ASP.Net Core

DataDome .NET Core module detects and protects against bot activity.

Datadome ASP.Net Core module is a middleware you need to assemble into your app pipeline before your internal processing to handle bot requests detection. It will makes a call to the DataDome API using a KeepAlive connection.
Depending on the API response, the module will either stop the pipeline and so block the query or let the request goes to your own middleware.
The module has been developed to protect the users' experience: if any errors were to occur during the process or if the timeout is reached, the module will automatically disable its blocking process and allow those hits.


The DataDome module supports the following versions / runtimes :

  • .NET 6.0 LTS+
  • Azure App Services

The module must be allowed do external https requests towards Datadome API endpoint.


Get the module

This module is available as a NuGet package.

PM> Install-Package Datadome.AspNetCore

Update your pipeline

Load Datadome module configuration (File Startup.cs)

using DataDome.Configuration;

public void ConfigureServices(IServiceCollection services)

Add Datadome module at the beginning of your pipeline (File Startup.cs)

using DataDome;

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)

Add Datadome module configuration

You might use a appsettings.json file to handle your process configuration. Please add a dedicated DataDomeConfiguration section for the module configuration

  "DataDomeConfiguration": {
    "ApiDomain": "",
    "LicenseKey": " secret license key...",
    "ApiProtocol": "https",


ApiDomainAPI endpoint URL
Available endpoints
ApiProtocolAPI endpoint protocolhttp
PatternRegular expression to include URLs N/A
ExclusionPatternRegular expression to exclude URLs (exclude static asset).*\.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js)($|\?)
LicenseKeyLicense key to access the API
TimeoutAPI connection timeout (in milliseconds)100
ProcessIPsOnly process requests that are from selected IP addresses over the API server. This is a comma separated list of IPv4 or IPv6 networks. By default, the value includes blank addresses, similar to,::/0N/A
SkipIPsDo not send requests incoming from specified IPv4 or IPv6 networks to the API server. By default, the value is blank, meaning there are no addresses to skip.
ConnectionLimitLimit the amount of open TCP connections.1000
ParallelConnectionLimitLimit the amount of concurrent requests sent to DataDome's validation API.2000
ProxyServerYour proxy serverN/A
ProxyPortYour proxy portN/A

Note: Using the DataDome module with outbound proxy can slower total time spent calling the DataDome API and increase timeouts. Please adjust timeout settings accordingly.


How can I activate debug logs?

Datadome middleware is using the logger injected by your pipeline.
You can configure tracing by editing the application's configuration. Example of a logging section:

  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    "Console": {
      "LogLevel": {
        "DataDome": "Trace"
      "FormatterName": "simple",
      "FormatterOptions": {
        "SingleLine": true,
        "IncludeScopes": true,
        "TimestampFormat": "dd/MM/yyyy HH:mm:ss.fff ",
        "UseUtcTimestamp": true

How can I use CSP nonce?

The HTTP Content-Security-Policy (CSP) script-src directive specifies valid sources for JavaScript.

If you are using this feature, you should add to the context.Items dictionary the key cspNonce with the value that you generate for each request. Our code is going to inject the value in our html response:

app.Use(async (context, next) =>
    context.Items["cspNonce"] = "YourCspNonceGeneratedValue";
    // ...
    await next(context);