Announcing the new DataDome Component, delivering strong bot protection at the edge
If you run a modern website, you are already contending with automated traffic.
In 2024, bots accounted for 51% of all web traffic, overtaking human activity. And malicious bots alone made up 37% of global traffic. In Q1 2025, AI-powered retrieval bots surged 49%, and since May 2024 GPTBot's crawl volume soared by 305%, boosting its share of AI crawler traffic from roughly 5% to 30%. Wikimedia also saw a 50% jump in bandwidth due to AI scraping, where bots represented just 35% of page views but consumed 65% of its most costly requests.
Scrapers, credential stuffers, and the new breed of “malicious AI agents” drain resources and skew metrics. At the same time, your teams are trying to keep pages fast while managing the trade-offs of adding JavaScript SDKs for security and analytics.
With today's announcement, we're making that balance easier. We've partnered with DataDome's bot protection to bring it to the edge as a first-class Edgee component, so you can deploy protection close to users with minimal app changes and predictable performance.
If you're looking for strong bot protection, the new DataDome component makes deployment straightforward by handling enforcement at the edge and giving you full configuration control in the Edgee console. The component can also inject the DataDome SDK automatically as a first-party script.
When to use DataDome at the edge
Use the DataDome component when you want real-time bot protection and fraud mitigation delivered at the edge, without standing up new infrastructure, while relying on the DataDome JavaScript SDK for client-side detection signals.
DataDome's bot protection provides defense against scraping, account takeover, payment fraud, L7 DDoS, and similar threats. It operates in real time and at low latency.
Prerequisites
- Access to the Edgee console and a project with your domain configured.
- A DataDome server-side key and a client-side key from the DataDome dashboard.
Note: if you are new to Edgee components, learn more here.
How to enable the DataDome component
Let's review how to activate DataDome in an existing Edgee project and the main settings you will tune in production.
Step 1. Add the component in the Edgee console
- Open the Edgee console and go to Components for your project.
- Select Add a component and choose Security - datadome/datadome.
- Click Save to create the component.
Step 2. Configure required keys and baseline settings
In the component settings, provide:
- Server-side key and Client-side key from your DataDome dashboard.
- Timeout for API calls. Default is 300 milliseconds.
- URL pattern inclusion and exclusion (regex) to scope protection.
- Path prefix for the DataDome tag. This helps prevent ad blockers from detecting and blocking it.
- Automatic tag injection. Enable this to have Edgee inject the DataDome JS Tag for you.
Please note that the default exclusion regex is:
"\\.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js|map|json)$"
Step 3. Validate traffic and behavior
After saving, visit your site and inspect the network panel for requests routed through your chosen path prefix, if automatic injection is enabled.
In the DataDome dashboard, verify that protected endpoints are receiving decisions and that responses align with your policy. For tuning, use URL patterns to include or exclude paths where needed.
Note: If you exclude all static assets using the default regex, remember that application routes serving dynamic HTML might still match your inclusion rules. Always test both cacheable assets and HTML endpoints when tuning patterns.
Configuration reference
| Setting | Description | Required | Default |
|---|---|---|---|
| Server-side key | DataDome server key from dashboard | Yes | — |
| Client-side key | DataDome client key from dashboard | Yes | — |
| Timeout | Timeout for regular API calls (ms) | No | 300 |
| URL pattern exclusion | Regex to exclude URLs from protection | No | Static asset extensions regex provided in docs |
| URL pattern inclusion | Regex to include URLs | No | — |
| Path prefix | Custom path for injecting the DataDome tag | Yes | Auto generated |
| Automatic tag injection | Adds the DataDome JS Tag automatically | Yes | Disabled |
Check out the official documentation.
Best practices
- Start with conservative scoping. Begin with inclusion patterns that target API and key HTML routes. Rely on the documented default static asset exclusion, then expand once you have baseline data.
- Plan for ad blockers. Choose and occasionally rotate the path prefix. Edgee automatically generates one for you, and you can modify it when needed.
- Measure impact in the dashboard. Use DataDome analytics to review actions, reasons, and traffic categories during rollout.
- Keep the client thin. If you disable automatic injection and add the JS tag manually, keep it minimal and controlled.
Example: staged rollout for login and checkout pages
- Scope. Create an inclusion regex for
/login|/checkout|/api/and keep the default asset exclusion. - Injection. Enable automatic tag injection and set a path prefix such as
/ddm-a9f2. - Verify. Use your browser network tab to confirm requests are routed under that prefix, then check the DataDome dashboard for live decisions. Tune patterns based on results.
- Expand. Gradually widen inclusion to additional authenticated routes and APIs while monitoring false positives and latency.
Wrap-up and next steps
Automated traffic is no longer background noise, it's the majority of the internet, and it's getting smarter with AI. Scrapers, credential stuffers, and bots that mimic human behavior create a constant drag on performance and security.
With the new DataDome component on Edgee, you can meet that challenge head-on. By combining edge enforcement on Edgee's platform with client-side detection from the DataDome JavaScript SDK, we deliver protection where it matters most: close to your users, with clear visibility in dashboards built for security and fraud teams. Edgee + DataDome makes it practical and effective to defend modern applications against modern bots.
