Imperva Cyber Community

 View Only
  • 1.  Multiple Advanced Bot Protection domains and clearing captcha

    Posted 12-02-2020 14:43
    It is important to understand how your implementation of the Advanced Bot Protection can impact user workflow. For this brief post, I will go over how distinct domain can interact with each other.


    • Within Website Group Foo, I have the domain and it uses encryption key ABC.
    • Within Website Group Bar, I have the domain and it also is configured to use encryption key ABC.
    • Both domains have the reese84 cookie scoped to
    • Both website groups use the same policy which will captcha bad user agents, but allow for a cleared captcha to navigate the domain.
    User workflow.

    As a user, I start on and have a bad user-agent so I receive a captcha. I clear the captcha successfully at I then navigate to with the same bad user-agent.

    What happens next?

    The expected behavior is that I will not receive a captcha when visiting This is because the state of the captcha solve is keyed on the token as part of the reese84 cookie. If the encryption keys were different for the domains, then I should receive a captcha when going through the same workflow.

    Brooks Cunningham

  • 2.  RE: Multiple Advanced Bot Protection domains and clearing captcha

    Posted 11-26-2021 09:05

    Did you find this helpful? Here are some related posts that you might find useful...

    Advanced Bot Protection Ask Me Anything Session | Imperva Cyber Community

    Integrating Captcha with Single Page Applications (

    Podcast - Imperva Customer Community

    Sarah Lamont(csp)
    Digital Community Manager