perimeterx-js-core 0.30.1 → 0.32.0

package/lib/cjs/config/ConfigurationBase.js

@@ -123,6 +123,7 @@ var ConfigurationBase = /** @class */ (function () {
             // @ts-ignore
             delete activeConfig[key];
         }
+        // Runtime filtering ensures only supported configs remain
         return activeConfig;
     };
     ConfigurationBase.prototype.getStaticConfig = function () {
@@ -775,6 +776,13 @@ var ConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(ConfigurationBase.prototype, "dataEnrichmentHeaderName", {
+        get: function () {
+            return this.configParams.px_data_enrichment_header_name;
+        },
+        enumerable: false,
+        configurable: true
+    });
     Object.defineProperty(ConfigurationBase.prototype, "enableBlockedUrlOnCaptchaBlockPage", {
         get: function () {
             return true;

package/lib/cjs/config/defaults/DefaultConfigurationParams.js

@@ -132,6 +132,7 @@ var defaultConfigurationParams = function () { return ({
     px_remote_config_retry_interval_ms: 1000,
     px_url_decode_reserved_characters: false,
     px_secured_pxhd_enabled: false,
+    px_data_enrichment_header_name: '',
     px_snippet_injection_enabled: false,
     px_create_custom_snippet: null,
     px_custom_is_sensitive_request: null,

package/lib/cjs/config/params/CreateHumanSecurityConfigurationParams.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cjs/config/params/index.js

@@ -19,3 +19,4 @@ __exportStar(require("./AllConfigurationParams.js"), exports);
 __exportStar(require("./CoreConfigurationParams.js"), exports);
 __exportStar(require("./RemoteConfigurationParams.js"), exports);
 __exportStar(require("./StaticConfigurationParams.js"), exports);
+__exportStar(require("./CreateHumanSecurityConfigurationParams.js"), exports);

package/lib/cjs/flow/EnforceFlow.js

@@ -21,8 +21,9 @@ var Flow_1 = require("./Flow.js");
 var EnforceFlow = /** @class */ (function (_super) {
     __extends(EnforceFlow, _super);
     function EnforceFlow(config, _a) {
-        var dataEnrichment = _a.dataEnrichment, tokenParser = _a.tokenParser, riskApiClient = _a.riskApiClient, cors = _a.cors, products = _a.products, graphQLParser = _a.graphQLParser;
+        var dataEnrichment = _a.dataEnrichment, tokenParser = _a.tokenParser, riskApiClient = _a.riskApiClient, cors = _a.cors, products = _a.products, graphQLParser = _a.graphQLParser, base64Utils = _a.base64Utils;
         return _super.call(this, [
+            new phase_1.BlockByHeaderPhase(config, base64Utils),
             new phase_1.ParseTokenPhase(tokenParser),
             new phase_1.EnrichContextFromRequestPhase(config, products, dataEnrichment, graphQLParser),
             new phase_1.RiskApiPhase(products, riskApiClient),

package/lib/cjs/phase/impl/BlockByHeaderPhase.js

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BlockByHeaderPhase = void 0;
+var action_1 = require("../../action/index.js");
+var blocker_1 = require("../../blocker/index.js");
+var products_1 = require("../../products/index.js");
+var captcha_1 = require("../../products/bot_defender/block/captcha/index.js");
+var templates_1 = require("../../products/bot_defender/block/templates/index.js");
+var utils_1 = require("../../utils/index.js");
+/**
+ * `BlockByHeaderPhase` checks for the presence of the x-px-block-by-header header.
+ * If the header is present with a truthy value ("1", "true", "TRUE"), the request is immediately
+ * blocked with a captcha response and the flow is terminated. This feature overrides all other
+ * enforcer logic including monitor mode and whitelisting.
+ */
+var BlockByHeaderPhase = /** @class */ (function () {
+    function BlockByHeaderPhase(config, base64Utils) {
+        this.config = config;
+        this.base64Utils = base64Utils;
+    }
+    BlockByHeaderPhase.prototype.execute = function (context) {
+        var headerValue = this.getBlockByHeaderValue(context);
+        if (headerValue && this.isTruthyValue(headerValue)) {
+            context.logger.debug('block by header detected - creating immediate block response');
+            // Set context for proper activity reporting
+            this.setBlockingContext(context);
+            // Create and return block response immediately
+            var blockResponse = this.createBlockResponse(context);
+            return { done: true, response: blockResponse };
+        }
+        return { done: false };
+    };
+    /**
+     * Creates a captcha block response for the block-by-header feature.
+     * @param context - The request context.
+     * @returns The block response.
+     */
+    BlockByHeaderPhase.prototype.createBlockResponse = function (context) {
+        // Use the existing CaptchaBlocker to generate a proper captcha page
+        var captchaBlocker = new captcha_1.CaptchaBlocker({
+            config: this.config,
+            base64Utils: this.base64Utils,
+            captchaTemplate: templates_1.CAPTCHA_TEMPLATE,
+        });
+        return captchaBlocker.createBlockResponse(context);
+    };
+    /**
+     * Gets the value of the x-px-block-by-header header from the request.
+     * @param context - The request context.
+     * @returns The header value or null if not present.
+     */
+    BlockByHeaderPhase.prototype.getBlockByHeaderValue = function (context) {
+        return context.requestData.request.headers.get(utils_1.BLOCK_BY_HEADER_NAME) || null;
+    };
+    /**
+     * Checks if the header value is considered truthy for blocking.
+     * @param value - The header value to check.
+     * @returns True if the value should trigger blocking.
+     */
+    BlockByHeaderPhase.prototype.isTruthyValue = function (value) {
+        return utils_1.BLOCK_BY_HEADER_TRUTHY_VALUES.includes(value);
+    };
+    /**
+     * Sets the context properties needed for proper activity reporting.
+     * @param context - The request context to modify.
+     */
+    BlockByHeaderPhase.prototype.setBlockingContext = function (context) {
+        var _a;
+        context.action = action_1.Action.BLOCK;
+        context.reasons = (_a = {}, _a[products_1.ProductName.BLOCK_BY_HEADER] = utils_1.BLOCK_BY_HEADER_REASON, _a);
+        context.score = 100; // Maximum risk score
+        context.blockAction = blocker_1.BlockAction.CAPTCHA;
+    };
+    return BlockByHeaderPhase;
+}());
+exports.BlockByHeaderPhase = BlockByHeaderPhase;

