DataDome Envoy Module

2.2.1 (2026-02-20)

• Improve URL path normalization

2.2.0 (2025-08-06)

• Collect Signature, Signature-Agent, and Signature-Input headers from requests to support HTTP message signatures as defined by RFC 9421
• Collect Sec-Fetch-User headers from requests

2.1.0 (2025-01-29)

• Add new options:
  • DATADOME_TENANT_NAME: identify instances in a multi-tenancy environment on Envoy
  • DATADOME_ENABLE_UNPROTECTED_CACHED_RESPONSE: omit Set-Cookie and enriched headers from allowed responses that can be cached
  • DATADOME_CLUSTER_NAME: define a name for the cluster that will connect to DataDome
• Expose status code of Protection API responses as X-DataDome-status in enriched headers
• Add enriched headers to the headers of challenged requests
• Match inclusion and exclusion patterns with the host and path of request URLs (previously only matched the path)

2.0.0 (2024-10-21)

• Fix condition to validate responses from Protection API

Breaking changes

• Update request timestamp resolution to microseconds to improve the accuracy of latency measurements: only compatible with Envoy >= 1.23.0

1.4.0 (2024-06-21)

• Add session by header feature

1.3.4 (2024-06-18)

• Send Connection: 'keep-alive' header to API

1.3.3 (2024-04-23)

• Improve header management

1.3.2 (2024-01-29)

• Remove unwanted headers from responses for blocked requests

1.3.1 (2023-12-26)

• Send Content-Type header value to API

1.3.0 (2023-03-21)

• Add Fetch Metadata (Sec-Fetch-* headers) in payload
• Add Client Hints (Sec-CH-* headers) in payload
• Truncate fields in payload

1.2.1 (2023-02-07)

• Fix typo in payload

1.2 (2020-08-17)

• Update default static assets list

1.1 (2020-02-03)

• Fix skipping requests when module has empty URI_PATTERNS option

1.0 (2019-07-07)

• Initial release