What is the difference between reese84 and utmvc?

reese84 is the newer Imperva fingerprint sensor — it posts a payload to a /reese.js endpoint and the response binds to the visid_incap_* cookie. utmvc is the older sensor (_Incapsula_Resource?SWHANEDL=...) that issues the incap_ses_* and nlbi_* session cookies. Many sites run both layers; check the page source to see which scripts load.

Why are Incapsula cookies bound to my IP?

Imperva fingerprints the originating IP into the visid_incap_* and incap_ses_* cookies and refuses to honor them from any other IP. You cannot manually edit Incapsula cookies. Always solve from the exact proxy you will retry with, and re-solve when the IP rotates.

How do I solve an Imperva 403 challenge programmatically?

POST to https://api.meshprivacy.com/v1/tasks/submit with service: 'reese84' (passing script_url to reese.js) for the fingerprint flow, or service: 'utmvc' (passing url plus the _Incapsula_Resource script_url) for the session cookie flow. Poll /v1/tasks/result/{task_id} for 3-8 seconds and attach the returned cookies.

Which Incapsula cookies do I need to keep?

After utmvc solve: visid_incap_ , nlbi_ , and incap_ses_ _ . Send all three on every request to the protected domain. After reese84: the reese84 token cookie. Cookies are bound to the IP, so reuse them only from the original proxy.

How fast does MeshPrivacy generate Incapsula cookies?

reese84: 3-7 seconds typical. utmvc: 4-8 seconds. Upstream timeout is 120 seconds. We do not advertise sub-second numbers — Imperva sensor data collection requires real compute time on every solve.

How much does Incapsula/Imperva solving cost?

Pricing is per-credit at 1 USD = 1,000 credits. Credit cost per request varies per service and may change — see meshprivacy.com/pricing for current rates. New accounts get 20 free credits with no credit card required.

Is Incapsula the same as Imperva?

Yes. Incapsula was the original product name; Imperva is the company that owns it. Documentation and customer accounts use the names interchangeably. The cookies (visid_incap_*, incap_ses_*, nlbi_*), the sensor scripts and the challenge flow are identical.

Looking for an overview? See the Imperva/Incapsula product page

Resolving Incapsula/Imperva 403 Errors

Incapsula (Imperva) uses device fingerprinting with reese84 and utmvc challenges. Cookies are bound to IP addresses and cannot be modified. MeshPrivacy generates valid session cookies by completing the fingerprint verification process from your IP.

Critical: IP-Bound Cookies

Incapsula cookies cannot be manually modified and are bound to your IP address. Cookies generated from a different IP will not work. Ensure consistent IP usage throughout your session.

Error Codes

Code	Meaning	Resolution
403	Most common block response	Generate valid session cookies via API
200	Deceptive block page (Incapsula HTML)	Detect and solve embedded challenge

Real-time API status: trust.meshprivacy.com

Cookies & Headers

Session Cookies

incap_ses_* - Session token

visid_incap_* - Visitor device ID

Format: incap_ses_[site_id]=[token]

Response Headers

X-Iinfo - Incapsula info

X-CDN: Incapsula

Check these headers to identify Incapsula protection.

Service Variants

Imperva/Incapsula challenges resolve through two distinct service IDs in MeshPrivacy. Pick the one matching the script the target serves.

`reese84`Primary

Fingerprint sensor data submission. Collects browser and device characteristics for verification against Imperva's database.

Field	Type	Required	Description
`script_url`	string	Yes	Reese84 script URL from Imperva/Incapsula
`url`	string	No	Target URL
`proxy_config`	string	No	Proxy in `http://user:pass@ip:port` format
`user_agent`	string	No	Custom user agent

reese84.js

// Submit Incapsula Reese84 task
const response = await fetch('https://api.meshprivacy.com/v1/tasks/submit', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json', 'X-API-Key': API_KEY },
  body: JSON.stringify({
    service: 'reese84',
    script_url: 'https://target-site.com/path/to/reese.js', // required
    url: 'https://target-site.com/',                        // optional
    proxy_config: 'http://user:pass@ip:port',               // optional - use same IP throughout
    user_agent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)...' // optional
  })
});
const { task_id } = await response.json();
const result = await fetch(`https://api.meshprivacy.com/v1/tasks/result/${task_id}`, {
  headers: { 'X-API-Key': API_KEY }
});
const { cookies } = await result.json();
// reese84 token returned for fingerprint sensor submission

`utmvc`

Behavior tracking cookie challenge served via _Incapsula_Resource. Generates valid incap_ses_* and visid_incap_* cookies.

Field	Type	Required	Description
`url`	string	Yes	Target URL
`script_url`	string	Yes	UTMVC script URL (`_Incapsula_Resource`)
`cookies`	object	No	Incapsula cookies JSON (`visid_incap`, `nlbi`, `incap_ses`)
`proxy_config`	string	No
`user_agent`	string	No

utmvc.js

// Submit Incapsula UTMVC task
const response = await fetch('https://api.meshprivacy.com/v1/tasks/submit', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json', 'X-API-Key': API_KEY },
  body: JSON.stringify({
    service: 'utmvc',
    url: 'https://target-site.com/',                        // required
    script_url: 'https://target-site.com/_Incapsula_Resource?SWHANEDL=...', // required
    cookies: {                                              // optional - Incapsula cookies JSON
      'visid_incap_123456': '...',
      'nlbi_123456': '...',
      'incap_ses_123_456': '...'
    },
    proxy_config: 'http://user:pass@ip:port',               // optional
    user_agent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)...' // optional
  })
});

FAQ

Imperva binds cookies to IP addresses as a security measure against token theft. If you change IPs mid-session, cookies become invalid and you'll receive 403 errors.

Related Services

Akamai|DataDome|PerimeterX|AWS WAF