Anti-Bot Bypass Service

🛡️ The only native pay-per-use anti-bot bypass on Apify Store — bypass Cloudflare, PerimeterX (HUMAN) & DataDome at $5 per 1,000 requests.

Send any protected URL. Get back clean HTML, reusable session cookies, extracted structured data, and optional screenshots. No subscriptions, no monthly minimums, no setup. Drop it into any scraper or pipeline as a one-call middleware.

---

🏆 Why This Actor

Feature	This Actor	ScrapingBee	Browserless	Bright Data Unlocker
Price	$5 / 1,000 requests	$49–199/mo subscription	$50–200/mo subscription	$3–8 / 1,000 + extra fees
No monthly fee	✅ Pure pay-per-use	❌ Monthly commitment	❌ Monthly commitment	❌ Commitment plans
Cloudflare bypass	✅ Camoufox + Turnstile path	✅	✅	✅
PerimeterX bypass	✅ Press & Hold solver + 2Captcha fallback	❌ Limited	❌ Limited	✅
DataDome bypass	✅ Cookie + fingerprint	❌	❌	✅
Detection score (CreepJS)	0% headless leak	unknown	detectable	unknown
Captcha solving	✅ Built-in 2Captcha integration	Add-on cost	Not included	Included
Reusable session cookies	✅ Export _px3, cf_clearance, datadome, etc.	❌	❌	Limited
CSS extraction	✅ JSON selector:name map	Limited	❌	❌
Native Apify integration	✅ Chain with any actor	❌ External API	❌ External API	❌ External
Residential proxy included	✅ US/EU/global	Extra add-on	Extra add-on	Quota based

💡 Save $600+/year vs SaaS subscriptions — same bypass quality, zero commitment, runs natively on the Apify platform.

---

✨ Key Features

• 🛡️ 3 protection systems handled — Cloudflare (incl. Turnstile), PerimeterX (HUMAN Security), DataDome
• 🦊 Camoufox stealth Firefox engine — 0% detection score on CreepJS in headless + stealth mode
• 🍪 Reusable session cookies — export _px3, cf_clearance, datadome, etc. and reuse them with plain httpx/requests for fast subsequent fetches
• 📊 CSS data extraction — pass a {name: selector} map, get a clean key/value dict back
• 📸 Screenshots on demand — optional base64 PNG for visual verification
• 🔄 Auto-retry with rotation — every retry uses a fresh fingerprint + new residential proxy session
• 🤖 Human simulation — realistic mouse movement, scroll, and delay patterns
• ⏱️ Timing telemetry — per-request bypass duration, total duration, attempt count
• 🧠 2Captcha fallback — supply your 2Captcha API key to solve PerimeterX Press & Hold challenges automatically
• 📦 Bulk-friendly — pass an array of URLs; results pushed to the default dataset as JSON

---

📥 Input Parameters

Parameter	Type	Default	Description
url	string	—	Single target URL to bypass and fetch
urls	array	—	Multiple URLs to process in one run; combined with url if both provided
waitSelector	string	—	CSS selector to wait for after bypass to confirm content is ready
extractSelectors	object	—	{name: cssSelector} pairs for structured extraction, e.g. {"title": "h1", "price": ".price"}
returnHtml	boolean	true	Include full page HTML in each output item
returnCookies	boolean	true	Include session cookies (reusable for fast subsequent fetches)
returnScreenshot	boolean	false	Capture base64 PNG screenshot of final page state
proxyConfiguration	object	US residential	Apify proxy config; residential is strongly recommended
maxRetries	integer	2	Retry attempts per URL; each retry uses a fresh fingerprint + new proxy session
timeoutSecs	integer	60	Max time per URL including all retries
humanize	boolean	false	Simulate mouse movement, scroll, and realistic delays
captchaSolverApiKey	string (secret)	—	2Captcha API key — enables Press & Hold fallback for PerimeterX

---

📤 Sample Output

{
    "url": "https://www.protected-site.com/data",
    "status": "success",
    "protectionDetected": "perimeterx",
    "protectionBypassed": true,
    "html": "<!DOCTYPE html>...",
    "cookies": [
        { "name": "_px3", "value": "abc123...", "domain": ".example.com" },
        { "name": "cf_clearance", "value": "xyz...", "domain": ".example.com" }
    ],
    "extractedData": {
        "title": "Product Name",
        "price": "$29.99"
    },
    "timing": {
        "totalMs": 15230,
        "bypassMs": 4200,
        "attempt": 1
    },
    "scrapedAt": "2026-05-25T12:34:56Z"
}

Each successful URL becomes one dataset item. Failures still produce an item with status: "failed" and a descriptive error — never a silent empty result.

