• Use X-Forwarded-Proto header as protocol value when present in http request
• Improve payload truncation

• Add option enableServiceWorkerPlugin to display challenges for requests initiated by a service worker (plugin package required)

• Improve performance of the module with connection reuse and code optimizations
• Increase timestamp precision to microseconds for the TimeRequest field in the payload
• Remove empty fields from payloads sent to the API
• Add information about the runtime and the region of the Lambda in the payload

• Fix error thrown on responses without a Set-Cookie header

• Collect additional signals to improve the accuracy and effectiveness of detection

As a follow-up to our previous announcement here, we removed support for TLS versions 1.0 and 1.1 on all our API endpoints, except for two regions: eu-central-1 and us-east-1 will drop TLS 1.0 and 1.1 in the coming weeks.

• Add data_dome_auth_enable_referrer_restoration option to enable the referrer restoration
• Use the X-Forwarded-Proto header when available to define the Protocol field in payloads sent to the Protection API
• Use uppercase letters for hexadecimal values in payloads sent to the Protection API
• Make parsing case-insensitive for header names

• Add datadome_enable_replay_protection variable to prevent replay attack in case of Early-Data requests

• Improve performance (decrease TBT on slow devices)

• Internal improvements