For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • General
    • About Enforcers
    • Support first-party HUMAN calls
    • Troubleshoot Enforcer configurations
  • Enforcer frameworks
    • Akamai ESI
    • Apache - C Module
    • ASP.NET
    • Callout Enforcer
    • Envoy Proxy
    • F5 BIGIP
    • Fastly JavaScript Compute@Edge
    • Google Cloud Platform (GCP) Callout Enforcer
    • Kong Plugin
    • NGINX - C Module
    • NGINX - LUA Module
    • PHP
    • Python
    • Ruby
    • Salesforce Commerce Cloud Cartridge
      • What's New
      • Importing the Cartridge
      • Registering the Cartridge
      • Importing Metadata and Services
      • Configuring the Cartridge
      • Using the Cartridge
      • SCAPI Protection Considerations
      • Upgrading
      • Customized Block Page
      • Configuration Options
      • First Party
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Version 22.3.0
  • Version 22.2.0
  • Version 22.1.1
  • Version 22.1.0
  • Version 22.0.1
  • Version 22.0.0
  • Version 21.4.3
  • Version 21.4.2
  • Version 21.4.1
  • Version 21.4.0
  • Version 21.3.0
  • Version 21.2.1
  • Version 21.2.0
  • Version 21.1.1
  • Version 21.1.0
  • Version 21.0.0
  • Version 20.3.1
  • Version 20.3.0
  • Version 20.2.0
  • Version 20.1.0
  • Version 19.1.0
  • Version 18.4.0
  • Version 18.3.0
  • Version 18.2.1
  • Version 18.2.1
  • Version 18.1.1
  • Version 18.1.0
  • Version 1.1.1
  • Version 1.1.0
Enforcer frameworksSalesforce Commerce Cloud Cartridge

What's New

Was this page helpful?
Previous

Importing the Cartridge

Next
Built with

Version 22.3.0

Released 2026-05-27

Added

  • Added support for cookie v2
  • Send original vid from cookie on all activities under orig_cookie_vid

Version 22.2.0

Released 2026-03-30

Added

  • Added support for filter requests by http method
  • Added support for enforcing SCAPI requests via the int_perimeterx_SCAPI cartridge

Version 22.1.1

Released 2026-01-29

Changed

  • Changed handleHeaders implementation to support specific customer’s headers structure

Version 22.1.0

Released 2025-10-26

Added

  • Added support for is sensitive request custom function
  • Added is_sensitive_route field to risk API and async activities
  • Reporting the cross tab session cookie for AD on async activities and risk API
  • Added the additional_risk_info field to async activities if present on the risk API response
  • Added custom functions support for Site Genesis and SFRA if onRequest is not wanted.

Version 22.0.1

Released 2025-09-03

Fixed

  • Added missing px_cookie on async activities

Version 22.0.0

Version 22.0.0 introduces breaking changes to the Enforcer configuration and the implementation of custom functions. Make sure to review the updated format and adjust your enforcer configurations accordingly before upgrading.

Released 2025-04-28

Added

  • Added enforcer start time to risk api activity and async activities
  • Added domain attribute to the pxhd cookie.
  • Added user and pass fields to async activities

Changed

  • Moved custom configuration files to dedicated pxCustomFunctionsConfig.js file
  • Aligned the following field names to spec:
    • http_status to http_status_code
    • ip to socket_ip
    • uuid to client_uuid
  • Improved telemetry error handling and stop the flow correctly after successful telemetry request processing
  • Added support for configuring the backend URL and collector URL through the configuration
  • Updated additionalActivityHandler custom function to return void instead of a boolean
  • Updated pxSensitiveRoutes, pxMonitoredRoutes, pxEnforcedRoutes, and pxFilteredRoutes to accept a single regular expression pattern instead of an array of strings.
  • Changed the async activities default url to https://collector-<px_app_id>.perimeterx.net

Removed

  • Removed deprecated sensitiveRoutesRegex and enforcedRoutesRegex and monitoredRouteRegex and filteredRoutesRegex configuration fields

