AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-05-28 · Documentation low

File: waf/latest/developerguide/waf-bot-with-tokens.md

Summary

Added minimum integration guidance for Bot Control script placement on critical pages.

Security assessment

Documents security feature (Bot Control) implementation best practices but doesn't fix a security vulnerability.

Diff

diff --git a/waf/latest/developerguide/waf-bot-with-tokens.md b/waf/latest/developerguide/waf-bot-with-tokens.md
index 67be8d44d..f16a8c931 100644
--- a//waf/latest/developerguide/waf-bot-with-tokens.md
+++ b//waf/latest/developerguide/waf-bot-with-tokens.md
@@ -18,0 +19,2 @@ We highly recommend implementing the application integration SDKs, for the most
+At minimum, add the JavaScript challenge script tag to your most critical pages such as login, checkout, and account creation. For the strongest detection, integrate the SDK more broadly across pages that serve dynamic content. The more behavioral data Bot Control has, the better it can distinguish real users from advanced bots. For detailed integration guidance, see [Integrating the client application integration SDKs](./waf-bot-control-use-cases.html#waf-bot-control-sdk-guidance).
+