package/lib/cjs/phase/impl/index.js

@@ -14,6 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./BlockByHeaderPhase.js"), exports);
 __exportStar(require("./FirstPartyPhase.js"), exports);
 __exportStar(require("./FilterPhase.js"), exports);
 __exportStar(require("./PreflightPhase.js"), exports);

package/lib/cjs/products/bot_defender/BotDefender.js

@@ -189,9 +189,17 @@ var BotDefender = /** @class */ (function () {
     BotDefender.prototype.createBlockResponse = function (context) {
         return this.blocker.createBlockResponse(context);
     };
-    BotDefender.prototype.modifyIncomingRequest = function (_context) {
+    BotDefender.prototype.modifyIncomingRequest = function (context) {
         return __awaiter(this, void 0, void 0, function () {
             return __generator(this, function (_a) {
+                if (this.config.dataEnrichmentHeaderName && context.pxde && context.pxdeVerified) {
+                    try {
+                        context.requestData.request.headers.set(this.config.dataEnrichmentHeaderName, JSON.stringify(context.pxde));
+                    }
+                    catch (err) {
+                        context.logger.debug("unable to set data enrichment header: ".concat(err));
+                    }
+                }
                 return [2 /*return*/];
             });
         });

package/lib/cjs/products/utils/ProductName.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ProductName = void 0;
 var ProductName;
 (function (ProductName) {
+    ProductName["BLOCK_BY_HEADER"] = "block_by_header";
     ProductName["BOT_DEFENDER"] = "bd";
     ProductName["ACCOUNT_DEFENDER"] = "ad";
     ProductName["CODE_DEFENDER"] = "cd";

package/lib/cjs/products/utils/ProductPriorityOrder.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.PRODUCT_PRIORITY_ORDER = void 0;
 var ProductName_1 = require("./ProductName.js");
 exports.PRODUCT_PRIORITY_ORDER = [
+    ProductName_1.ProductName.BLOCK_BY_HEADER,
     ProductName_1.ProductName.HYPE_SALE_CHALLENGE,
     ProductName_1.ProductName.BOT_DEFENDER,
     ProductName_1.ProductName.ACCOUNT_DEFENDER,

