For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • Getting Started
    • Overview
    • Best practices
  • Sightline Cyberfraud Defense
    • About Sightline Cyberfraud Defense
    • Getting Started
    • What's different in Sightline Cyberfraud Defense
    • Sensor changelog
    • About the Overview Dashboard
        • Set Custom Parameters
        • Data Classification Enrichment
        • Score Reporting
    • Glossary
  • AgenticTrust
    • Getting started with AgenticTrust
    • AI Agents Monitoring Dashboard
    • AI Visitors Overview Dashboard
    • Manage AI Agent Permissions
    • Agentic Activity Priority
    • Agent Trust Levels
  • Account Defender
    • Account Defender Overview
    • Use Cases
    • Prerequisites
    • Getting Started with Account Defender
    • Optimizing Account Defender Detection
    • Validating Account Defender Integration
    • Risk Triggers
    • About Network Events
    • Troubleshooting
  • Bot Defender
    • Bot Defender Overview
    • Detection
    • Bot Defender Policy Settings
    • Footprint
  • Credential Intelligence
    • Credential Intelligence Overview
    • How to Access the Breached Flag
    • Credential Intelligence FAQ
    • Credential Intelligence Dashboard
  • Code Defender
    • Code Defender Introduction
    • Getting Started with Code Defender
    • Code Defender Glossary
    • Website Risk Analyzer
  • Platform
    • Account settings
    • Manage users
    • Role permissions
    • Enforcer configurations
    • Page Type Mapping
  • Client-Side Integration
    • JavaScript tag
    • Improving first page performance
    • Use of cookies & web storage
    • Advanced client integration
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Prerequisites
  • Enable data enrichment
  • Retrieve enriched data
  • Sensor and Enforcers
  • Supported integrations
  • Disable the data enrichment cookie
  • Available enrichment data by type
  • Access control
  • IP Categorization
  • Incident Types
  • CAPTCHA Bypass
  • Access Tokens
  • Credential Intelligence
Sightline Cyberfraud DefenseData SettingsData Enrichment

Data classification enrichment

Was this page helpful?
Previous

Score reporting

Next
Built with

Data Classification Enrichment lets you to add enrichment data to each request. Every time HUMAN handles a request, it will add the enriched data to the server-to-server call as an additional cookie, _pxde. This lets you send even more information about traffic and activity on your applications, giving you deeper insights and more precise mitigation.

You can learn how to enable enrichment and how to retrieve enriched data with this article.

Prerequisites

  • The appropriate role permissions to manage data classification enrichment. By default, this is an Admin role in Sightilne.
  • A configured Policy to send enriched data from.

Enable data enrichment

  1. Navigate to Sightline Cyberfraud Defense > Settings > Data > Data Enrichment and click the Data classification enrichment tab.
  2. Choose the Policy to send enriched data from.
  3. Select your desired enrichment sources.
  4. Click the toggle for each Data Enrichment Type to enable enrichment for them.

As soon as you enable at least one data enrichment type, HUMAN will start sending the _pxde cookie.

  1. Click Generate cookie example to see an example of the _pxde cookie.
  2. If needed, click Download dictionary next to the data enrichment type to export a JSON object of each type.
  3. Click Save Changes.

HUMAN will start sending enriched data to your Sensor or Enforcer, but you can also choose to send this data to a data analytics integration. See Retrieve enriched data for more information.

Retrieve enriched data

Sensor and Enforcers

The Sensor and most Enforcers support data classification enrichment. They retrieve it by:

If you do not have built-in data classification enrichment, you may need to upgrade your Sensor or Enforcer version. See Getting started with Sightline Cyberfraud Defense to learn how to update your Sensor version. For Enforcers, refer to your Enforcer’s specific configuration documentation.

  • Enforcers: Retrieve enriched data with a hook function.
  • Sensor: Retrieves enriched data by running the initialization code below. This event triggers for each cookie update.
Sensor enriched data initialization
1px.Events.on('enrich', function (value) {
2  // value - the enriched data, in the form of <HMAC>:<Base64 encoded data>
3  const base64Data = value.split(":")[1]; // split value to get the base64 encoded data
4  const dataStr = atob(base64Data); // base64 decode the enrichment data
5  const data = JSON.parse(dataStr); // get the data as JSON
6  console.log('DATA', data);
7});

Supported integrations

You can optionally send enrichment data to a supported data analytics integration. See our documentation for more information.

Disable the data enrichment cookie

The _pxde cookie is an analytics cookie and non-essential. If a user declines to accept non-essential cookies when visiting your website, you can disable it by adding window.pxPreventAnalyticsCookie = true to the Sensor snippet on your application.

1<script type="text/javascript">
2    (function(){
3        window._pxPreventAnalyticsCookie = true; // disables _pxde if user declines non-essential cookies
4        var p = document.getElementsByTagName('script')[0],
5            s = document.createElement('script');
6        s.async = 1;
7        s.src = '/xxxxxxxxxxx/.init.js';
8        p.parentNode.insertBefore(s,p);
9    }());
10</script>

If you want to enable the cookie, you can either:

  • Set window._pxPreventAnalyticsCookie to false, or
  • Delete the variable assignment

Available enrichment data by type

Access control

Access control rules are defined in:

  • Custom rules
  • Known bots & crawlers
  • IP classification

The access control cookie is approximately 200 bytes. If an access control filter could not be found on the request, then the cookie will be empty and only the timestamp will be sent. The available fields are:

FieldDescription
TimestampThe time the cookie was created.
f_typeThe access control rule type. Possible values:
  • w: Whitelist
  • b: Blacklist
f_idThe access control rule ID. These are available in its JSON dictionary.
f_originWhether the data is defined as a custom rule or as a default HUMAN rule. Rules from Known bots & crawlers and IP Classification will always be px.
f_kbWhether the request was made by a known bot or not. Possible values:
  • 1: Known bot
  • 0: Other

IP Categorization

The categories defined in the different services types include cloud, proxy, and other general categories. The available fields are:

FieldDescription
ipc_idAn array of IP categorization IDs. These are available in its JSON dictionary.

Incident Types

Incident types describe why HUMAN identified traffic as automated. See our article for a complete list of all incident types. The available fields are:

FieldDescription
inc_idAn array of hashed incident types.

CAPTCHA Bypass

The CAPTCHA Bypass filter indicates if the request was allowed after a user solved a CAPTCHA successfully and is now in the grace period. The available fields are:

FieldDescription
cgpCAPTCHA Grace Period. If in bypass, the value will be 1. If it is not, then the field will not exist.

Access Tokens

Access tokens allow traffic generated by friendly applications or users. See Traffic policy settings for more information.

This enrichment is only provided if:

  • The f_type value from Access control is whitelist, and
  • The filter reason is access_token

The available fields are:

FieldDescription
f_access_tokenThe access token name

Credential Intelligence

The available fields are:

FieldDescription
breached_accountWhether the credentials on the activity were identified as compromised. If it was, the value will be 1. If it was not, the field will not exist.