Skip to main content

Managing your DataDome edge integration

Arc XP’s Edge Integration Framework allows you to integrate DataDome’s Advance Bot Management to detect and block malicious bots before they reach your sites.

With this integration, you can:

  • Protect your digital properties from scraping, credential stuffing, fake traffic, and other bot-based threats.

  • Maintain clean analytics and optimize performance by filtering traffic at the edge layer.

  • Leverage DataDome’s expertise without needing complex custom development within Arc XP.

Note

You configure DataDome’s edge integration at only the site level. You cannot configure the integration based on URL paths.

How edge integrations work

When a user requests content from an Arc XP-powered site, the request first passes through the edge layer before it reaches the origin or application. With the DataDome integration enabled, each request is evaluated by DataDome’s real-time detection engine to determine whether it originates from a legitimate user or a malicious bot.

If a request is identified as a bot, DataDome enforces the appropriate response, such as blocking, redirecting, or challenging the request, based on the bot management rules that you configure.

Arc XP facilitates the routing of traffic to DataDome, but you configure all policy management, thresholds, and enforcement behaviors through your DataDome account. This allows your engineering teams to tailor the protection level and response strategies to match your specific needs.

del_Edge_Integration_Simplified_Transaction_Overview.png

Limitations and compatibility with other Arc XP products

Not supported:

  • Edge integrations cannot be used on sites with CDN stacking or that are headless. PageBuilder is required.

Supported:

  • Audience Targeting

  • Pages served from alt-origin

  • Edge integrations are processed on client request and do not result in a change to the headers; therefore, edge integrations do not impact server-side paywall configurations or cookie-based protection.

Prerequisites

To use this integration, you must have the following items:

  • An active DataDome subscription and work directly with DataDome to configure your bot protection policies. Arc XP facilitates the integration but does not manage bot detection or enforcement.

    If you do not currently have a DataDome subscription, contact your Technical Account Manager who can help you begin a trial.

  • Your DataDome client-side and server-side keys. Your DataDome keys are used for the following items:

    • A client-side key to configure the experience.

    • A server-side key to configure the site in Arc XP’s Delivery application.

  • The Site Manager permission. To complete the integration, you must have access to the Delivery application. See Managing roles.

Scenario: Protecting content with a DataDome integration

A media organization using Arc XP notices a surge in non-human traffic targeting its paywalled articles, leading to inflated pageview metrics, increased infrastructure load, and unauthorized content scraping. To mitigate the issue, their team enables the DataDome integration through Arc XP’s Integration Framework.

After activating their DataDome subscription and working directly with the vendor to configure detection rules, the organization begins filtering malicious bot traffic at the edge layer, before it ever reaches the site. This not only protects premium content from unauthorized scraping but also ensures their analytics reflect real user behavior and their infrastructure resources are preserved for actual readers.

Procedures

To fully integrate DataDome with Arc XP’s Edge Integration Framework, you must follow each procedure in order.

1. Retrieving your DataDome keys

You first must retrieve both the client-side and server-side keys in DataDome. See DataDome’s Key documentation to learn more.

2. Configuring DataDome's client-side JavaScript tag in your bundle

Instruct your engineer to insert DataDome’s client-side SDK on your page. Your engineering team can follow DataDome’s client-side JavaScript tag guide.

The appropriate place for DataDome’s JavaScript tag is your output types where most of the site-wide integrations, like analytics and Ads SDKs, already are.

3. Enabling DataDome's edge integration for your site

Follow these steps to turn on the integration within Arc XP.

  1. Navigate to Delivery > Site Settings.

  2. Click the site you want to enable the integration for.

  3. Click the Edge Integrations tab. (If you don’t see the Edge Integrations tab, and have the Site Manager permission, contact your Technical Account Manager to have it enabled.)

  4. Complete the following fields:

    • DataDome toggle - toggle this setting on.

    • DataDome License Key - enter your DataDome server-side key.

  5. Click Save.

    Tip

    See Scenario: Restricting traffic sent to DataDome for more information on how you can customize your DataDome's edge integration.

4. Verifying your DataDome protection is enabled

After you enable the integration, follow these steps to confirm it’s working correctly:

  1. In a web browser, open your website, and navigate to Developer Tools.

  2. Click the Network tab, find and click the page request (usually the first request, or you can filter the list of network activity by Doc to show only the current page loaded).

  3. Click the Headers tab.

    Arc XP returns headers prefixed with x-*, and the DataDome integration returns an x-Datadome response header.

    When the integration is turned off, the x-Datadome response header does not appear.

    del_no_x_datadome.png

    When the DataDome integration is turned on, the x-Datadome: protected response header appears.

    del_x_datadome.png

Scenario: Restricting traffic sent to DataDome

You want to expand the Arc XP Edge Integration Framework's functionality with DataDome's Advanced Bot Management feature. You have the following options available:

  • Include / Exclude based on file path

  • Exclude Outbound Feeds (OBF) from DataDome scans

Procedures

Include / Exclude based on file path

The Delivery UI displays the Restrict Traffic toggle in Site Settings > Edge Integrations.

DataDome-ExcludePath.png

  1. Select either the Include Paths or the Exclude Paths option (you cannot select both).

  2. Specify multiple paths by using ; between entries.

    Note

    You can use wildcards. Arc XP recommends limiting entries to 128 characters to avoid cases where the matching exceeds the Edge Integration timeout. Include and Exclude path fields do not support regex values.

How wildcards work:

"*" matches zero or more characters in [\\w.%~-] (letters, numbers, underscore, dot, percent sign, tilde, or dash)

"?" matches exactly one character from the same set

What this means for you 

URLs with dynamic folder names and even encoded characters are matched more reliably, improving compatibility and reducing the need for manual configuration. For example:

/*/*/????/??/*.html could be used to represent /news/world/2025/10/article-name.html or /sports/football/2023/09/match-results.html

This pattern is a flexible way to capture any HTML page stored under a date-based path — two folders, then a 4-digit year, a 2-digit month, and finally the page.

Screenshot_2025-10-16_at_11_12_51_AM.png

Exclude Outbound Feeds (OBF) from DataDome scans

By default, the Edge Integration Framework sends OBF to DataDome for scanning. If you want to exclude Outbound Feeds, you must add the OBF path to the Exclude Paths field. Take the following steps:

  1. Navigate to Delivery > Site Settings > Edge Integrations

  2. Enable the Restrict Traffic toggle.

  3. Select the Exclude Paths option.

  4. Enter /arc/outboundfeeds/* in the Exclude Paths field.

  5. Click Save.

In this section: