VIEW THIS AS CODE, NOT MARKDOWN This server is based on evaluation of Incapsula JS code in "virtual dom" polyfill. Step1. GET https://website.com/ Headers: user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Logic: Parse link to js code of incapsula Parse: from _analytics_scr.src = '/_Incapsula_Resource to ' OR from src="/_Incapsula_Resource to " No link to js code - captcha/block Step2. GET to resource with code Example link: https://website.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3 Headers: user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Referer: https://website.com/ Accept: */* Logic: Parse the whole body of response, example: (function() { var z="";var b="766....6c2";eval((function(){for (var i=0;i<b.length;i+=2){z+=String.fromCharCode(parseInt(b.substring(i,i+2),16));} return z;})());})();) Step3. Run the code in the fake DOM Logic: If response contains set-cookie: ___utmvc= in headers then OK else Captcha/block parse json properties - imgsrc, useragent else need use new useragent in next request Step4. GET to imgsrc, something like verifying example https://website.com/_Incapsula_Resource?SWKMTFSR=1&e=0.6509812405676245 where e=... is imgsrc of prev step Headers: User-Agent: {prev request useragent} Accept: image/webp,image/apng,image/*,*/*;q=0.8 Accept-Encoding: gzip, deflate, br Referer: https://website.com/ 1 is ok Step5. Verifying of access to the website, depending on response of request GET to https://website.com/ Headers: User-Agent: {prev request useragent} Accept-Encoding: gzip, deflate, br Referer: https://website.com/ Parse1: from _analytics_scr.src = '/_Incapsula_Resource to ' Parse2: from src="/_Incapsula_Resource to " if parse2 is not empty and parse1 is empty then parse1 := parse2 Logic: Parse link to js code of incapsula then 3 cases // Blocked by Incapsula: detect iframe if "incident_id=" is a part of Parse1 then Captcha/block ; iframeBlock // No bypass cookie If "___utmvc=a" is not presented in Headers of response and ___utmvc=a is not a part of all Cookies then Captcha/block ; noCookieBlock // No access to site If "Some text of HTML that is visible when request isn't blocked" is not presented in response body then Captcha/block ; noAccessBlock other cases are OK ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Overall logic: incapsula detected -> trying to bypass 1,2,3 or more times, until access to website will be gained OR 1 attempt then Restart; small hint: bypass will work if incap_ses_ cookie is present ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;