Using advanced client-side detections
The advanced client-side detections feature allows you to detect sophisticated bots that leverage headless browsers such as headless Chrome. You can enable this feature by adding a lightweight JavaScript snippet to your website's HTML.
Once enabled, this feature feeds detections into the SUSPECTED-BOT.HEADLESS, SUSPECTED-BAD-BOT.HEADLESS, and CLIENTSIDE-COOKIE-VALID system signals. To identify that a browser has run the JavaScript, the _fs_cd_cp_<RANDOM STRING> cookie is issued from the customer domain.
Prerequisites
Before setting up advanced client-side detections, be sure you have the following prerequisites in place:
- You must purchase Bot Management and the Next-Gen WAF at either the Professional or Premier platform level (it is not available for the Essential platform) or as part of the Security Core, Security Core Plus, or Security Total packaged offering.
- You must enable Bot Management on each Fastly service where you intend to use advanced client-side detection.
Setting up advanced client-side detections
To set up advanced client-side detections for your web application, add the following line within the <head> section of your HTML:
<script src="/_fs-ch-1T1wmsGaOgGaSxcX/assets/script.js"></script>Ideally, this line will be placed above all other scripts in your HTML.
NOTE: You can change the name of the script from script.js to another name of your choosing. The script name must end in .js.
