Scraping Central is reader-supported. When you buy through links on our site, we may earn an affiliate commission.

Guide

How to Bypass DataDome Anti-Bot Protection

Learn how to bypass DataDome anti-bot protection for web scraping. Covers detection techniques, cookie validation, and practical bypass methods.

DataDome protects thousands of websites with real-time bot detection. It is particularly common on e-commerce sites in Europe. Here is how to handle it.

How DataDome Detects Bots

DataDome's detection runs through a JavaScript tag that:

  1. Sets a datadome Cookie, This cookie contains encoded device and behavioral data
  2. Sends Device Signals, Canvas fingerprint, WebGL renderer, audio context, and screen properties
  3. Monitors Behavior, Mouse movements, scroll patterns, and interaction timing
  4. Checks IP Reputation, Known datacenter IPs are flagged immediately
  5. Validates Headers, HTTP header order and values are analyzed for consistency

Method 1: ScraperAPI (Recommended)

ScraperAPI handles DataDome protection out of the box.

import requests

API_KEY = "YOUR_SCRAPERAPI_KEY"
url = "https://datadome-protected-store.com/products"

response = requests.get(
    "http://api.scraperapi.com",
    params={
        "api_key": API_KEY,
        "url": url,
        "render": "true"
    }
)
print(response.status_code)
print(response.text[:500])

Method 2: ScrapingAnt with JavaScript Rendering

ScrapingAnt can also handle DataDome-protected pages.

from scrapingant_client import ScrapingAntClient

client = ScrapingAntClient(token="YOUR_SCRAPINGANT_TOKEN")
result = client.general_request(
    "https://datadome-protected-store.com/products",
    browser=True
)
print(result.content[:500])

Method 3: Browser Automation

For a self-hosted approach, use a stealth browser and residential proxies.

from playwright.sync_api import sync_playwright

with sync_playwright() as p:
    browser = p.chromium.launch(headless=False)
    context = browser.new_context(
        user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
        viewport={"width": 1440, "height": 900}
    )
    page = context.new_page()

    # DataDome checks happen on page load
    page.goto("https://datadome-protected-store.com")
    page.wait_for_timeout(3000)  # Allow DataDome JS to complete

    # Check if we passed the challenge
    if "datadome" in str(page.context.cookies()):
        print("DataDome cookie received - checking if valid")

    content = page.content()
    browser.close()

Common DataDome Pitfalls

  • Cookie reuse, DataDome cookies are tied to specific fingerprints and IPs. Reusing cookies from a different environment will trigger a block.
  • Headless detection, DataDome detects standard headless Chrome. Use stealth plugins or headed mode.
  • Rate limiting, Even with a valid cookie, too many requests from one IP triggers re-challenges.

Recommendation

DataDome's real-time detection makes it impractical to maintain a custom bypass long-term. A managed scraping API with built-in DataDome handling is the most cost-effective approach for production use.