WAF with advanced bot protection

Imperva (Incapsula)

Imperva (historically Incapsula) is an enterprise cloud security platform that combines a web application firewall, CDN, DDoS mitigation, and advanced bot protection, the latter built in part on technology from Imperva's acquisition of Distil Networks. It deploys as a reverse proxy in front of the origin: a site's DNS points at Imperva's edge network, so every request is inspected and classified before it can reach the protected application. It is common on enterprise, e-commerce, financial, and reservation-style properties, and appears in our registry on sites such as Resy.

How it decides what to block

Imperva gates traffic in layers, starting with network-level reputation: each connecting IP is scored against threat intelligence aggregated across the many sites behind the platform, so addresses and ranges associated with prior automation are penalized before any page content is served. Requests that pass reputation screening are classified by client fingerprinting, including TLS handshake characteristics, HTTP protocol details, and JavaScript-based checks that probe the browser environment for signs of headless or emulated clients. Behavioral analysis then evaluates session-level patterns such as request cadence, navigation flow, and interaction signals to separate human browsing from scripted access. Traffic that cannot be confidently classified is escalated to active challenges, from silent JavaScript proofs to interstitial pages and CAPTCHAs, while known good bots are allowlisted and confirmed bad bots are blocked or served deceptive responses.

What IP class it takes

Because Imperva weighs IP reputation before other signals, datacenter ranges are commonly blocked or challenged wholesale, and pooled residential ranges that have been widely resold and abused are increasingly pre-flagged the same way. Real mobile-carrier IPs sit behind CGNAT shared with large populations of legitimate phone users, which makes them the hardest address class to blocklist without collateral damage, so they are generally the most viable IP class for legitimate large-scale collection against reputation-first defenses; proxies.sx sources these from physically-owned carrier modems and an opt-in paid peer network with auditable provenance. Regardless of IP class, respect robots.txt, each site's Terms of Service, and applicable law, and collect only data you are permitted to collect.

Sites observed using Imperva (Incapsula)

Observed via public response signatures, reviewed July 2026. Read-only reference.

Responsible use. This is a technical reference to how a protection technology works, not a guide to defeating it. Respect each site's robots.txt, Terms of Service and applicable law, and collect only data you are permitted to.

Frequently asked questions

Is Imperva the same thing as Incapsula?

Incapsula was the cloud-based WAF and CDN platform that became part of Imperva, and the name persists in technical artifacts even though the product is marketed under the Imperva brand. Detection registries still identify it through Incapsula-era markers such as incapdns.net CNAME records and cookies with names like visid_incap_ and incap_ses_. Imperva later folded in dedicated bot-management technology from its acquisition of Distil Networks, which is why its bot protection behaves like a specialized bot-defense product rather than a simple WAF rule set.

How does Imperva distinguish bots from human visitors?

It combines several independent signal layers rather than relying on any single check. IP and network reputation is evaluated first, drawing on threat intelligence shared across all sites behind the platform. The client is then classified using TLS and HTTP-level fingerprints plus JavaScript-based environment checks that verify the request comes from a real, consistent browser. Behavioral signals across a session, such as request pacing and navigation patterns, feed the final classification, and traffic is sorted into humans, verified good bots, and suspected bad bots, with challenges or blocks applied to the last group.

Does routing traffic through a proxy make Imperva irrelevant?

No. The IP address is only one input among many; fingerprinting, environment validation, and behavioral analysis operate independently of where the connection originates. A cleaner IP class mainly affects the reputation stage, where datacenter and heavily abused residential ranges tend to be scored down before any other evaluation happens. For legitimate data collection the more important factors are permission and conduct: respect robots.txt, the site's Terms of Service, and applicable law, and collect only data you are allowed to access.