> For the complete documentation index, see [llms.txt](https://docs.disasm.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.disasm.dev/datadome/general-information.md). # Overview Read this page in full before integrating any DataDome challenge. It covers how our API behaves and the session rules that decide whether a solved cookie is accepted. ## How our API works * **No DataDome JavaScript is executed.** We generate the payload directly. * **Synchronous** - the solve comes back in the same response, typically in around 50-100 ms. * **Self-updating** - the solver tracks most DataDome changes with no action on your side. * **Built for volume** - designed to scale to high request rates. * **We return payloads, not cookies.** You submit the payload as each guide describes to obtain the cookie yourself. The solver emulates **Chrome on Windows**; other browsers are not supported. Your HTTP client must match - see [TLS & Fingerprinting](/getting-started/tls-fingerprinting.md). ## Challenges we solve * [Interstitial](/datadome/interstitial.md) - the "Verifying your device" page. * [Slider CAPTCHA](/datadome/slider-captcha.md) - the image or audio challenge. * [Tags (CH/LE)](/datadome/tags-ch-le.md) - the `tags.js` device-signal challenge used by higher-security sites. ## Session rules DataDome scores behaviour and request context, not just the cookie. These rules apply to every session. ### Behaviour and request flow Your requests must resemble real browsing. Move through a site the way a user would - homepage, then product page, then add-to-cart - and never send a request that wouldn't be reachable through the UI. DataDome tracks this context, and an impossible flow is a reliable block. ### Referer The `referer` must reflect the real navigation path: if you request page B, the referer should be page A. A missing or inconsistent referer is a common cause of blocks. ### Client hints and `Accept-CH` Client hints are headers a Chrome browser sends to describe itself - the `Sec-CH-UA*` family. DataDome reads them and, crucially, checks that they agree with your User-Agent and TLS fingerprint. Getting them wrong, or ignoring the ones the site asks for, is a common and easily avoided block. **Low-entropy hints (sent on every secure request).** Chrome always sends these three, so your client must too: * `Sec-CH-UA` - the brand and version list, e.g. `"Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"` * `Sec-CH-UA-Mobile` - `?0` on desktop * `Sec-CH-UA-Platform` - `"Windows"` for our solver **High-entropy hints (only sent when requested).** Chrome withholds these until a site asks for them through `Accept-CH`: * `Sec-CH-UA-Platform-Version` - the OS version, e.g. `"15.0.0"` * `Sec-CH-UA-Full-Version-List` - full browser versions, e.g. `"Chromium";v="126.0.6478.127", "Google Chrome";v="126.0.6478.127", "Not/A)Brand";v="8.0.0.0"` * `Sec-CH-UA-Arch` - CPU architecture, e.g. `"x86"` * `Sec-CH-UA-Bitness` - e.g. `"64"` * `Sec-CH-UA-Model` - device model, empty (`""`) on desktop **How `Accept-CH` works.** When a response includes an `Accept-CH` header, the site is listing exactly which hints it wants on subsequent requests to that origin: ``` Accept-CH: Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Model ``` A real browser remembers this per origin and adds the requested hints to every later request. You have to do the same: parse the `Accept-CH` list and send each hint it names, with values that match the browser you are emulating, on all following requests to that origin. Sending the low-entropy three while ignoring the requested high-entropy ones is exactly what a naive client does, and it is an easy signal for DataDome to catch. **Consistency is the whole point.** The values must agree with each other and with the User-Agent: * `Sec-CH-UA-Platform` matches the OS in the User-Agent (`"Windows"`). * The Chrome version in `Sec-CH-UA` and `Sec-CH-UA-Full-Version-List` matches the version in the User-Agent. * Every `Sec-CH-*` header is sent only over HTTPS, never over plain HTTP. Our API returns a `headers` map containing exactly these client hints (`sec-ch-ua`, `sec-ch-ua-full-version-list`, `sec-ch-ua-arch`, `sec-ch-ua-model`, `sec-ch-device-memory`). Send them on the requests the origin asks for via `Accept-CH`, and keep them stable for the lifetime of the session. See [TLS & Fingerprinting](/getting-started/tls-fingerprinting.md) for how this fits into the wider fingerprint. ### `t=bv` The `t` value in the `dd` object is often misread. `t=bv` can mean a banned proxy, but it is also a false positive when you haven't solved Tags yet. Always solve [Tags](/datadome/tags-ch-le.md) before rotating proxies. If `t=bv` persists once Tags are solved, the proxy is likely banned. You can also search the CAPTCHA or interstitial page for `Hard Block` - if it is present, the proxy is banned. ### Clean sessions If you are stuck in a block loop: clear all DataDome cookies, make a fresh request to the target to get a new block cookie, and start the solve again. Reusing invalidated cookies keeps you in the loop. {% hint style="warning" %} TLS, HTTP/2 and header order are covered once in [TLS & Fingerprinting](/getting-started/tls-fingerprinting.md), and apply to every DataDome request. A correct payload sent from a mismatched client will still be blocked. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.disasm.dev/datadome/general-information.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.