Checklist: steps needed before activating protection

As a new DataDome customer, you're a few steps away from protecting your traffic.
Protection will be effective only when you switch ON Global protection

1. Check Server-Side and Client-Side integration

You can check that DataDome is implemented correctly by verifying the below:

  • The Server-Side module needs to be setup on all endpoints (Web/API)
  • The JavaScript tag must be setup on all pages
  • Make sure you have integrated our Listener for AJAX call or a Single Page Application

2. Check endpoints configuration

Your traffic can be divided into several endpoints:

An endpoint is part of your website architecture: web, mobile app API, web services, etc.
Adding an endpoint allows DataDome to apply the right algorithms and detect specific bots.

Check your endpoints:

In the left sidebar, click on "Management" and go to "Protection & Endpoints" on the sub-menu (direct link).

Check to see if you find endpoints, such as:

  • Websites
  • Mobile application APIs
  • Web services
  • Etc.

Configuration Check:
For each endpoint, check:

  • The regular expressions (inclusion / exclusion) defining the endpoint
  • Is the detection active (in the "Detection" column)
  • Is the protection active (in the "Protection" column)

If you have any questions, please contact DataDome.

3. Threats Review

By default, a Captcha will be displayed for all AI Threats Detection rules.

Look for Technical partners

Check the most active threat rule IPs to make sure no Technical partners have been left out.

Go to Explore and select "AI Threats Detection" in the Rule Type menu.
You will get the threats IPs list sorted by traffic size (largest to smallest):

In the list, verify the following:

  • Your partners’ IPs (billing tools, health checker, etc.)
  • Your servers’ IPs
  • Your load balancers’ IPs. In this case, allow the IPs that are using a Trusted proxy.

You can allow your partners or completely block unwanted traffic, as shown here.

4. Verified Bots Review

By default, all bots in the following categories will be allowed:

  • Major Search Engine
  • Technical Partner
  • Social Network
  • Alt Search Engine
  • Digital Library

Check each bot's status, particularly "Technical partners" including bots from payment services (e.g. PayPal, etc.), health check (e.g. Pingdom), etc. You can change a bot status using the Response switch as shown below:

By default, all bots in the following categories will be blocked:
  • Seo Software
    • ADS
      • Other

You can change the bot status by clicking on the switch as shown below:

5. Enable Global Protection

Your account is now ready. You can activate the globale protection.

Go to Protection & Endpoints:

Switch ON the global protection button to enable protection, then confirm your choice.

Congratulations, you are now protected against undesired bot traffic.