💻Interstitial

This page describes how to solve Datadome Interstitial ("Verifying your device")

Datadome Interstitial Workflow

This guide walks you through solving a Datadome Interstitial challenge using our API. Follow the steps exactly to construct valid requests and extract the necessary cookie.

🧱 Step 1: Trigger a Block

Make a GET request to a page that is known to be protected by Datadome. If blocked, you’ll receive a 403 Forbidden response containing HTML similar to:

htmlCopyEdit<html>
  <head>
    <title>thefork.it</title>
    <style>#cmsg{animation: A 1.5s;}@keyframes A{0%{opacity:0;}99%{opacity:0;}100%{opacity:1;}}</style>
  </head>
  <body style="margin:0">
    <p id="cmsg">Please enable JS and disable any ad blocker</p>
    <script data-cfasync="false">
      var dd = {
        'rt':'i',
        'cid':'AHrlqAAAAAMA33U5jz_3dWIAH38V_A==',
        'hsh':'4980A61279181687DE605B235F81B9',
        'b':1362300,
        's':2906,
        'host':'geo.captcha-delivery.com'
      }
    </script>
    <script data-cfasync="false" src="https://ct.captcha-delivery.com/i.js"></script>
  </body>
</html>

You know you are blocked by Interstitial by the presence of https://ct.captcha-delivery.com/i.js in the HTML

🔗 Step 2: Construct Device Check URL

Extract the following values from the dd JavaScript object in the block page:

cid
hsh
b
s
host
The original request referer (URL-encoded)

Then build a full device check link, like so:

https://geo.captcha-delivery.com/interstitial/
  ?initialCid=AHrlqAAAAAMA33U5jz_3dWIAH38V_A==
  &hash=4980A61279181687DE605B235F81B9
  &s=2906
  &referer=https%3A%2F%2Fwww.thefork.it%2F
  &b=1362300
  &cid=<initial_datadome_cookie>
  &dm=cd

Ensure your referer matches the URL you attempted to access.

Here is a Golang implementation of how to build the link:

type DDInterstitial struct {
	Rt   string `json:"rt"`
	Cid  string `json:"cid"`
	Hsh  string `json:"hsh"`
	B    int64  `json:"b"`
	S    int64  `json:"s"`
	Host string `json:"host"`
}

func buildDeviceCheckLink(bodyBytes []byte, datadomeCookie, referer string) (string, error) {
	dd, err := parseInterstitialDD(bodyBytes)
	if err != nil {
		return "", err
	}

	params := []struct {
		key, value string
	}{
		{"initialCid", url.QueryEscape(dd.Cid)},
		{"hash", url.QueryEscape(dd.Hsh)},
		{"cid", url.QueryEscape(datadomeCookie)},
		{"referer", url.QueryEscape(referer)},
		{"s", url.QueryEscape(strconv.FormatInt(dd.S, 10))},
		{"b", url.QueryEscape(strconv.FormatInt(dd.B, 10))},
		{"dm", url.QueryEscape("cd")},
	}

	var queryParts []string
	for _, param := range params {
		queryParts = append(queryParts, param.key+"="+param.value)
	}

	return "https://geo.captcha-delivery.com/interstitial/?" + strings.Join(queryParts, "&"), nil
}

func parseInterstitialDD(body []byte) (*DDInterstitial, error) {
	re := regexp.MustCompile(`var dd=({.*?})`)
	matches := re.FindSubmatch(body)

	if len(matches) > 1 {
		ddJson := string(matches[1])
		ddJson = strings.Replace(ddJson, "'", "\"", -1)

		var dd DDInterstitial
		if err := json.Unmarshal([]byte(ddJson), &dd); err != nil {
			return nil, fmt.Errorf("error parsing JSON: %v", err)
		}
		return &dd, nil
	}
	return nil, fmt.Errorf("unable to parse DD JSON")
}

📄 Step 3: Fetch and Encode the Page

Do a GET request to the constructed device check link. Base64-encode the full HTML response body. This encoded string will become the payload for the next step.

🔧 Step 4: Solve Using Our API

Send the Base64-encoded HTML payload to our API endpoint to solve the interstitial challenge.

See API Reference

📤 Step 5: Submit the Payload

Send a POST request to:

https://geo.captcha-delivery.com/interstitial/

Headers

Use HTTP/1.1 and include these headers (values must match real Chrome browser headers):

POST /interstitial/ HTTP/1.1
Host: geo.captcha-delivery.com
Connection: keep-alive
Content-Length: <length>
sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
DNT: 1
Origin: https://geo.captcha-delivery.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: <device check URL from step 2>
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-GB,en;q=0.9

Body

The payload returned from our API is the body of the HTTP POST to /interstitial. It contains the application/x-www-form-urlencoded data. Submit it as is - no need to change anything.

✅ Step 5: Handle the API Response

A successful POST returns a JSON response like this:

{
  "cookie": "datadome=...; Max-Age=31536000; Domain=.thefork.it; Path=/; Secure; SameSite=Lax",
  "view": "redirect",
  "url": "https://www.thefork.it/"
}

What to do:

Extract the datadome cookie
Add it to your cookie jar for the target domain
Retry the original blocked request using the cookie

You should now be able to access the page without being blocked.

PreviousGeneral Information NextSlider CAPTCHA

Last updated 6 months ago