Skip to content
Glossary entry

DataDome

DataDome is an anti-bot defense layer used by e-commerce, classified, and ticketing sites. Cookie-based session validation, JS challenge, and a captcha fallback.

Definition

DataDome is a real-time anti-bot platform that fronts protected sites with a JavaScript challenge, a cookie-based session token, and an optional captcha fallback. It targets credential stuffing, scalping, scraping, and ad fraud. Unlike CAPTCHA-only providers, DataDome scores every request continuously and escalates to a visible challenge only when scoring degrades.

How it works

On the first request, DataDome's edge inserts a JS challenge into the response. The browser evaluates it (collecting timing, canvas, WebGL, fonts) and a successful solve issues a datadome cookie. Subsequent requests carry the cookie and bypass the challenge until expiry (around 1 hour). Bots that don't evaluate JS hit a 403 or get redirected to a slide-to-verify CAPTCHA. The shield correlates the cookie to the originating IP — cookie reuse from a different egress IP triggers re-challenge.

Where you see it

High-traffic e-commerce (sneaker drops, electronics, fashion), classified ads (Vinted, Leboncoin), ticketing, real-estate marketplaces, airlines. Usually paired with a CDN like Akamai or Fastly.

Try the API See pricing

Frequently asked questions

Look for the datadome cookie on responses, the X-DataDome response header, or the dd_cookie_test_* identifiers in the JS bundle. Blocked requests often return a 403 with a DataDome-branded HTML body.

Yes within its validity window (~1 hour) and from the same egress IP. Cache it in your session — re-solving per request is expensive and unnecessary.

Rotation triggers re-challenges because DataDome binds cookies to the IP. Solve once per (IP × fingerprint) and pin the proxy for the cookie's lifetime.

Related terms & guides