Logs Enrichment Integration

DataDome Bot Protection analyzes your traffic in real time. We can provide insights about your traffic by enriching your logs for all the requests that we analyze.

Our modules include a powerful feature that adds headers on each request before they are handled by your backend or CDN.

Our customers use it for a deeper integration of DataDome in their infrastructure and applications, for the following use cases:

  • Enriching server logs with bot information from DataDome for log analytics, SIEM or SOC (e.g. Elastic Search, Sumologic, Splunk)
  • Providing insights about bot traffic on your client-side analytics (e.g. Google Analytics, Adobe Analytics)


This feature is available for Corporate and Enterprise plans. You can enable it directly from the Integration section of your Dashboard.

Available enriched headers


X-DataDome-ruletype replaced X-DataDome-botfamily as of 2022-03-01.

Header nameHeader descriptionHeader possible valuesEnabled by default
X-DataDome-isbotIs it a bot?0: Human user
1: Bot
NA: Detection disabled on this segment
X-DataDome-botnameThe bot nameExamples: curl, googlebot, etc.Yes
X-DataDome-captchapassedWas a CAPTCHA passed on this session?0: This session has been blocked, but has not passed a CAPTCHA
1: This session has passed a CAPTCHA
NA: This request has not been blocked
X-DataDome-ruletypeThe traffic categoryHumans
AI Threats Detection
Verified Bots
Custom Rules
X-DataDome-requestidAn identifier for the current requestA standard UUID with alphanumerical characters, e.g. 123e4567-e89b-12d3-a456-426614174000Yes
X-DataDome-Traffic-Rule-ResponseThe response type applied by DataDomeauthorize
block (captcha response)
hard_block (block response)
interstitial (device check)
X-DataDome-scoreThe level of confidence when identifying a request as coming from a botFloat number between 0 and 1.
0: Lowest level of confidence
1: Highest level of confidence
X-DataDome-matchedmodelsNames of bot models that were triggered (max: 10)Examples: Credential Stuffing, Unusual traffic volume, Recent CVE-xxxx-xxxxx activity, etc.No


Please contact our support team to enable the headers listed above that are not enabled by default.
They will review your requirements and provide you with the best recommendations.

Logs integration

Please refer to the documentation pages below to configure your server-side integrations in order to benefit from these enriched headers in your own logs:

Export to a SIEM/SOC Tools

You can find more information about how to export these logs and headers to an SIEM/SOC Tools.