Sensor

What cookies does Bot Defender have? What JS sensor domains does Bot Defender have?

Sensor

We have dedicated domains for fetching the sensor and sending XHRs. These should be allowed in your Content Security Policy (CSP)
perimeterx.net
px-cdn.net
px-cloud.net
pxchk.net
px-client.net
Note that the HUMAN CAPTCHA solution uses web workers (in supported browsers). Make sure you are not blocking the worker-src CSP directive for your domains.