Version 21.4.3

Released 2024-12-19

Fixed

  • Removed the service package usage to compatibility with SiteGenesis

Version 21.4.2

Released 2024-06-23

Added

  • Support for filter routes by regex
  • Better handling for configuration object

Version 21.4.1

Released 2023-12-23

Added
Updated deprecated methods

Version 21.4.0

Released 2023-08-14

Added
__ controllers allowlisting (prevents attackers using __Analytics for POST requests

Version 21.3.0

Released 2022-06-07

Added

  • Custom cookie header with the x-px-cookies default value
  • Sending pxvid on async activities also when it was extracted from cookie

Version 21.2.1

Released 2022-04-13

Fixed

  • Fixed bug in bypass monitor header

Version 21.2.0

Released 2022-04-13

Fixed

  • Linter issues
  • Wrong risk mode sent on risk api

Added

  • Sending email and user creation date on activities (for account defender)

Version 21.1.1

Released 2022-02-02

Fixed

  • Metadata schema was updated to include PX_loggerSeverity

Version 21.1.0

Released 2022-01-03

Added

  • Support for credentials intelligence v2 and multistep_sso protocols
  • Support for login credentials which are sent through body (when the content-type is JSON or form-urlencoded), header and query-param
  • Support for manual sending of additional_s2s activity
  • Support for sending raw username on additional_s2s activity
  • New request_id field to all enforcer activities

Changed

  • Update the default request timeout value of async and risk activities to 1 second

Version 21.0.0

Released 2022-11-28

Changed

  • Async activities fields align with the spec
  • Changed the debug mode field configuration name to px_logger_severity and its possible values according to the spec
  • Changed the px_module_mode possible values according to the spec

Fixed

  • Send the full url with the risk api activity url field which is included query params if any

Added

  • Added implementation for handling s2s_error and s2s_timeout
  • Support for monitored routes feature
  • Support for enforced routes feature
  • Added ‘app_user_id’ field on risk api and async activities calls

Version 20.3.1

Released 2020-12-23

Fixed

  • Mobile token handling for OCAPI

Version 20.3.0

Released 2020-12-23

Fixed

  • Mobile token handling
  • Mobile response handling

Version 20.2.0

Released 2020-11-18

Added

  • OCAPI support
  • PBKDF2 key hashing

Fixed

  • Bypass monitor header reporting
  • Debug flag

Version 20.1.0

Released 2020-02-03

Added

  • Send telemetry on demand by header
  • Support for testing blocking flow in monitor mode
  • Full first-party support
  • onRequest integration
  • Support for properties in ISML templates

Fixed

  • Removed getWriter() and replaced it with templates.

Version 19.1.0

Released 2018-12-25

Added

  • Enrich Custom Parameters support for async activities
  • Support for PXHD cookies
  • First-Party fallback for block templates
  • Support Cookie names extraction

Version 18.4.0

Released 2018-09-26

Added

  • Whitelist by ip/cidr support
  • Custom block page support

Fixed

  • Better handling of Services Framework errors
  • Better handling of query params for Captcha service calls
  • Missing px_cookie on risk_api calls

Version 18.3.0

Released 2018-06-22

Added

  • Refactor of services framework usage to support multi app ids
  • Support for Advanced Blocking Response
  • SFRA support

Fixed

  • Documentation refresh

Version 18.2.1

Released 2018-05-01

Added

  • Refactor of services framework usage to support multi app ids
  • Support for Advanced Blocking Response
  • SFRA support
  • Captcha v2 support

Fixed

  • Documentation refresh

Version 18.2.1

Released 2018-05-01

Added

  • Ratelimit support
  • First party support
  • Enrich Custom Parameters support

Fixed

  • Corrected monitor mode block reporting

Version 18.1.1

Released 2018-02-12

Fixed

  • Numerous bug fixes

Changed

  • Updated README to include js sensor section

Version 18.1.0

Released 2018-01-22

Changed

  • New version number scheme

Version 1.1.1

Released 2017-12-17

Changed

  • Updated services framework implementation to use LocalServiceRegistry.

Version 1.1.0

Released 2017-12-05

Added

  • Enhanced module logs

Changed

  • Various performance enhancements.