← Glossary / Imperva Reese84 Cookie

What is Imperva Reese84 Cookie?

Imperva Reese84 Cookie is the primary session identifier generated by Imperva's Advanced Bot Protection (formerly Distil Networks) after a client successfully executes its initial JavaScript challenge. It encapsulates the client's browser fingerprint, behavioral biometrics, and execution environment state into an encrypted payload. For scrapers, failing to generate or properly rotate a valid reese84 cookie results in immediate 403 blocks or silent redirects to CAPTCHA pages.

Anti-ScrapingImperva / DistilCookie ValidationJS ChallengeBot Protection
// 02 — definitions

The token of
execution.

How Imperva verifies that your client actually executed its obfuscated JavaScript payload instead of just parsing the HTML.

Ask a DataFlirt engineer →

TL;DR

The reese84 cookie is the cryptographic proof of work for Imperva's bot protection. It is generated client-side by an obfuscated script that profiles your browser's canvas, WebGL, and DOM environment. Without a valid, fresh reese84 cookie attached to your requests, the edge firewall drops the connection before it ever reaches the origin server.

01Definition & structure
The Imperva Reese84 Cookie is an encrypted token generated by Imperva's Advanced Bot Protection. It contains a serialized payload of your browser's fingerprint, including canvas hashes, WebGL renderer strings, installed fonts, and navigator properties. The edge firewall decrypts this cookie on every request to verify that the client is a legitimate browser and not an automated script.
02The generation lifecycle
When a client without a valid cookie requests a page, Imperva intercepts the request and returns a 202 Accepted status with an obfuscated JavaScript payload. The client must execute this script, which profiles the environment and POSTs the telemetry back to an /_Incapsula_Resource endpoint. If the telemetry passes the bot classifier, the server responds with the reese84 cookie.
03Telemetry and fingerprinting
The script generating the cookie looks for common automation leaks. It checks navigator.webdriver, inspects the Chrome runtime, measures execution timing to detect patching, and verifies that the TLS fingerprint matches the advertised User-Agent. A mismatch in any of these signals results in a poisoned cookie that leads to a block.
04How DataFlirt handles it
We run a fleet of real, headed browsers on residential IPs to naturally execute the Imperva challenge. Once the reese84 cookie is acquired, we export the session state—including the exact IP and TLS fingerprint—to our high-concurrency HTTP workers. This ensures we pass the validation checks without the overhead of running a full browser for every single page fetch.
05The "reese84" naming origin
The name reese84 is a legacy artifact from Distil Networks, the bot protection company Imperva acquired in 2019. It is a reference to Kyle Reese from the movie The Terminator (released in 1984), who was sent back in time to protect humanity from machines. The naming convention survived the acquisition and remains the core identifier today.
// 03 — the validation model

How Imperva scores
the cookie.

Imperva evaluates the telemetry payload sent to generate the cookie against known bot signatures and historical session data. DataFlirt monitors these validation thresholds to maintain high success rates.

Telemetry Entropy = E = Σ p(si) · log2 p(si)
Evaluates canvas, WebGL, and navigator signals for uniqueness. Standard fingerprinting model
Cookie Expiry Window = Tvalid = Tissue + Δtpolicy
Usually 5 to 15 minutes depending on the target's strictness. Imperva session lifecycle
DataFlirt Rotation Rate = R = sessions / Tvalid
We rotate identities before the cookie naturally expires to prevent behavioral tracking. DataFlirt internal SLO
// 04 — the challenge flow

Generating the
reese84 token.

A trace of a headless browser encountering an Imperva-protected endpoint, executing the telemetry script, and securing the required cookie.

Imperva ABPJS ExecutionTelemetry POST
edge.dataflirt.io — live
CAPTURED
// 1. Initial GET request
GET /api/v1/inventory HTTP/2
status: 202 Accepted // Imperva interception
set-cookie: visid_inc_do=...

// 2. JS Challenge Execution
script.load: /_Incapsula_Resource?SWJIYLWA=...
telemetry.canvas: 3f8c...b21a
telemetry.webdriver: false
telemetry.plugins: 3

// 3. Telemetry Submission
POST /_Incapsula_Resource?SWK...
payload: encrypted_blob_482kb
status: 200 OK
set-cookie: reese84=3:Wz...; Path=/; Secure; HttpOnly

// 4. Authenticated Request
GET /api/v1/inventory HTTP/2
cookie: reese84=3:Wz...
status: 200 OK // Origin response served
// 05 — failure modes

Why reese84
generation fails.