package/lib/cjs/utils/constants.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CORE_MODULE_VERSION = exports.REGEX_STRUCTURE = exports.URL_REGEX = exports.EMAIL_ADDRESS_REGEX = exports.PUSH_DATA_FEATURE_HEADER_NAME = exports.PUSH_DATA_HMAC_HEADER_NAME = exports.X_PX_BYPASS_REASON_HEADER_NAME = exports.X_PX_ORIGINAL_TOKEN_HEADER_NAME = exports.X_PX_AUTHORIZATION_HEADER_NAME = exports.UNLIMITED_TIMEOUT = exports.BYPASS_MONITOR_HEADER_VALUE = exports.CD_PXVID_COOKIE_NAME = exports.PXDE_COOKIE_NAME = exports.PXHD_COOKIE_NAME = exports.PXVID_COOKIE_NAME = void 0;
+exports.BLOCK_BY_HEADER_TRUTHY_VALUES = exports.BLOCK_BY_HEADER_REASON = exports.BLOCK_BY_HEADER_NAME = exports.CORE_MODULE_VERSION = exports.REGEX_STRUCTURE = exports.URL_REGEX = exports.EMAIL_ADDRESS_REGEX = exports.PUSH_DATA_FEATURE_HEADER_NAME = exports.PUSH_DATA_HMAC_HEADER_NAME = exports.X_PX_BYPASS_REASON_HEADER_NAME = exports.X_PX_ORIGINAL_TOKEN_HEADER_NAME = exports.X_PX_AUTHORIZATION_HEADER_NAME = exports.UNLIMITED_TIMEOUT = exports.BYPASS_MONITOR_HEADER_VALUE = exports.CD_PXVID_COOKIE_NAME = exports.PXDE_COOKIE_NAME = exports.PXHD_COOKIE_NAME = exports.PXVID_COOKIE_NAME = void 0;
 exports.PXVID_COOKIE_NAME = '_pxvid';
 exports.PXHD_COOKIE_NAME = '_pxhd';
 exports.PXDE_COOKIE_NAME = '_pxde';
@@ -15,4 +15,7 @@ exports.PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
 exports.EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
 exports.URL_REGEX = /^(https?:)\/\/(([^@\s:\/]+):?([^@\s\/]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)(\/?[^?#]*)(\?[^#]*|)(#.*|)$/;
 exports.REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
-exports.CORE_MODULE_VERSION = 'JS Core 0.30.1';
+exports.CORE_MODULE_VERSION = 'JS Core 0.32.0';
+exports.BLOCK_BY_HEADER_NAME = 'x-px-block-by-header';
+exports.BLOCK_BY_HEADER_REASON = 'block_by_header';
+exports.BLOCK_BY_HEADER_TRUTHY_VALUES = ['1'];

package/lib/esm/config/ConfigurationBase.js

@@ -117,6 +117,7 @@ export class ConfigurationBase {
             // @ts-ignore
             delete activeConfig[key];
         }
+        // Runtime filtering ensures only supported configs remain
         return activeConfig;
     }
     getStaticConfig() {
@@ -405,6 +406,9 @@ export class ConfigurationBase {
     get createCustomSnippet() {
         return this.configParams.px_create_custom_snippet;
     }
+    get dataEnrichmentHeaderName() {
+        return this.configParams.px_data_enrichment_header_name;
+    }
     get enableBlockedUrlOnCaptchaBlockPage() {
         return true;
     }

package/lib/esm/config/defaults/DefaultConfigurationParams.js

@@ -129,6 +129,7 @@ export const defaultConfigurationParams = () => ({
     px_remote_config_retry_interval_ms: 1000,
     px_url_decode_reserved_characters: false,
     px_secured_pxhd_enabled: false,
+    px_data_enrichment_header_name: '',
     px_snippet_injection_enabled: false,
     px_create_custom_snippet: null,
     px_custom_is_sensitive_request: null,

package/lib/esm/config/params/CreateHumanSecurityConfigurationParams.js

@@ -0,0 +1 @@
+export {};

package/lib/esm/config/params/index.js

@@ -3,3 +3,4 @@ export * from './AllConfigurationParams.js';
 export * from './CoreConfigurationParams.js';
 export * from './RemoteConfigurationParams.js';
 export * from './StaticConfigurationParams.js';
+export * from './CreateHumanSecurityConfigurationParams.js';

package/lib/esm/flow/EnforceFlow.js

@@ -1,8 +1,9 @@
-import { AdditionalActivityHandlerPhase, CreateBlockResponsePhase, EnrichContextFromRequestPhase, ModifyIncomingRequestPhase, ParseTokenPhase, RiskApiPhase, } from '../phase/index.js';
+import { AdditionalActivityHandlerPhase, BlockByHeaderPhase, CreateBlockResponsePhase, EnrichContextFromRequestPhase, ModifyIncomingRequestPhase, ParseTokenPhase, RiskApiPhase, } from '../phase/index.js';
 import { Flow } from './Flow.js';
 export class EnforceFlow extends Flow {
-    constructor(config, { dataEnrichment, tokenParser, riskApiClient, cors, products, graphQLParser, }) {
+    constructor(config, { dataEnrichment, tokenParser, riskApiClient, cors, products, graphQLParser, base64Utils, }) {
         super([
+            new BlockByHeaderPhase(config, base64Utils),
             new ParseTokenPhase(tokenParser),
             new EnrichContextFromRequestPhase(config, products, dataEnrichment, graphQLParser),
             new RiskApiPhase(products, riskApiClient),

package/lib/esm/phase/impl/BlockByHeaderPhase.js

@@ -0,0 +1,72 @@
+import { Action } from '../../action/index.js';
+import { BlockAction } from '../../blocker/index.js';
+import { ProductName } from '../../products/index.js';
+import { CaptchaBlocker } from '../../products/bot_defender/block/captcha/index.js';
+import { CAPTCHA_TEMPLATE } from '../../products/bot_defender/block/templates/index.js';
+import { BLOCK_BY_HEADER_NAME, BLOCK_BY_HEADER_REASON, BLOCK_BY_HEADER_TRUTHY_VALUES } from '../../utils/index.js';
+/**
+ * `BlockByHeaderPhase` checks for the presence of the x-px-block-by-header header.
+ * If the header is present with a truthy value ("1", "true", "TRUE"), the request is immediately
+ * blocked with a captcha response and the flow is terminated. This feature overrides all other
+ * enforcer logic including monitor mode and whitelisting.
+ */
+export class BlockByHeaderPhase {
+    config;
+    base64Utils;
+    constructor(config, base64Utils) {
+        this.config = config;
+        this.base64Utils = base64Utils;
+    }
+    execute(context) {
+        const headerValue = this.getBlockByHeaderValue(context);
+        if (headerValue && this.isTruthyValue(headerValue)) {
+            context.logger.debug('block by header detected - creating immediate block response');
+            // Set context for proper activity reporting
+            this.setBlockingContext(context);
+            // Create and return block response immediately
+            const blockResponse = this.createBlockResponse(context);
+            return { done: true, response: blockResponse };
+        }
+        return { done: false };
+    }
+    /**
+     * Creates a captcha block response for the block-by-header feature.
+     * @param context - The request context.
+     * @returns The block response.
+     */
+    createBlockResponse(context) {
+        // Use the existing CaptchaBlocker to generate a proper captcha page
+        const captchaBlocker = new CaptchaBlocker({
+            config: this.config,
+            base64Utils: this.base64Utils,
+            captchaTemplate: CAPTCHA_TEMPLATE,
+        });
+        return captchaBlocker.createBlockResponse(context);
+    }
+    /**
+     * Gets the value of the x-px-block-by-header header from the request.
+     * @param context - The request context.
+     * @returns The header value or null if not present.
+     */
+    getBlockByHeaderValue(context) {
+        return context.requestData.request.headers.get(BLOCK_BY_HEADER_NAME) || null;
+    }
+    /**
+     * Checks if the header value is considered truthy for blocking.
+     * @param value - The header value to check.
+     * @returns True if the value should trigger blocking.
+     */
+    isTruthyValue(value) {
+        return BLOCK_BY_HEADER_TRUTHY_VALUES.includes(value);
+    }
+    /**
+     * Sets the context properties needed for proper activity reporting.
+     * @param context - The request context to modify.
+     */
+    setBlockingContext(context) {
+        context.action = Action.BLOCK;
+        context.reasons = { [ProductName.BLOCK_BY_HEADER]: BLOCK_BY_HEADER_REASON };
+        context.score = 100; // Maximum risk score
+        context.blockAction = BlockAction.CAPTCHA;
+    }
+}

package/lib/esm/phase/impl/index.js

@@ -1,3 +1,4 @@
+export * from './BlockByHeaderPhase.js';
 export * from './FirstPartyPhase.js';
 export * from './FilterPhase.js';
 export * from './PreflightPhase.js';

package/lib/esm/products/bot_defender/BotDefender.js

@@ -101,8 +101,15 @@ export class BotDefender {
     createBlockResponse(context) {
         return this.blocker.createBlockResponse(context);
     }
-    async modifyIncomingRequest(_context) {
-        // intentionally left blank
+    async modifyIncomingRequest(context) {
+        if (this.config.dataEnrichmentHeaderName && context.pxde && context.pxdeVerified) {
+            try {
+                context.requestData.request.headers.set(this.config.dataEnrichmentHeaderName, JSON.stringify(context.pxde));
+            }
+            catch (err) {
+                context.logger.debug(`unable to set data enrichment header: ${err}`);
+            }
+        }
     }
     async modifyOutgoingResponse(_context) {
         // intentionally left blank

package/lib/esm/products/utils/ProductName.js

@@ -1,5 +1,6 @@
 export var ProductName;
 (function (ProductName) {
+    ProductName["BLOCK_BY_HEADER"] = "block_by_header";
     ProductName["BOT_DEFENDER"] = "bd";
     ProductName["ACCOUNT_DEFENDER"] = "ad";
     ProductName["CODE_DEFENDER"] = "cd";

package/lib/esm/products/utils/ProductPriorityOrder.js

@@ -1,5 +1,6 @@
 import { ProductName } from './ProductName.js';
 export const PRODUCT_PRIORITY_ORDER = [
+    ProductName.BLOCK_BY_HEADER,
     ProductName.HYPE_SALE_CHALLENGE,
     ProductName.BOT_DEFENDER,
     ProductName.ACCOUNT_DEFENDER,

