How much does Blankitt Edge cost?

Blankitt Edge starts from £99/month for the Starter plan. Growth is £199/month with 30-day raw retention and webhook alerts. Enterprise is £499/month with 90-day retention and on-premise deployment.

How long does it take to set up Blankitt Edge?

Most merchants see their first dashboard within minutes. Create a source, point your Cloudflare Logpush at the ingest URL, and detectors start analysing immediately.

What data does Blankitt Edge store?

Edge stores rolled-up traffic aggregates for dashboards and alerting, plus raw NDJSON batches for forensic investigation. Retention depends on your plan (7, 30, or 90 days). With on-prem, raw data never leaves your network.

Edge

See what your eCDN can't tell you.

Real-time observability and threat detection for Salesforce B2C Commerce. Ingest your Cloudflare Logpush data, detect scraping operations, bot attacks, and origin abuse — before they impact performance or spike costs.

Get started free View pricing

The eCDN blind spot

Salesforce B2C Commerce ships traffic behind a Cloudflare-powered eCDN. But as an SFCC merchant, you cannot access the Cloudflare console, Bot Management, or WAF analytics. The eCDN exposes raw logs via the CDN Zones API but provides no anomaly detection, no alerting, and no visibility into who is hitting your origin.

You are blind until performance degrades or origin bandwidth costs spike. Edge fills that gap — ingesting your Logpush data and running eleven purpose-built detectors against it continuously.

Real incident. Real blind spot.

Detected through manual log analysis — not by the eCDN.

A coordinated scraping operation from a single Vietnamese ISP (ASN 45899) ran undetected for two months against a Salesforce B2C Commerce storefront. The attacker used distributed IPs, deliberately rotated user agents, and a shared URL queue to systematically catalogue products across four regional sites.

Over that period, the ASN generated 34 million requests — 16.5 million received successful responses before mitigations were applied. Almost all traffic bypassed the cache and hit the origin directly, causing 503 and 521 errors. When challenged, the attacker upgraded their tooling and escalated to 8.1 million requests in 12 hours. None of this was detected by the eCDN's built-in protections.

34Mtotal requests over 2 months

16.5Msuccessful scrapes (200s)

2 monthsundetected by the eCDN

<2 minEdge detection time

Eleven built-in threat detectors

Continuous per-minute analysis of your eCDN traffic. Every detector has configurable thresholds and fires alerts automatically when patterns indicate abuse.

ASN traffic spike

Compares each ASN's 5-minute request volume against its own 60-minute rolling average. Fires when a single network suddenly sends multiples more traffic than normal — the hallmark of a coordinated scrape.

Abnormal 499 rate

A 499 means the client closed the connection before your server finished responding. Legitimate browsers almost never do this. Scrapers do it constantly. Edge flags any ASN with an elevated 499 ratio — the single most reliable scraper signature.

Cache bypass

Catches ASNs whose cache-miss ratio deviates dramatically from your site's healthy baseline. A high miss rate means requests are hitting your origin directly — an origin-cost attack that inflates bandwidth bills without triggering CDN alerts.

User-agent rotation

Detects ASNs cycling through 15 or more user-agent families within a 10-minute window. Real users have one browser. Bots rotate through dozens of fake identities to evade simple fingerprinting.

Slow-burn detector

Catches gradual week-over-week escalation that no fast detector fires on. Compares 7-day vs 28-day baselines per ASN and country — trips when total traffic rises, 499 ratios climb, or cache-hit rates silently drop.

Bot score

Leverages Cloudflare Bot Management scores exposed via the eCDN. Flags ASNs where 50%+ of scored traffic is automated (score below 30) — catching bots that rotate IPs, user-agents, and fingerprints.

TLS weak protocol

Detects traffic using deprecated TLS 1.0/1.1 or no encryption. Surfaces misconfigured scrapers, legacy integrations, and PCI DSS 4.0 compliance risk.

Path entropy

Catches systematic catalogue crawling by measuring how evenly an ASN distributes requests across URL paths. Legitimate users hit popular pages heavily; catalogue walkers hit every path evenly.

Challenge solving

Detects post-mitigation evasion where attackers upgrade tooling to solve WAF challenges after being blocked. Compares solve rates across time windows to catch the tool upgrade.

Operation fingerprint

Identifies the same scraping operation from new networks by matching behaviour profiles (path distribution, UA mix, status codes) against known-bad signatures. Supports monitor and alert modes.