Common reasons scrapers fail to obtain or maintain a valid Imperva session cookie, ranked by frequency across our monitoring fleet.

TARGETS MONITORED ·  ·    300+ active
WINDOW ·  ·  ·  ·  ·  ·   24h trailing
UPDATED ·  ·  ·  ·  ·  ·  2026-05-19
01

Headless environment leaks

% of failures · navigator.webdriver = true or missing plugins
02

IP / TLS mismatch

% of failures · Cookie used on different IP than generated
03

Stale or reused cookies

% of failures · Expired reese84 token past the 15m window
04

Missing secondary cookies

% of failures · visid_inc_do or incap_ses not attached
05

Incomplete JS execution

% of failures · Timeout before POST completes
// 06 — our bypass architecture

Execute the payload,

don't try to reverse-engineer it.

Imperva updates its obfuscated telemetry scripts constantly. Attempting to deobfuscate the JavaScript and forge the POST payload is a losing battle. DataFlirt uses real, headed browser instances to naturally execute the challenge, generate a valid reese84 cookie, and then pass that cookie to lightweight HTTP workers for high-throughput extraction. This hybrid approach gives us the bypass reliability of a real browser with the speed of a raw HTTP client.

Session state transfer

Live snapshot of a hybrid worker pool bypassing Imperva.

worker.type browser_headed
challenge.status passed
cookie.reese84 acquired
cookie.incap_ses acquired
transfer.target http_pool_04
pool.throughput 450 req/s
block.rate 0.02%

Stay ahead of the pipeline

Data engineering
intel, weekly.

Anti-bot shifts, scraping infrastructure updates, dataset delivery patterns, and business outcomes from our pipelines. Short, technical, no fluff.

By submitting, you acknowledge our Privacy Notice.

// 07 — FAQ

Common
questions.

About Imperva's cookie mechanics, session lifecycles, and how DataFlirt maintains stable extraction through Advanced Bot Protection.

Ask us directly →
What is the difference between reese84 and incap_ses? +
The incap_ses cookie is Imperva's basic session routing identifier, used for load balancing and basic state. The reese84 cookie is the Advanced Bot Protection token containing the cryptographic proof of your browser's biometric and fingerprint telemetry. You need both to access protected endpoints.
Can I generate a reese84 cookie without a browser? +
Technically possible via reverse engineering, but highly brittle. Imperva changes the encryption keys and payload structure frequently. Real execution via a browser environment is the only stable method for production pipelines.
How long does a reese84 cookie last? +
Typically 5 to 15 minutes, though it varies by target configuration. Once it expires, the client must re-execute the JavaScript challenge to obtain a fresh token.
Is bypassing Imperva legal? +
Accessing publicly available data is generally lawful. We don't hack the server or bypass authentication; we simply use a browser that correctly executes the provided JavaScript, just like a human user's Chrome would. Always review target Terms of Service.
How does DataFlirt scale extraction if every session needs a browser? +
We use a hybrid architecture. Browsers solve the challenge and harvest the reese84 cookies, which are then exported to a pool of fast, concurrent HTTP workers that perform the actual data extraction. This keeps compute costs low while maintaining high throughput.
Why am I getting a 403 even with a valid reese84 cookie? +
Imperva ties the cookie to the IP address and TLS fingerprint that generated it. If you generate the cookie on IP A and use it on IP B, or if your HTTP client's JA3 signature differs from the browser that solved the challenge, the cookie is immediately invalidated.
$ dataflirt scope --new-project --target=imperva-reese84-cookie READY

Tell us what
to extract.
We do the rest.

20-minute scoping call. Pilot dataset within the week. Production within two. Whether you need a one-off catalogue dump or a continuous feed across millions of records — we scope, build, and operate the pipeline.

Start a pipeline → View pricing
hello@dataflirt.com  ·  Bengaluru  ·  IST  ·  typical reply < 4h
// 08 — keep reading

Related glossary terms

Anti-Scraping

Imperva Block Page

The visible consequence of failing the reese84 cookie validation.

Read →
Anti-Scraping

Imperva UTM Cookie Check

Secondary tracking cookies Imperva uses to monitor session behavior.

Read →
Anti-Bot Bypass

JavaScript Challenge

The execution hurdle required to generate the telemetry payload.

Read →
Anti-Bot Bypass

Browser Fingerprinting

The underlying signals that Imperva packages into the reese84 token.

Read →