Imperva Cyber Community

 View Only
  • 1.  Sense of Snippet Injection Policy

    Posted 10-28-2022 08:27

    has anyone of you experience with the snippet injection policy? What is the intention of this sort of policy?
    The online help shows following: Snippet Injection policies are used in conjunction with Fraud Prevention Services (FPS) that are configured in ThreatRadar. As a result, these policies require enabling of cookies and JavaScript on the client browsers. To block or alert, you need to additionally create a Web Custom policy and configure it with the Fraud Prevention Results criteria. Snippet Injection policies are not applied to Server Groups in Simulation mode.
    I also can find not really much about Fraud Prevention Services - or is CAPTCHA services or ThreatRadar meant?

    Thanks in advance

  • 2.  RE: Sense of Snippet Injection Policy

    Posted 27 days ago

    Hi Haupt,

    Did you get any insight into your query?

    I wanted to call out 2 great resources regarding Imperva's Fraud Prevention products. Check out the webinar recordings below. If you still have questions, feel free to add under the recordings, or comment further here.

    Webinar Recording - ATO and ABP New Features and Roadmap for Online Fraud Prevention

    OFP Online Fraud Protection - How Imperva has your back *Webinar Recording*

    Thanks for posting,

    Sarah Lamont
    Digital Community Manager

  • 3.  RE: Sense of Snippet Injection Policy

    Posted 27 days ago
    HI Haupt,

    The snippet injection policy is used to profile and fingerprint clients. 

    A snippet of javascript is injected into the response. The client must process this script and return proof of a work. (a token)

    There are many parameters, or unique values that can be derived from JS. To see an example of some of the information that can be collected from a client via JS, please visit: and click "view my browser fingerprint". 

    Imperva CloudWAF injects this JS into the response automatically, where as it must be configured manually with WAF GW. (securesphere)