any ad blocker</p>
  <script data-cfasync="false">
  var dd = {
    'rt': 'i',
    'cid': 'AHrlqAAAAAMA...',
    'hsh': 'A55FBF4311ED...',
    'b': 1239798,
    's': 17434,
    'host': 'geo.captcha-delivery.com',
    'ifs': 'https://ct.captcha-delivery.com/i.js',
    'cookie': '4c2wtp1lFtctMO...'
  }
  </script>
  <script data-cfasync='false' src='https://...'></script>
  <script data-cfasync="false" src="https://ct.captcha-delivery.com/ext..."></script>
</body>
</html>

A crucial element in navigating Datadome's security measures is the dd dictionary, which plays a key role in constructing the challenge URL. Notably, the rt value within this dictionary serves as an indicator of the upcoming challenge type. Specifically:

• i: Signals an Interstitial challenge
• c: Indicates a Captcha Slide challenge, requiring users to complete a sliding puzzle verification

Our API offers a convenient solution for overcoming Datadome's security measures, enabling seamless access to protected websites. By leveraging our API, you can automate the challenge-solving process, which in turn generates the required datadome cookie. This streamlined approach eliminates the hassle of manual verification, allowing you to efficiently access Datadome-secured websites through our simplified integration.