How do Bot Checks work?

Created at:

Incapsula has the means to validate the identity of your site visitors (whether they are human or bot) by inspecting specific details within their requests - visitor details, statistics, browsers, etc.

In case a visitor behavior is suspected as bot behavior, it will be presented with challenges in escalating order - cookie support test, Javascript challenges and a CAPTCHA challenge.


Using the CAPTCHA challenge is optional:

You can enable it by ticking "Require all other Suspected Bots to pass a CAPTCHA test" (at the Incapsula Management Console> Settings> Security> Bot Access Control).

This feature will help protect your site by preventing unknown bots from getting through.

Was this article helpful?
1 out of 3 found this helpful
Have more questions? Submit a request


  • Avatar

    Is there a way to get a report in a spreadsheet for all of the CAPTCHA challenges specific Incapsula-monitored URLs?  Analysis is difficult with the portal event reporting tool.

  • Avatar

    Any update on the above request? This would be very helpful

  • Avatar

    Is there a way to whitelist certain URLs only for suspected bots ? (i.e. never whitelist bad bots).

    Also - how do you know when a certain URL is eligible for Cookie/JS/Captcha test ? (i.e. not an API)

Powered by Zendesk