Akamai EdgeWorker changelog

Version 6.4.1

Send original vid from cookie on all activities under orig_cookie_vid
Pass request object to response custom parameters custom function

Version 4.6.0

Replaced crypto-es with Akamai’s built-in crypto module (Web Crypto API) to reduce bundle size
Replaced whatwg-url with the lightweight UrlImpl regex-based parser from perimeterx-js-core
Removed TextEncoder/TextDecoder polyfill (no longer needed)
Bundle size reduced from ~493 KB to ~208 KB, resolving cold-start InitCpuTimeoutError

Version 4.5.0

Support for px_enrich_response_custom_parameters custom function.

Version 4.4.2

Adjusted PM static rule to exclude HEAD requests in addition to GET

February 15, 2026

Version 4.4.1

Telemetry by risk - adjusted telemetry requested flag on risk_api response

October 16, 2025

Version 4.4.0

Added is_sensitive_route field to risk api and async activities
Added x-ew-socket-ip header to Risk API requests
Telemetry activity update_reason field updated to reflect the reason for telemetry activity:
- command - incoming telemetry request received
- risk - telemetry triggered via risk response field
Added request_id to telemetry activity details

August 25, 2025

Version 4.3.0

Support for adding a data enrichment header (new px_data_enrichment_header_name configuration)
Added Documentation enforcement workflow - verify that the documentation is up to date with the latest changes in the codebase

Version 4.2.0

Added the domain to the enforcer block page src to ensure the block page is served correctly from NetStorage

Version 4.1.1

Added argparse as dependency rather than dev dependency to allow the provided CLI tool to work properly

Version 4.1.0

Added URL decode reserved characters feature support (PX_DEC_URL_RESERVED_CHARS configuration)
Added Secure PXHD cookie support (PX_SECURED_PXHD_ENABLED configuration)
Added the WhatWG URL dependency to improve URL parsing
Changed Property Manager variables to remove unnecessary PMUSER_PX_EW_IP variable
Changed handler creation functions to always retrieve configuration from incoming request variables rather than saving the enforcer in closure
Changed onClientRequest to remove context and remote config headers from incoming request before processing
Fixed IP parsing issue by using AK_CLIENT_REAL_IP instead of AK_CLIENT_IP
Fixed issue that enabled users to add erroneous Risk API GET headers