Using advanced client-side detections
The advanced client-side detections feature allows you to detect sophisticated bots that leverage headless browsers such as headless Chrome. You can enable this feature by adding a lightweight JavaScript snippet to your website's HTML.
Once enabled, this feature feeds detections into the SUSPECTED-BOT.HEADLESS, SUSPECTED-BAD-BOT.HEADLESS, and CLIENTSIDE-COOKIE-VALID system signals. To identify that a browser has run the JavaScript, the _fs_cd_cp_<RANDOM STRING> cookie is issued from the customer domain.
Prerequisites
Before setting up advanced client-side detections, you must:
- purchase Bot Management and Fastly Next-Gen WAF for deployment on Fastly's Edge Cloud. The Essential platform for the Next-Gen WAF does not support Bot Management.
- deploy Bot Management using post-cache inspection on each Fastly service where you intend to use advanced client-side detection.
Setting up advanced client-side detections
To set up advanced client-side detections for your web application, add the following line within the <head> section of your HTML:
<script src="/_fs-ch-1T1wmsGaOgGaSxcX/assets/script.js"></script>Ideally, this line will be placed above all other scripts in your HTML.
NOTE: You can change the name of the script from script.js to another name of your choosing. The script name must end in .js.
