DocumentationAPIChangelogTest your siteWatch a demoDashboard
Documentation
  1. Platform Integrations: Server-side
  2. Nginx

Nginx Changelog

DataDome Nginx Module

2.53.1 (2026-06-08)

  • Sanitize request headers

2.53.0 (2026-05-12)

  • Add support for nginx 1.29.6+ cookie parser to preserve session continuity

2.52.0 (2026-05-05)

2.51.0 (2026-01-15)

  • Increase length limit from 128 to 512 characters for DataDome cookie to support upcoming features
  • Handle 429 status code (Too Many Requests) responses from Protection API to support upcoming features

2.50.0 (2025-08-11)

  • Collect Signature, Signature-Agent, and Signature-Input headers from requests to support HTTP message signatures as defined by RFC 9421

2.49.0 (2024-12-05)

  • Add data_dome_auth_enable_referrer_restoration option to enable the referrer restoration
  • Use the X-Forwarded-Proto header when available to define the Protocol field in payloads sent to the Protection API
  • Use uppercase letters for hexadecimal values in payloads sent to the Protection API
  • Make parsing case-insensitive for header names

2.48.0 (2024-10-24)

  • Collect JA4 headers passed to the module for detection enhancement

2.47.0 (2024-09-23)

  • Collect JA3 headers passed to the module for detection enhancement

2.46.1 (2024-06-21)

  • Add json and avif extensions to the default exclusion pattern used for static files

2.46.0 (2024-03-14)

  • Collect x-userid header
  • Fix Content-Type header truncation size
  • Fix Sec-CH-UA-Mobile header truncation size

2.45.0 (2023-03-07)

  • Change default log level to WARN and add runtime selection to it

v2.44.0 (2023-01-25)

  • Refactor headers management: collect Fetch Metadata

v2.43.1 (2022-11-15)

  • Rename payload field to XForwardedForIp

v2.43 (2022-10-24)

  • Update default regex exclusion
  • Refactor headers management

v2.42 (2022-07-01)

  • Add support for nginx 1.23.0

v2.41 (2022-02-11)

  • Add support for session by header

v2.40 (2021-10-14)

  • Enhance stability on nginx 1.13.10+ in rare cases

v2.39 (2020-12-02)

  • Prevent worker process from long shutdowns

v2.38 (2020-08-05)

  • Enhance stability for Nginx versions 1.13.10 and later

v2.37 (2020-06-24)

  • Improve dd_server stability for very short DNS TTLs

v2.36 (2019-03-19)

  • Silence -Wcast-function-type warnings

v2.35 (2018-11-20)

  • Lower DNS response TTL from 1 hour to 5 minutes

v2.34 (2018-05-10)

  • Include headers in APIServer calls: Content-Type, From, X-Real-IP, Via, True-Client-IP
  • Improve X-Forwarded-For handling

v2.33 (2017-08-07)

  • Add support for 401 response code from the API Server

v2.32 (2017-04-12)

  • Add data_dome_auth_set

v2.31 (2017-03-24)

  • Reduce traffic size between module and APIServer

v2.30 (2017-03-21)

  • Add compatibility with older Nginx versions (1.5.8, 1.5.6, 1.5.3)
  • Remove warnings for Nginx versions earlier than 1.9.11

v2.29 (2017-03-16)

  • Add support for X-DataDome-request-Headers

v2.28 (2017-02-08)

  • Avoid marking the API server backend as inactive for 10 seconds on errors

v2.27 (2016-12-09)

  • Add verification via X-DatadomeResponse header
  • Send request header names to the API server
  • Send Connection, Pragma, and Cache-Control header values

v2.26 (2016-11-30)

  • Enable data_dome_auth to disable request processing via 'off' variable

v2.25 (2016-11-25)

  • Fix possible segfault on large API server responses
  • Allow data_dome_auth directive to accept variables

v2.24 (2016-11-04)

  • Synchronize versioning

v2.23 (2016-10-18)

  • Fix default exclusion regex for filenames like some.min.css

v2.22 (2016-09-26)

  • Fix URL encoding truncation

v2.21 (2016-09-21)

  • Limit maximum API call size to 10kb

v2.20 (2016-09-13)

  • Add .mp4 and .otf to default exclusion regex

v2.19 (2016-08-08)

  • Remove request body reading code
  • Add regex exclusion

v2.18 (2016-07-27)

  • Send Content-Length header as PostParamLen

v2.17 (2016-06-29)

  • Disable cookies and body sending to API server by default
  • Add debug_params option
  • Report cookies length, body length, Authorization length, HTTP Method, X-Requested-With, and Origin to API server

v2.16 (2016-06-28)

  • Add debug mode

v2.15 (2016-06-23)

  • Add URL encoding for API call parameters

v2.14 (2016-06-03)

  • Fix param truncation logic

v2.13 (2016-04-25)

  • Avoid overwriting Set-Cookie header

v2.12 (2016-04-15)

  • Disable ClientID generation in module
  • Remove X-DataDome version header
  • Support X-DataDome-headers from API response

v2.11 (2016-04-09)

v2.10 (2016-04-07)

  • Support dynamic module

v2.9 (2016-03-31)

  • Avoid repeated API server calls

v2.8 (2016-03-30)

  • Finalize request after API server response

v2.7 (2016-03-29)

  • Avoid finalizing HTTP request twice with different status

v2.6 (2016-01-28)

  • Regenerate client ID if length is unexpected

v2.5 (2016-01-08)

  • Fix issue where client gets no response if API server returns non-200 without a body

v2.4 (2016-01-08)

  • Synchronize version with Apache and Varnish modules

v2.3 (2016-01-06)

  • Fix build with IPv6 and GCC-4.8
  • Fix post_param_limit
  • Avoid sending null char in API Server parameters
  • Use client IP for ID generation if X-Forwarder-For parsing fails
  • Add memzero for new headers
  • Prevent connection leaks
  • Forward API response for 301, 302, and 403 to client
  • Forward redirect location for 301 and 302 to client

v2.2 (2015-12-10)

  • Fix crash from malformed X-Forwarder-For
  • Avoid sending empty parameters

v2.1 (2015-12-02)

  • Restrict Regex to apply only to URL (not MIME)

v2.0 (2015-11-30)

  • Add cookie and session ID support
  • Extract more from headers: Accept, AcceptCharset, AcceptEncoding, AcceptLanguage