Follow

Web X-Distil-Bot Values

Each request inspected by Distil is assigned a 'Threat' value and that value is appended to the request sent from Distil to origin in the HTTP Header x-distil-bot. A Threat value of 0 indicates that no threat was was identified.

If you’d like more information on x-distil-threats values related to our API security solution, see the X-Distil-Threats Values article.

The table below lists the possible values for x-distil-bot when a threat is identified.

X-Distil-Bot Threat Type Portal Setting
1 Known Violators Known Violators
2 Blocked Country Country Block List
4 Browser Integrity Check Identities
8 Known Violator User Agent Known Violators
16 Rate Limited Manage Rate Limiting
32 Known Violator Honeypot Access Known Violators
64 Referrer Block Manage Referrers & Proxies
128 Session Length Exceeded Manage Rate Limiting
256 Pages Per Session Exceeded Manage Rate Limiting
512 Bad User Agents Identities
1024 Aggregator User Agents Aggregator User Agents
2048 Filtered IP (IP Blacklist) IP Access List
4096 JavaScript Not Loaded Automated Browsers
8192 JavaScript Check Failed Automated Browsers
16384 Machine Learning Violation Machine Learning Settings
32768 Known Violator Automation Tool Force JavaScript Settings
65536 Form Spam Submission Known Violators
131072 Unverified Signature Force JavaScript Settings
262144 IP Pinning Failure  [n/a - information only]
524288 Invalid JavaScript Test Results Force JavaScript Settings
1048576 Organization Block Custom Settings
2097152 Known Violator Data Center KVDC
The values below are only available to migrated domains.   
4194304 User Agent ACL Universal ACL
8388608 Unique Identifier ACL Universal ACL
16777216 Exceeds Invalid Requests Counter  
67108864 Exceeds Maximum CAPTCHA Attempts  
134217728 Extension ACL Universal ACL
268435456  Missing Unique ID  

Additionally, it is possible that multiple threats may be identified for a single request and as such, the value passed to origin is quite often a sum of the above values. A common value is 12289, which evaluates to:

X-Distil-Bot Threat Type
1 Known Violators
4096 JavaScript Not Loaded
8192 JavaScript Check Failed


Appending this value to your server logs can be invaluable in investigating suspicious traffic.
The x-distil-bot header is not visible to end users--it is only passed between Distil and the origin server.

Whitelisted Requests

Apollo Domains

For Apollo domains, refer to field 48 of your web logs to review specific reasons why Distil whitelisted a request.

Classic Domains

For Classic domains, the x-distil-bot header value will be -1 if a request is a good bot or is whitelisted for any reason.

Was this article helpful?
2 out of 3 found this helpful
Have more questions? Submit a request

Comments