package/lib/esm/utils/constants.js

@@ -12,4 +12,7 @@ export const PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
 export const EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
 export const URL_REGEX = /^(https?:)\/\/(([^@\s:\/]+):?([^@\s\/]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)(\/?[^?#]*)(\?[^#]*|)(#.*|)$/;
 export const REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
-export const CORE_MODULE_VERSION = 'JS Core 0.30.1';
+export const CORE_MODULE_VERSION = 'JS Core 0.32.0';
+export const BLOCK_BY_HEADER_NAME = 'x-px-block-by-header';
+export const BLOCK_BY_HEADER_REASON = 'block_by_header';
+export const BLOCK_BY_HEADER_TRUTHY_VALUES = ['1'];

package/lib/types/activities/HttpActivityClient.d.ts

@@ -7,15 +7,15 @@ import { ILogger } from '../logger';
 /**
  * The HttpActivityClient is responsible for sending async activities to the backend via HTTP.
  */
-export declare class HttpActivityClient<Req, Res, Added, Removed> implements IActivityClient<Req, Res> {
-    protected readonly config: IConfiguration<Req, Res, Added, Removed>;
+export declare class HttpActivityClient<Req, Res, Supported extends string, Added> implements IActivityClient<Req, Res> {
+    protected readonly config: IConfiguration<Req, Res, Supported, Added>;
     protected readonly httpClient: IHttpClient;
     /**
      * Creates an instance of HttpActivityClient.
      * @param config
      * @param httpClient
      */
-    constructor(config: IConfiguration<Req, Res, Added, Removed>, httpClient: IHttpClient);
+    constructor(config: IConfiguration<Req, Res, Supported, Added>, httpClient: IHttpClient);
     /**
      * Creates and sends all necessary async activities to the backend.
      * @param context - The context containing the request (and possibly response).

package/lib/types/activities/HttpBatchedActivityClient.d.ts

@@ -10,14 +10,14 @@ import { ILogger } from '../logger';
  * This class uses setTimeout and clearTimeout for managing the timeout for sending activities. It also exposes the stop()
  * method to stop the timer and prevent further activity sending, which should be called on shutdown.
  */
-export declare class HttpBatchedActivityClient<Req, Res, Added, Removed> extends HttpActivityClient<Req, Res, Added, Removed> {
+export declare class HttpBatchedActivityClient<Req, Res, Supported extends string, Added> extends HttpActivityClient<Req, Res, Supported, Added> {
     private readonly batchSize;
     private readonly timeoutMs;
     private readonly maxBufferSize;
     private buffer;
     private timeoutId;
     private shouldKill;
-    constructor(config: IConfiguration<Req, Res, Added, Removed>, httpClient: IHttpClient);
+    constructor(config: IConfiguration<Req, Res, Supported, Added>, httpClient: IHttpClient);
     stop(): void;
     protected postActivities(activities: AsyncActivity[], logger: ILogger): Promise<boolean>;
     protected addToBuffer(activities: AsyncActivity[]): void;

