Logs Integration

DataDome bot detection is a real time synchronous process.

All our modules include a powerful feature that injects informational headers for each request. Our customers use it for deep integration between DataDome and their infrastructure and applications, such as in the following cases:

  • Enriching server logs to use DataDome bot information inside Log Analytics, SIEM or SOC
  • Reading and using these headers in applications, to support specific decisions
  • Reading these headers inside statistics tags


This feature is available for the Corporate and Enterprise plans. Please reach DataDome team for more information.

Headers values


X-DataDome-botfamily is deprecated (supported until 1st March 2022) and will be replaced by X-DataDome-ruletype

Header name

Header description

Header possible values


Is it a bot ?

0: Human (normal user)
1: Bot
NA: Detection not activated on this segment


The bot name



The bot family

good_bot / bad_bot / commercial_bot


Has this client passed a Captcha?

0: This client has not passed the Captcha
1: This client has passed the Captcha
NA: This request has not been blocked


The traffic category

AI Threats Detection
Verified Bots
Custom Rules


An identifier for the current request


The information above can be used inside any application/SIEM/SOC by reading the HTTP request headers.

Logs integration

Each module can inject these headers inside web server logs.

This feature enables our users to integrate DataDome detection information inside their usual monitoring tools like Kibana, Splunk or AppDynamics.

The documentation for each module is available through the links below:

LogFormat "%h %l %u %t \"%r\" %{X-DataDome-isbot}i %{X-DataDome-botname}i %{X-DataDome-botfamily}i %{X-DataDome-captchapassed}i %{DATA_DOME_SPENT_TIME}e" datadome
CustomLog logs/datadome.log datadome
http {
    log_format datadome '$request $http_x-datadome-isbot $http_x-datadome-botname $http_x-datadome-botfamily $http_x-datadome-captchapassed $datadome_response_time';
    access_log /var/log/nginx/datadome.log datadome;
    server {
        data_dome_auth @datadome;
        data_dome_auth_set $datadome_response_time $upstream_response_time;
sudo varnishncsa -a -w /var/log/varnish/datadome.log -D -P /var/run/varnishncsa_datadome.pid -F '%h %l %u %t "%r" "%{X-DataDome-isbot}i %{X-DataDome-botname}i %{X-DataDome-botfamily}i %{X-DataDome-captchapassed}i %{VCL_Log:DataDome_status}x %{VCL_Log:DataDome_spent_time}x"'
# frontend settings with DataDome integration
http-request lua.Datadome_request_hook
http-response lua.Datadome_response_hook
# A block that capture headers
capture response header X-DataDome-isbot len 4
capture response header X-DataDome-botname len 64
capture response header X-DataDome-botfamily len 16
capture response header X-DataDome-captchapassed len 4
# continue frontend setting with DataDome integration
use_backend failure_backend if { var(txn.dd.status) eq "blocked" }