• Add support for Next.js 16

In order to improve detection capabilities on Bot Protect, we will roll out a new serving endpoint for response pages (Device Check, CAPTCHA, Block).

Target date

Monday, January 26, 2026

Required change

If you are using the frame-src directive in your Content-Security-Policy headers with a direct reference to geo.captcha-delivery.com, you will need to proceed with the change below:

• ❎ Before: frame-src geo.captcha-delivery.com
• ✅ After: frame-src *.captcha-delivery.com

Without this change, some of your end users might experience issues with displaying response pages in case of false positives.

Reference documentation: JavaScript Tag

• Add support for array headers on fetch requests

• Fix URL evaluation to only include host and pathname

• Add all payload-related methods to the TurboModule interface

• Remove go-querystring dependency and reimplement URL encoding for payloads

• Fix an issue on iOS where POST HTTP requests could be sent without the expected body when giving a FlutterStandardTypedData as the body

• Initial release

• Add all payload-related methods to the TurboModule interface
• Add Platform import to the DataDomeModal class to prevent exceptions on iOS when retrieving cookies

As a follow-up to our previous announcement here, in our ongoing commitment to security, all our API endpoints now only support TLS versions 1.2 and 1.3.