package/lib/types/activities/utils.d.ts

@@ -12,7 +12,7 @@ import { CustomParameters, ResponseCustomParameters } from '../custom_parameters
  * @param context - The request context.
  * @returns {AsyncActivity} - The complete async activity payload.
  */
-export declare const createAsyncActivity: <Req, Res, Added, Removed>(activityType: ActivityType, config: IConfiguration<Req, Res, Added, Removed>, context: ReadonlyContext<Req, Res>) => AsyncActivity;
+export declare const createAsyncActivity: <Req, Res, Supported extends string, Added>(activityType: ActivityType, config: IConfiguration<Req, Res, Supported, Added>, context: ReadonlyContext<Req, Res>) => AsyncActivity;
 /**
  * Creates activity details based on the provided parameters.
  * @param activityType - The activity type to create.
@@ -20,12 +20,12 @@ export declare const createAsyncActivity: <Req, Res, Added, Removed>(activityTyp
  * @param context - The request context.
  * @returns {AsyncActivityDetails} - The activity details.
  */
-export declare const createActivityDetails: <Req, Res, Added, Removed>(activityType: ActivityType, config: IConfiguration<Req, Res, Added, Removed>, context: ReadonlyContext<Req, Res>) => AsyncActivityDetails;
+export declare const createActivityDetails: <Req, Res, Supported extends string, Added>(activityType: ActivityType, config: IConfiguration<Req, Res, Supported, Added>, context: ReadonlyContext<Req, Res>) => AsyncActivityDetails;
 export declare const createAsyncActivityCommonDetails: <Req, Res>(context: ReadonlyContext<Req, Res>) => AsyncActivityCommonDetails;
-export declare const createCommonActivityDetails: <Req, Res, Added, Removed>(config: IConfiguration<Req, Res, Added, Removed>, context: ReadonlyContext<Req, Res>) => CommonActivityDetails;
+export declare const createCommonActivityDetails: <Req, Res, Supported extends string, Added>(config: IConfiguration<Req, Res, Supported, Added>, context: ReadonlyContext<Req, Res>) => CommonActivityDetails;
 export declare const addRootContextDataToDetails: <Req, Res>(details: CommonActivityDetails, context: ReadonlyContext<Req, Res>) => void;
 export declare function redactCookieSecret(secret: string): string;
-export declare const addConfigDataToDetails: <Req, Res, Added, Removed>(details: CommonActivityDetails, config: IConfiguration<Req, Res, Added, Removed>) => void;
+export declare const addConfigDataToDetails: <Req, Res, Supported extends string, Added>(details: CommonActivityDetails, config: IConfiguration<Req, Res, Supported, Added>) => void;
 export declare const addCustomParametersToDetails: (details: CommonActivityDetails, customParameters: CustomParameters | null, responseCustomParameters: ResponseCustomParameters | null) => void;
 export declare const addProductDataToDetails: (details: CommonActivityDetails, productData: DeepReadonly<ProductData>) => void;
 export declare const addTlsDataToDetails: (details: CommonActivityDetails, tlsData: DeepReadonly<TlsData>) => void;
@@ -36,5 +36,5 @@ export declare const addRiskApiDataToAsyncActivityCommonDetails: <Req, Res>(deta
 export declare const addResponseDataToAsyncActivityCommonDetails: <Req, Res>(details: AsyncActivityCommonDetails, context: ReadonlyContext<Req, Res>) => void;
 export declare const createPageRequestedActivityDetails: <Req, Res>(context: ReadonlyContext<Req, Res>) => PageRequestedActivityDetails;
 export declare const createBlockActivityDetails: <Req, Res>(context: ReadonlyContext<Req, Res>) => BlockActivityDetails;
-export declare const createAdditionalS2SActivityDetails: <Req, Res, Added, Removed>({ ciSendRawUsernameOnAdditionalS2SActivity }: IConfiguration<Req, Res, Added, Removed>, { productData }: ReadonlyContext<Req, Res>) => AdditionalS2SActivityDetails;
+export declare const createAdditionalS2SActivityDetails: <Req, Res, Supported extends string, Added>({ ciSendRawUsernameOnAdditionalS2SActivity }: IConfiguration<Req, Res, Supported, Added>, { productData }: ReadonlyContext<Req, Res>) => AdditionalS2SActivityDetails;
 export declare const toHeaderEntryArray: (headers: Record<string, string[]>) => HeaderEntry[];

package/lib/types/additional_activity_handler/AdditionalActivityHandler.d.ts

@@ -1,3 +1,3 @@
 import { ReadonlyContext } from '../context';
 import { ActiveConfigurationParams } from '../config';
-export type AdditionalActivityHandler<Req, Res, Added, Removed> = (config: ActiveConfigurationParams<Req, Res, Added, Removed>, context: ReadonlyContext<Req, Res>, request: Req) => void | Promise<void>;
+export type AdditionalActivityHandler<Req, Res, Supported extends string, Added> = (config: ActiveConfigurationParams<Req, Res, Supported, Added>, context: ReadonlyContext<Req, Res>, request: Req) => void | Promise<void>;

package/lib/types/additional_activity_handler/AdditionalActivityHandlerUtils.d.ts

@@ -7,5 +7,5 @@ export declare namespace AdditionalActivityHandlerUtils {
      * @param context - The request context.
      * @returns {Promise<void>} - A promise that resolves when the additional activity handler is complete.
      */
-    const invokeAdditionalActivityHandler: <Req, Res, Added, Removed>(config: IConfiguration<Req, Res, Added, Removed>, context: ReadonlyContext<Req, Res>) => Promise<void>;
+    const invokeAdditionalActivityHandler: <Req, Res, Supported extends string, Added>(config: IConfiguration<Req, Res, Supported, Added>, context: ReadonlyContext<Req, Res>) => Promise<void>;
 }

package/lib/types/blocker/MobileBlocker.d.ts

@@ -3,11 +3,11 @@ import { ReadonlyContext } from '../context';
 import { IBase64Utils } from '../utils';
 import { IConditionalBlocker } from '../blocker';
 import { BlockerBase } from './BlockerBase';
-export declare class MobileBlocker<Req, Res, Added, Removed> extends BlockerBase<Req, Res> implements IConditionalBlocker<Req, Res> {
-    protected readonly config: IConfiguration<Req, Res, Added, Removed>;
+export declare class MobileBlocker<Req, Res, Supported extends string, Added> extends BlockerBase<Req, Res> implements IConditionalBlocker<Req, Res> {
+    protected readonly config: IConfiguration<Req, Res, Supported, Added>;
     protected readonly base64Utils: IBase64Utils;
     protected readonly template: string;
-    constructor(config: IConfiguration<Req, Res, Added, Removed>, base64Utils: IBase64Utils, template: string);
+    constructor(config: IConfiguration<Req, Res, Supported, Added>, base64Utils: IBase64Utils, template: string);
     shouldBlock(context: ReadonlyContext<Req, Res>): boolean;
     protected createBlockBody(context: ReadonlyContext<Req, Res>): string;
 }

