Footprint
What cookies does Bot Defender have? What JS sensor domains does Bot Defender have?
Sensor
We have dedicated domains for fetching the sensor and sending XHRs. These should be allowed in your Content Security Policy (CSP)
perimeterx.net
px-cdn.net
px-cloud.net
pxchk.net
px-client.net
Cookies
Note
While not all cookies are used by PerimeterX all the time, they must be allowed, and should be expected, at the site level. It is recommended to un-block all PerimeterX cookies.
Cookie name | Cookie Purpose Description | Type | Expiration | 1st or 3rd Party | Category | Note | Size |
---|---|---|---|---|---|---|---|
| Used for browser detection and distinguishing whether it is a real user or malicious bot. | JS | 1 year | 1st Party | Strictly Necessary | Visitor ID (randomly generated ID) | 42b |
| Used to maintain a session with PerimeterX. It does not correspond to any user ID in the web application and does not store any personally identifiable information. | JS | 2 days | 1st Party | Strictly Necessary | Visitor ID (randomly generated ID) | up to 500b |
| Used to flag features for browser detection and distinguishing whether it is a real user or malicious bot. | JS | 1 day | 1st Party | Strictly Necessary | all pxff cookies are feature flags for PerimeterX code, including no visitor specific data, but instead - instructions for the PerimeterX code running on the client side. | 9b-20b |
| User Token (from WebView via mobile SDK integration) | JS | 1 hour | 1st Party | Strictly Necessary | Visitor ID (randomly generated ID) | 43b |
| Used for server-side detection and distinguishing whether it is a real user or malicious bot. | HTTP | 1 year | 1st Party | Strictly Necessary | Visitor ID (randomly generated ID) | 106b |
| Used to maintain a cross tab session | HTTP | session | 1st Party | Strictly Necessary | cross tab session | 43b |
| Data enrichment feature (e.g is the user in access control) | JS | 5 days | 1st Party | Analytics | Hashed incident type | 100b-200b |
Performance Impact
Full details are available here
Component | Category | Value |
---|---|---|
Sensor | Size | 30kb |
Sensor | CPU block time (sync load) | 50ms (95th percentile) |
Server-side | 95th percentile of API request time | 35-50ms |
Server-side | Token validation | under 2ms (95th percentile) |
Updated 2 months ago