JavaScript detection verifies client behavior. When a server responds to an HTML page request, it injects a lightweight, invisible JavaScript script into the client. This script checks if the client can run JavaScript, helping to identify real browsers and block non-browser tools, like crawlers and automated scripts. If the client cannot execute the script, the request is blocked. If the script runs successfully, the request is allowed, and the user can continue to access the website.
Scenarios
JavaScript detections are best used in the following scenarios:
Resources accessed directly by browsers, such as HTML pages, CSS/JS files, and other static or dynamic content requested by users.
Resources that depend on the browser context, including API calls made after a page loads, Asynchronous JavaScript and XML (AJAX) requests, or dynamically rendered components. These resources require an active browser session or Document Object Model (DOM) operations.
Before you begin
JavaScript detection checks if the client can run scripts. Disable this feature for non-browser environments, such as Internet data center requests and direct API calls, to avoid blocking valid requests.
Enable JavaScript detection
In the ESA console, choose Websites and click Add Website.
In the navigation pane on the left, select .
On the Smart Mode tab, turn on the JavaScript Detection switch.
