Web X-Distil-Bot Values

Each request inspected by Distil is assigned a 'Threat' value and that value is appended to the request sent from Distil to origin in the HTTP Header x-distil-bot. A Threat value of 0 indicates that no threat was was identified.

If you’d like more information on x-distil-threats values related to our API security solution, see the X-Distil-Threats Values article.

The table below lists the possible values for x-distil-bot when a threat is identified.

X-Distil-Bot Threat Type Portal Setting
1 Known Violators Known Violators
2 Blocked Country Country Block List
4 Browser Integrity Check Identities
8 Known Violator User Agent Known Violators
16 Rate Limited Manage Rate Limiting
32 Known Violator Honeypot Access Known Violators
64 Referrer Block Manage Referrers & Proxies
128 Session Length Exceeded Manage Rate Limiting
256 Pages Per Session Exceeded Manage Rate Limiting
512 Bad User Agents Identities
1024 Aggregator User Agents Aggregator User Agents
2048 Filtered IP (IP Blacklist) IP Access List
4096 JavaScript Not Loaded Automated Browsers
8192 JavaScript Check Failed Automated Browsers
16384 Machine Learning Violation Machine Learning Settings
32768 Known Violator Automation Tool Force JavaScript Settings
65536 Form Spam Submission Known Violators
131072 Unverified Signature Force JavaScript Settings
262144 IP Pinning Failure  [n/a - information only]
524288 Invalid JavaScript Test Results Force JavaScript Settings
1048576 Organization Block Custom Settings
2097152 Known Violator Data Center KVDC
4194304 User Agent ACL Universal ACL
8388608 Unique Identifier ACL Universal ACL
16777216 Improper Header Name/Value Universal ACL
33554432 Invalid Custom Token Custom Token
67108864 Exceeds Maximum CAPTCHA Attempts  

Extension ACL

Universal ACL

Missing Unique ID

NOTE: This threat value is unique to Web API requests.

Web API > Automated Threats Policy > No Distil Identifier 

Additionally, it is possible that multiple threats may be identified for a single request and as such, the value passed to origin is quite often a sum of the above values. A common value is 12289, which evaluates to:

X-Distil-Bot Threat Type
1 Known Violators
4096 JavaScript Not Loaded
8192 JavaScript Check Failed

Appending this value to your server logs can be invaluable in investigating suspicious traffic.
The x-distil-bot header is not visible to end users--it is only passed between Distil and the origin server.

Whitelisted Requests

Refer to field 48 of your web logs to review specific reasons why Distil whitelisted a request.


Was this article helpful?
4 out of 5 found this helpful
Have more questions? Submit a request