package/lib/types/blocker/utils.d.ts

@@ -16,4 +16,4 @@ export declare const renderHtml: (htmlTemplate: string, blockData?: BlockData) =
  * @param base64Utils - The base64 utility functions.
  * @returns {BlockData} - The block data object.
  */
-export declare const createBlockData: <Req, Res, Added, Removed>(config: IConfiguration<Req, Res, Added, Removed>, context: ReadonlyContext<Req, Res>, base64Utils: IBase64Utils) => BlockData;
+export declare const createBlockData: <Req, Res, Supported extends string, Added>(config: IConfiguration<Req, Res, Supported, Added>, context: ReadonlyContext<Req, Res>, base64Utils: IBase64Utils) => BlockData;

package/lib/types/config/ConfigurationBase.d.ts

@@ -14,12 +14,12 @@ import { CustomSnippetFunction } from '../snippet_injection';
 /**
  * Base class for the enforcer configuration.
  */
-export declare abstract class ConfigurationBase<Req, Res, Added, Removed extends string> implements IConfiguration<Req, Res, Added, Removed> {
-    protected configParams: RequiredAllConfigurationParams<Req, Res, Added, Removed>;
-    protected readonly staticConfigParams: StaticConfigurationParams<Req, Res, Added, Removed>;
-    protected remoteConfigData?: RemoteConfigData<Req, Res, Added, Removed>;
-    protected readonly defaultConfigParams: RequiredAllConfigurationParams<Req, Res, Added, Removed>;
-    protected readonly removedParams: Record<Removed, undefined>;
+export declare abstract class ConfigurationBase<Req, Res, Supported extends string, Added> implements IConfiguration<Req, Res, Supported, Added> {
+    protected configParams: RequiredAllConfigurationParams<Req, Res, Supported, Added>;
+    protected readonly staticConfigParams: StaticConfigurationParams<Req, Res, Supported, Added>;
+    protected remoteConfigData?: RemoteConfigData<Req, Res, Supported, Added>;
+    protected readonly defaultConfigParams: RequiredAllConfigurationParams<Req, Res, Supported, Added>;
+    protected readonly removedParams: Record<Exclude<keyof CoreConfigurationParams<Req, Res, Supported, Added>, Supported>, undefined>;
     private internalLogger;
     /**
      * Returns the module version of the enforcer.
@@ -40,18 +40,18 @@ export declare abstract class ConfigurationBase<Req, Res, Added, Removed extends
      * @param removedParams - A map of all removed (unsupported) configuration parameters set to undefined. This parameter can be generated automatically by your IDE.
      * @protected
      */
-    protected constructor(params: StaticConfigurationParams<Req, Res, Added, Removed>, defaultParams: Required<Added> & Partial<CoreConfigurationParams<Req, Res, Added, Removed>>, removedParams: Record<Removed, undefined>);
-    protected createActiveConfiguration(params: AllConfigurationParams<Req, Res, Added, Removed>, defaultParams: RequiredAllConfigurationParams<Req, Res, Added, Removed>): RequiredAllConfigurationParams<Req, Res, Added, Removed>;
-    protected throwIfMissingRequiredField(params: AllConfigurationParams<Req, Res, Added, Removed>): void;
-    protected getValidConfigValue<K extends keyof RequiredAllConfigurationParams<Req, Res, Added, Removed>, V extends RequiredAllConfigurationParams<Req, Res, Added, Removed>[K]>(params: AllConfigurationParams<Req, Res, Added, Removed>, defaultParams: RequiredAllConfigurationParams<Req, Res, Added, Removed>, key: K): V;
-    protected isValidConfigValue(params: AllConfigurationParams<Req, Res, Added, Removed>, defaultParams: RequiredAllConfigurationParams<Req, Res, Added, Removed>, key: keyof RequiredAllConfigurationParams<Req, Res, Added, Removed>): boolean;
-    protected getDefaultConfigurationValue<K extends keyof RequiredAllConfigurationParams<Req, Res, Added, Removed>, V extends RequiredAllConfigurationParams<Req, Res, Added, Removed>[K]>(params: AllConfigurationParams<Req, Res, Added, Removed>, defaultParams: RequiredAllConfigurationParams<Req, Res, Added, Removed>, key: K): V;
-    protected normalizeConfigurationValue<K extends keyof RequiredAllConfigurationParams<Req, Res, Added, Removed>, V extends RequiredAllConfigurationParams<Req, Res, Added, Removed>[K]>(params: AllConfigurationParams<Req, Res, Added, Removed>, key: K): V;
-    protected createInternalLogger(params: RequiredAllConfigurationParams<Req, Res, Added, Removed>): ILogger;
