Logs Enrichment Integration

DataDome Bot Protection analyzes your traffic in real time. We can provide insights about your traffic by enriching your logs for all the requests that we analyze.

Our modules include a powerful feature that adds headers on each request before they are handled by your backend or CDN.

Our customers use it for a deeper integration of DataDome in their infrastructure and applications, for the following use cases:

  • Enriching server logs with bot information from DataDome for log analytics, SIEM or SOC (e.g. Elastic Search, Sumologic, Splunk)
  • Providing insights about bot traffic on your client-side analytics (e.g. Google Analytics, Adobe Analytics)


This feature is available for Corporate and Enterprise plans. You can enable it directly from the Integration section of your Dashboard.

Available enriched headers


X-DataDome-ruletype replaced X-DataDome-botfamily as of 2022-03-01.

Header nameHeader descriptionHeader possible valuesEnabled by default
X-DataDome-isbotIs it a bot?0: Human user
1: Bot
NA: Detection disabled on this segment
X-DataDome-botnameThe bot nameExamples: curl, googlebot, etc.Yes
X-DataDome-captchapassedWas a CAPTCHA passed on this session?0: This session has been blocked, but has not passed a CAPTCHA
1: This session has passed a CAPTCHA
NA: This request has not been blocked
X-DataDome-devicecheckpassedWas a Device Check passed on this session?0: the session was challenged but the device check has not been passed.
1: the session passed the device check.
NA: the request has not been blocked
X-DataDome-ruletypeThe traffic categoryHumans
AI Threats Detection
Verified Bots
Custom Rules
X-DataDome-requestidA DataDome identifier for the current request. In edge case this header might be empty.A standard UUID with alphanumerical characters, e.g. 123e4567-e89b-12d3-a456-426614174000Yes
X-DataDome-Traffic-Rule-ResponseThe response type applied by DataDomeauthorize
block (captcha response)
hard_block (block response)
interstitial (device check)
X-DataDome-scoreThe level of confidence when identifying a request as coming from a botFloat number between 0 and 1.
0: Lowest level of confidence
1: Highest level of confidence
X-DataDome-matchedmodelsNames of bot models that were triggered (max: 10)Examples: Credential Stuffing, Unusual traffic volume, Recent CVE-xxxx-xxxxx activity, etc.No
X-DataDome-sessionidThe DataDome session ID to track the user's journey. In edge case this header might be empty.Examples: AHrlqAAAAAMA9DfoAKMDOgIAlEibGw==No


Please contact our support team to enable the headers listed above that are not enabled by default.
They will review your requirements and provide you with the best recommendations.

Logs integration

Please refer to the documentation pages below to configure your server-side integrations in order to benefit from these enriched headers in your own logs:

Export to a SIEM/SOC Tools

You can find more information about how to export these logs and headers to an SIEM/SOC Tools.