DocumentationAPIChangelogTest your siteWatch a demoDashboard
Documentation
  1. Platform Integrations: Server-side
  2. Fastly CDN (VCL)

Fastly Changelog

DataDome Fastly module

2.31.0 (2026-05-05)

2.30.0 (2026-04-10)

2.29.0 (2026-02-18)

2.28.0 (2026-01-15)

  • Increase length limit from 128 to 512 characters for DataDome cookie to support upcoming features
  • Handle 429 status code (Too Many Requests) responses from Protection API to support upcoming features
  • Add support for custom fields on payloads using static or dynamic values

2.27.1 (2025-11-28)

  • Remove dd_referrer query parameter from URL in Referer header to avoid passing it upstream to origin server when var.datadome_restore_referrer is enabled

2.27.0 (2025-10-29)

  • Collect Skyfire-Pay-ID header for AI bot monetization
  • Support new enriched headers x-datadome-protection, x-datadome-endpointname, x-datadome-endpointid, x-datadome-clientside-executed, x-datadome-session-duration, x-datadome-activesession-duration, x-datadome-activesession-requestnumber, x-datadome-previousrequest-elapsed

2.26.0 (2025-08-06)

  • Collect Signature, Signature-Agent, and Signature-Input headers from requests to support HTTP message signatures as defined by RFC 9421

2.25.0 (2025-06-17)

  • Exclude requests from DataDome protection when including a x-datadome-skip-detection header with the request ID (see FAQ section)

2.24.3 (2025-06-09)

  • Unset conflicting enriched headers from client requests to prevent unintended overrides of DataDome empty value

2.24.2 (2025-02-14)

  • Add new static file extensions to default exclusion regex
  • Increase first_byte_timeout to 300ms to align with the configuration of other integrations

2.24.1 (2024-12-16)

2.24.0 (2024-12-03)

2.23.0 (2024-11-08)

  • Add x-sigsci-no-inspection: true header on sub-requests sent to Protection API to skip inspection by Next-Gen WAF

2.22.0 (2024-10-22)

  • Collect JA4 fingerprints
  • Security and performance improvement

2.21.0 (2024-09-20)

  • Add support for graphQL queries in POST requests

2.20.7 (2024-07-26)

  • Refine condition in vcl_error subroutine for DataDome error handling

2.20.6 (2024-06-03)

  • Fix referer header management for empty values

2.20.5 (2024-04-16)

  • Persist HTTP method when blocking for logging purposes

2.20.4 (2024-03-22)

  • Move referer header management before DataDome call
  • Improve URL encoding and cleaning for referer header management

2.20.3 (2024-03-11)

  • Broaden condition on URLs for referer header management

2.20.2 (2024-03-05)

  • Improve condition on URLs for referer header management

2.20.1 (2024-02-26)

  • Improve referer header management for Chromium-based browsers and Safari

2.20.0 (2024-02-13)

  • Enhance support for response pages

2.19.4 (2024-01-16)

  • Support new enriched header : X-DataDome-devicecheckpassed

2.19.3 (2023-12-18)

  • Add support for enriched header X-DataDome-sessionid

2.19.2 (2023-11-28)

  • Improve header management

2.19.1 (2023-09-27)

  • Exclude static files .map

2.19.0 (2023-05-16)

  • Collect JA3 fingerprint

2.18.3 (2023-04-24)

  • Improve header management

2.18.2 (2023-03-15)

  • Fix recovery of initial request parameters

2.18.1 (2023-02-10)

  • Improve headers management

2.18.0 (2023-01-17)

  • Introduce support of Fetch Metadata headers

2.17.2 (2022-12-12)

  • Follow Fastly normalization of Accept-Encoding

2.17.1 (2022-11-30)

  • Improve headers management
  • Switch to semantic versioning

2.17 (2022-10-21)

  • Collect protocol field (http/https)
  • Better handling of large headers
  • Update list of enriched headers

2.16 (2022-09-07)

  • Add Allow Session Feature

2.15 (2021-12-17)

  • Add support of X-DataDome-score, X-DataDome-requestid and X-DataDome-ruletype headers

2.14 (2021-05-13)

  • Update terraform script to use regular snippet.
  • Add missing error.vcl in terraform script.
  • Introduce support of new headers

2.13 (2020-11-20)

  • Implement change to run DataDome's vcl_deliver only at Fastly Edge node

2.12 (2020-11-05)

  • Adjust default priority for Magento integration
  • Implement prevention for duplicating DataDome cookie on very complex VCL
  • Implement Urlencode for some of the fields sent to the DataDome API

2.11 (2020-08-03)

  • Disable DataDome protection for FASTLYPURGE requests
  • Add priority to Magento integration

2.10 (2020-07-16)

  • Introduce support for X-DataDome-ClientID
  • Add comment with version and file name to snippets

2.9 (2020-07-07)

  • Introduce debug options for Magento integration

2.8 (2020-06-19)

  • Implement exclusion of all non GET and HEAD requests from the Regex

2.7 (2020-06-15)

  • Match the Regex with req.url.path instead of req.url.ext

2.6 (2020-05-29)

  • Include request restart in Magento and snippets integration in case of any unexpected errors from DataDome Backend.

2.5 (2020-05-26)

  • Increase default connect timeout to 300ms and first byte and between bytes to 100ms
  • Include integration name to module name

2.4 (2020-05-19)

  • Enable timeouts to be editable via Magento integration

2.3 (2020-05-06)

  • Introduce templates to create Magento integration

2.2 (2020-04-29)

  • Change all used parameters to lower case
  • Implement fastly.ff.visits_this_service instead of req.http.fastly-ff
  • Implement fastly_req_do_shield for snippets

2.1 (2020-03-18)

  • Reduce the number of used headers
  • Add support for multiple origins

2.0 (2020-03-02)

  • Introduce VCL snippets

1.10 (2019-12-05)

  • Implement parse only valid and not-passing response from DataDome Backend.
  • Reduce the number of used objects inside requests

1.9 (2019-10-04)

  • Implement Force Restart request in case of any unexpected errors from DataDome Backend.

1.8 (2019-10-01)

  • Fix DNS-based geo routing, disabled region specified backends.

1.7 (2019-09-20)

  • Implement performance improvements by moving restart logic into vcl_fetch.

1.6 (2019-08-28)

  • Implement performance improvements through using Fastly regions for geo routing
  • Move Backends to VCL for easier configuration
  • Switch our regex to req.url.ext instead of req.url

1.5 (2019-07-22)

  • Implement fix to never send Cookie and Authorization headers to the DataDome

1.4 (2019-07-12)

  • Remove X-DatadomeResponse header after checking it

1.3 (2019-04-10)

  • Introduce X-DataDome-ModuleName and X-DataDome-ModuleVersion
  • Introduce support for X-DataDome-Timestamp

1.2 (2019-03-12)

  • Enable easier support for multiply backend

1.1 (2019-02-11)

  • Implement fix for working with requests that contain body
  • Move DataDome backend to global configuration

1.0 (2019-01-28)

  • Initial release