Certificate expiry

Monitors SSL/TLS certificates for your domains. Probes daily and alerts at configurable thresholds (30, 14, 7, 1 days) before expiry. Detects certificate changes and issuer switches.

Forensic raw retention

Original NDJSON batches archived for drill-down investigation when an alert fires. Query raw request data by ASN, path, status code, or user-agent to confirm threats and build evidence for your CDN provider.

How it works

No JavaScript injection. No client-side scripts. No impact on page performance.

Connect Logpush

Create a source in Edge and configure eCDN Logpush via the CDN Zones API to point at your ingest URL. Bearer token authentication ensures only your logs are accepted. Setup takes minutes.

Detectors analyse

Eleven detectors run continuously on per-minute aggregated data. ASN spikes, scraper signatures, cache bypass, bot scores, path entropy, challenge evasion, and more are all caught automatically.

Alerts fire

When a detector trips, Edge sends email and webhook notifications within two minutes. Acknowledge, investigate with raw forensic data, and resolve — all from the dashboard.

Cloud or on-premises

Same dashboards, same detectors. Choose where your data lives.

Cloud

Point your Logpush at our ingest URL. We handle the infrastructure, rollups, and storage. Dashboards available immediately via Portal SSO.

On-premises

Run a Rust container locally. Logs are processed on your network — only rolled-up aggregates ship to the portal. Raw data never leaves your infrastructure. Available on the Enterprise plan.

Why Edge?

Enterprise bot management tools cost £30k–£200k+/yr and require JavaScript injection. DIY monitoring means months of engineering. Edge gives you purpose-built detection from £99/month.

	Enterprise	DIY	Edge
Price	£30k–£200k+/yr	£2k–£10k/mo + eng	From £99/mo
Time to value	3–6 months	2–4 months	Minutes
JS injection	Required	Not needed	Not needed
SFCC-specific	No	No	Yes
On-premise	No	Self-hosted only	Yes
Slow-burn detection	No	Build it yourself	Built-in

One incident pays for years of Edge.

A two-month scraping operation sent 34 million requests — almost all bypassing cache and hitting origin directly. The resulting bandwidth costs and 503 errors dwarfed the cost of detection. Edge would have caught it within minutes of the first anomalous batch.

£5–£10k

Cost of one undetected incident

Origin bandwidth + performance impact

£40–£60k

Build it yourself

Engineering time + ongoing maintenance

£99/mo

Blankitt Edge

All detectors, alerts, and dashboards

Transparent pricing

No sales calls. No hidden fees. All eleven detectors included on every plan.

Starter

£99

/month

Sources3

DetectorsAll 11

Raw retention7 days

AlertsEmail

Growth

£199

/month

Sources10

DetectorsAll 11

Raw retention30 days

AlertsEmail + Webhook

On-prem available

Enterprise

£499

/month

SourcesUnlimited

DetectorsAll 11

Raw retention90 days

AlertsEmail + Webhook

View full pricing and features

Frequently asked questions

Does Blankitt Edge require JavaScript injection?

No. Edge works purely from Cloudflare Logpush data. There are no JS tags, no client-side scripts, and no impact on page load performance. Most enterprise bot detection tools require a JavaScript SDK injected into every page — which many SFCC implementations restrict or prohibit.

Can I run Blankitt Edge on-premises?

Yes. Edge offers both a cloud-hosted option and an on-premises Rust container. With on-prem, raw logs are processed on your network — only rolled-up aggregates ship to the dashboard. Raw request data never leaves your infrastructure.

How quickly does Blankitt Edge detect threats?

Detectors run on a per-minute cron cycle. When an anomaly is detected, alerts fire within two minutes via email and webhook notifications. You can acknowledge and resolve alerts directly from the dashboard.

How long does setup take?

Most merchants see their first dashboard within minutes. Create a source in Edge, configure eCDN Logpush via the CDN Zones API to point at your ingest URL, and detectors start analysing as soon as the first batch arrives.

What data does Edge store?

Edge stores rolled-up traffic aggregates (1-minute buckets) for dashboards and alerting. Raw NDJSON batches are archived for forensic investigation — retention depends on your plan (7, 30, or 90 days). With on-prem deployment, raw data never leaves your network.

Can I tune the detector thresholds?

Yes. Every detector has configurable thresholds — multiplier, minimum request count, and evaluation window. Defaults work well for most storefronts, but you can adjust them on the Rules page to match your traffic profile.

Stop flying blind on your eCDN.

Connect your Logpush and see your first dashboard in minutes.

Get started free