DataDome Magento-Fastly module

1.2.244 (2026-06-01)

Collect Sec-Fetch-Storage-Access header from requests
Sanitize request headers
Add support for Model Context Protocol (MCP)
Increase length limit from 128 to 512 characters for DataDome cookie to support upcoming features
Handle 429 status code (Too Many Requests) responses from Protection API to support upcoming features
Remove dd_referrer query parameter from URL in Referer header to avoid passing it upstream to origin server when var.datadome_restore_referrer is enabled
Collect Skyfire-Pay-ID header for AI bot monetization
Support new enriched headers x-datadome-protection, x-datadome-endpointname, x-datadome-endpointid, x-datadome-clientside-executed, x-datadome-session-duration, x-datadome-activesession-duration, x-datadome-activesession-requestnumber, x-datadome-previousrequest-elapsed
Collect Signature, Signature-Agent, and Signature-Input headers from requests to support HTTP message signatures as defined by RFC 9421

Exclude requests from DataDome protection when including a x-datadome-skip-detection header with the request ID (see FAQ section)

Fix missing variables in VCL for Magento integration:
- datadome_restore_referrer
- datadome_enable_graphql_support
- datadome_enable_replay_protection

Add header x-sigsci-no-inspection: true to prevent Next-Gen WAF inspection for sub-requests going to DataDome API

Support enriched header : X-DataDome-devicecheckpassed, X-DataDome-sessionid