datadome bot-detector intel

datadome tags.js

[ok]

https://js.datadome.co/tags.js ↗

last ran: 2026-05-19 22:32 utc; (2d ago)
last updated: 2026-05-19 22:32 utc; (2d ago)
size: 112.5kb
sha256: 9ebed84f6489

apis touched: 200; 200 raw
bot tells: 9
sinks: 3; 0 leaked
hazards: 1
structural: 0
anti-debug: 0; L3/L4 hazards
consistency: 0; cross-checks
providers: 0

categories probed (13)

click a row to drill into every api the script probes in that category.

[+] events
13 apis · 4 tells · 85 hits
- [+] *.isTrustedhigh · bot-tell×2
  details + source hits (2)
- [+] *.pointerTypemedium · bot-tell×1
  details + source hits (1)
- [+] *.pressuremedium · bot-tell×1
  details + source hits (1)
- [+] *.dispatchEventlow×15
  details + source hits (15)
- [+] *.timeStamplow×8
  details + source hits (8)
- [+] *.keylow×7
  details + source hits (7)
- [+] *.screenXlow×3
  details + source hits (3)
- [+] *.screenYlow×3
  details + source hits (3)
- [+] *.repeatlow · bot-tell×1
  details + source hits (1)
- [+] *.addEventListenerinfo×25
  details + source hits (25)
- [+] *.clientXinfo×8
  details + source hits (8)
- [+] *.clientYinfo×8
  details + source hits (8)
- [+] *.datainfo×3
  details + source hits (3)
[+] document
6 apis · 1 tells · 21 hits
- [+] document.currentScriptmedium · bot-tell×2
  details + source hits (2)
- [+] document.cookielow×11
  details + source hits (11)
- [+] document.createElementlow×1
  details + source hits (1)
- [+] document.createEventlow×1
  details + source hits (1)
- [+] document.bodyinfo×4
  details + source hits (4)
- [+] document.documentElementinfo×2
  details + source hits (2)
[+] math
4 apis · 1 tells · 7 hits
- [+] Math.acosmedium · bot-tell×1
  details + source hits (1)
- [+] Math.logmedium×1
  details + source hits (1)
- [+] Math.powmedium×1
  details + source hits (1)
- [+] Math.sqrtlow×4
  details + source hits (4)
[+] anti-debug
2 apis · 1 tells · 4 hits
- [+] console.logmedium · bot-tell×1
  details + source hits (1)
- [+] consolelow×3
  details + source hits (3)
[+] storage
9 apis · 0 tells · 34 hits
- [+] localStoragelow×9
  details + source hits (9)
- [+] *.haslow×5
  details + source hits (5)
- [+] *.openlow×4
  details + source hits (4)
- [+] *.postMessagelow×3
  details + source hits (3)
- [+] *.controllerlow×2
  details + source hits (2)
- [+] *.keyslow×1
  details + source hits (1)
- [+] *.matchlow×1
  details + source hits (1)
- [+] sessionStorageinfo×8
  details + source hits (8)
- [+] *.readyinfo×1
  details + source hits (1)
[+] introspection
5 apis · 0 tells · 9 hits
- [+] Proxymedium×3
  details + source hits (3)
- [+] Object.definePropertymedium×1
  details + source hits (1)
- [+] *.constructorlow×2
  details + source hits (2)
- [+] *.toStringlow×2
  details + source hits (2)
- [+] Symbol.iteratorinfo×1
  details + source hits (1)
[+] timing
4 apis · 0 tells · 15 hits
- [+] performance.nowmedium×1
  details + source hits (1)
- [+] requestAnimationFramelow×1
  details + source hits (1)
- [+] Dateinfo×9
  details + source hits (9)
- [+] Date.nowinfo×4
  details + source hits (4)
[+] navigator
3 apis · 0 tells · 8 hits
- [+] navigator.sendBeaconmedium×2
  details + source hits (2)
- [+] navigator.userAgentlow×1
  details + source hits (1)
- [+] navigator.serviceWorkerinfo×5
  details + source hits (5)
[+] dom-layout
2 apis · 0 tells · 4 hits
- [+] *.observeinfo×2
  details + source hits (2)
- [+] MutationObserverinfo×2
  details + source hits (2)
[+] fonts
1 apis · 0 tells · 2 hits
- [+] *.checkmedium×2
  details + source hits (2)
[+] webrtc
1 apis · 0 tells · 4 hits
- [+] *.sendlow×4
  details + source hits (4)
[+] window
1 apis · 0 tells · 4 hits
- [+] location.hrefinfo×4
  details + source hits (4)
[+] workers
1 apis · 0 tells · 3 hits
- [+] Bloblow×3
  details + source hits (3)

bot-detection tells (7)

strong indicators of bot-detection intent. drill into the categories section below to inspect description, evasion notes, and source snippets for any tell.

*.isTrusted ×2
document.currentScript ×2
console.log ×1
*.pointerType ×1
*.pressure ×1
Math.acos ×1
*.repeat ×1

network sinks (3)

every place the script could ship data off the page. expand a row to see headers and the traced payload entries.

[+] sendBeaconPOST window.dataDomeOptions.endpointno leaks
url source · window.dataDomeOptions.endpoint
location · L2:16517
payload · shape string
- <body>: literal 0
```
r
```
```
window.navigator.sendBeacon(window.dataDomeOptions.endpoint,r)
```
[+] xhrPOST window.dataDomeOptions.endpointno leaks
url source · window.dataDomeOptions.endpoint
location · L2:18374
headers
- Content-type: application/x-www-form-urlencoded
payload · shape string
- <body>: literal 0
```
o
```
```
h.send(o)
```
[+] xhrHEAD chrome-extension://oojibhnkahnabembdeoicblilpbfmnhg/icon.0024de64.pngno leaks
location · L2:28244
```
n.send()
```

dynamic-execution hazards (1)

anywhere the script puts code beyond static reach. eval, function, document.write, dynamic import. these are the holes script2builtins-runtime would fill.

setTimeout-stringL2:36534
`setTimeout` called with a string argument is an eval-equivalent.
```
setTimeout(n,0)
```