-    setRemoteConfigData(remoteConfigData: RemoteConfigData<Req, Res, Added, Removed>): void;
-    getActiveConfig(): ActiveConfigurationParams<Req, Res, Added, Removed>;
-    getStaticConfig(): StaticConfigurationParams<Req, Res, Added, Removed>;
-    getRemoteConfig(): RemoteConfigurationParams<Req, Res, Added, Removed>;
+    protected constructor(params: StaticConfigurationParams<Req, Res, Supported, Added>, defaultParams: Required<Added> & Partial<CoreConfigurationParams<Req, Res, Supported, Added>>, removedParams: Record<Exclude<keyof CoreConfigurationParams<Req, Res, Supported, Added>, Supported>, undefined>);
+    protected createActiveConfiguration(params: AllConfigurationParams<Req, Res, Supported, Added>, defaultParams: RequiredAllConfigurationParams<Req, Res, Supported, Added>): RequiredAllConfigurationParams<Req, Res, Supported, Added>;
+    protected throwIfMissingRequiredField(params: AllConfigurationParams<Req, Res, Supported, Added>): void;
+    protected getValidConfigValue<K extends keyof RequiredAllConfigurationParams<Req, Res, Supported, Added>, V extends RequiredAllConfigurationParams<Req, Res, Supported, Added>[K]>(params: AllConfigurationParams<Req, Res, Supported, Added>, defaultParams: RequiredAllConfigurationParams<Req, Res, Supported, Added>, key: K): V;
+    protected isValidConfigValue(params: AllConfigurationParams<Req, Res, Supported, Added>, defaultParams: RequiredAllConfigurationParams<Req, Res, Supported, Added>, key: keyof RequiredAllConfigurationParams<Req, Res, Supported, Added>): boolean;
+    protected getDefaultConfigurationValue<K extends keyof RequiredAllConfigurationParams<Req, Res, Supported, Added>, V extends RequiredAllConfigurationParams<Req, Res, Supported, Added>[K]>(params: AllConfigurationParams<Req, Res, Supported, Added>, defaultParams: RequiredAllConfigurationParams<Req, Res, Supported, Added>, key: K): V;
+    protected normalizeConfigurationValue<K extends keyof RequiredAllConfigurationParams<Req, Res, Supported, Added>, V extends RequiredAllConfigurationParams<Req, Res, Supported, Added>[K]>(params: AllConfigurationParams<Req, Res, Supported, Added>, key: K): V;
+    protected createInternalLogger(params: RequiredAllConfigurationParams<Req, Res, Supported, Added>): ILogger;
+    setRemoteConfigData(remoteConfigData: RemoteConfigData<Req, Res, Supported, Added>): void;
+    getActiveConfig(): ActiveConfigurationParams<Req, Res, Supported, Added>;
+    getStaticConfig(): StaticConfigurationParams<Req, Res, Supported, Added>;
+    getRemoteConfig(): RemoteConfigurationParams<Req, Res, Supported, Added>;
     get moduleVersion(): string;
     get logger(): ILogger;
     get appId(): string;
@@ -105,9 +105,9 @@ export declare abstract class ConfigurationBase<Req, Res, Added, Removed extends
     get extractGraphQLKeywords(): ExtractGraphQLKeywordsFunction | null;
     get sensitiveGraphqlOperationNames(): Array<string | RegExp>;
     get sensitiveGraphqlOperationTypes(): string[];
-    get enrichCustomParameters(): CustomParametersFunction<Req, Res, Added, Removed> | null;
-    get enrichResponseCustomParameters(): ResponseCustomParametersFunction<Req, Res, Added, Removed> | null;
-    get additionalActivityHandler(): AdditionalActivityHandler<Req, Res, Added, Removed> | null;
+    get enrichCustomParameters(): CustomParametersFunction<Req, Res, Supported, Added> | null;
+    get enrichResponseCustomParameters(): ResponseCustomParametersFunction<Req, Res, Supported, Added> | null;
+    get additionalActivityHandler(): AdditionalActivityHandler<Req, Res, Supported, Added> | null;
     get altBackendCaptchaUrl(): string;
     get corsSupportEnabled(): boolean;
     get corsCustomPreflightHandler(): CustomPreflightHandler<Req> | null;
@@ -142,7 +142,8 @@ export declare abstract class ConfigurationBase<Req, Res, Added, Removed extends
     get securedPxhdEnabled(): boolean;
     get tokenVersion(): `${TokenVersion}`;
     get snippetInjectionEnabled(): boolean;
-    get createCustomSnippet(): CustomSnippetFunction<Req, Res, Added, Removed> | null;
+    get createCustomSnippet(): CustomSnippetFunction<Req, Res, Supported, Added> | null;
+    get dataEnrichmentHeaderName(): string;
     get enableBlockedUrlOnCaptchaBlockPage(): boolean;
     get awaitAsyncHttpRequests(): boolean;
     get isPostEnforceEnabled(): boolean;