DocumentationAPIChangelogTest your siteWatch a demoDashboard
Documentation
  1. Bot Protect - Dashboard
  2. Set up DataDome Dashboard

Checklist: steps needed before activating protection

📘

Protection will be effective only when you switch ON Global Protection.

1. Check Server-Side and Client-Side integration

Verify that DataDome is implemented correctly:

  • The server-side module must be set up on all endpoints (Web, API, and MCP servers if applicable)
  • For websites and web applications: the JavaScript Tag must be set up on all pages. Make sure you have configured the JavaScript Tag to catch protected AJAX calls with the ajaxListenerPath option
  • For mobile applications: the mobile SDK must be installed and correctly integrated — Android SDK and iOS SDK. This is required for the Slider and Device Check to function correctly within mobile apps

2. Check endpoints configuration

An endpoint is a segment of your architecture to which DataDome applies dedicated detection algorithms. Getting endpoints right is critical: some detection models only apply on specific endpoint types (e.g. Login, Payment).

Go to Management > Protection & Endpoints.

For each endpoint, check:

  • Traffic identification: the rules defining which traffic is matched. Two methods are available:
    • Traffic Query (default): a query-based syntax covering 40+ traffic fields. See the Traffic Queries Syntax guide.
    • Regex on URL and User Agent: regular expressions on domain, URL path, or user agent.
  • Traffic Source: the origin of the traffic - Web Browsers, Mobile Apps, APIs or Agentic Protocol (MCP servers)
  • Traffic Usage: the functional context - General, Login, Account Creation, Cart, Payment, Forms, or RSS
  • Detection and Protection: both should be active
  • Challenges (learn more): Slider and Device Check are both enabled by default. If Slider is deactivated on an endpoint, DataDome falls back to Device Check. If both are deactivated, the request is allowed.

3. Threats Review

When a threat is detected, DataDome applies a response depending on the matched detection model: either Device Check, Slider, or Block. You can customize these responses per model if needed.

Check the most active threat IPs to make sure no technical partners (billing tools, health checkers, monitoring services, load balancers) are inadvertently caught by detection rules.

Go to Bot Protect > Explore and filter by Traffic Type: Threat Detection. IPs are sorted by traffic volume. For each, verify whether it belongs to a known partner or internal service, then:

4. Verified Bots & AI Agents Review

Verified Bots

Go to Access Control > Verified Bots.

By default, bots in the following categories are allowed:

  • Major Search Engines
  • Technical Partners
  • Social Networks
  • Alt Search Engines
  • Digital Libraries

Pay particular attention to Technical Partners, which include payment providers, uptime monitors and similar services.

The following categories are not automatically allowed and should be reviewed:

  • SEO Software
  • Ads
  • Comparators, Data Providers, Marketing Tools, and other commercial bots

You can adjust the response for each bot in the Verified Bots section.

AI Agents

Go to Agentic Trust > Access Control.

DataDome automatically identifies AI agents interacting with your platform and classifies them into four categories: AI Crawlers, AI Assistants, Autonomous Agents, and Agentic Browsers. Each agent receives a Trust Score based on its identification strength and fraud history.

By default, most agents are assigned an Intent-Based policy, meaning traffic is allowed unless a fraud attempt is detected. The exception is agents used to collect data for LLM training, which are generally set to Block by default given the nature of their activity.

Review the agents detected on your platform and their default policies before activating protection. See Agentic Trust Getting Started and AI Agent Identification for details.

5. Enable Global Protection

Your account is now ready. Go to Protection & Endpoints, click on "Activate Protection" and confirm your choice.

Congratulations — you are now protected.

Updated 6 days ago