---

💡 Use Cases

• 🔗 Middleware for other scrapers — chain ahead of any actor to clear protection first
• 🍪 Cookie harvesting — get session cookies, then scrape at full speed with plain HTTP (10× faster, 10× cheaper)
• 💰 Price monitoring — access e-commerce sites behind Cloudflare/PerimeterX (Mercari, Best Buy, Nike, etc.)
• 🔬 Competitive research — reach competitor sites protected by bot detection
• 📊 Data aggregation — collect from protected directories, classifieds, and listings
• 🧪 QA testing — verify your own site's bot protection effectiveness against a known-good stealth client
• 🗞️ News + content monitoring — paywalled or rate-limited public pages
• 🤖 AI data pipelines — feed clean HTML into LLM-based extraction systems

---

📚 Named Examples

1. Bypass Cloudflare Turnstile (simple)

{ "url": "https://www.protected-site.com" }

2. Bypass PerimeterX Press & Hold (with 2Captcha)

{
  "url": "https://www.zillow.com/homes/austin-tx/",
  "captchaSolverApiKey": "YOUR_2CAPTCHA_KEY",
  "humanize": true
}

3. Bypass DataDome (cookie harvesting)

{
  "url": "https://www.realtor.com",
  "returnCookies": true,
  "returnHtml": false
}

4. Structured CSS extraction

{
  "url": "https://example.com/product/123",
  "waitSelector": "h1.product-title",
  "extractSelectors": {
    "title": "h1.product-title",
    "price": "span.price-now",
    "availability": ".stock-status"
  }
}

5. Bulk URLs in one run

{
  "urls": [
    "https://protected-a.com/page1",
    "https://protected-b.com/page2",
    "https://protected-c.com/page3"
  ],
  "maxRetries": 3
}

6. Visual verification with screenshot

{
  "url": "https://protected-site.com",
  "returnScreenshot": true
}

---

🔗 Integration Recipes

Python (Apify SDK)

from apify_client import ApifyClient

client = ApifyClient("YOUR_APIFY_API_TOKEN")
run = client.actor("h4sh/anti-bot-bypass").call(run_input={
    "url": "https://protected-site.com",
    "returnCookies": True,
})

for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    cookies = {c["name"]: c["value"] for c in item["cookies"]}
    # Reuse cookies with httpx for fast subsequent requests
    import httpx
    r = httpx.get("https://protected-site.com/api/items", cookies=cookies)
    print(r.json())

Node.js (Apify Client)

import { ApifyClient } from 'apify-client';
const client = new ApifyClient({ token: 'YOUR_APIFY_API_TOKEN' });
const run = await client.actor('h4sh/anti-bot-bypass').call({
    url: 'https://protected-site.com',
    returnCookies: true,
});
const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items[0].cookies);

Plain HTTP (curl)

curl -X POST "https://api.apify.com/v2/acts/h4sh~anti-bot-bypass/run-sync-get-dataset-items?token=YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://protected-site.com", "returnCookies": true}'

n8n / Make / Zapier

Use the Apify node to call this actor and reuse the returned cookies in subsequent HTTP nodes for fast, cheap follow-up scraping.

---

❓ FAQ

Q: Does this work against every site? A: It handles the three most common enterprise protections (Cloudflare, PerimeterX, DataDome) plus generic challenges. Some sites layer custom JS challenges, ML-trained PX models, or per-customer fingerprint blocklists where success rates vary. We do not silently return empty results — failed URLs are clearly marked status: "failed" with a reason.

Q: Why is it cheaper than ScrapingBee or Browserless? A: We do not run a SaaS backend with sales/support headcount. The actor runs natively on Apify with usage-based pricing. You skip the SaaS markup.

Q: How are PerimeterX Press & Hold challenges solved? A: First with native mouse-based simulation. If that fails and you provided a captchaSolverApiKey, we automatically dispatch to 2Captcha as fallback.

Q: Can I reuse cookies? A: Yes — that is the recommended pattern for high-volume work. Bypass once, then scrape with plain HTTP using the returned cookies at ~10× lower cost.

Q: Will my IP get blocked? A: No — the actor uses Apify residential proxies. Each retry rotates to a new IP and a fresh browser fingerprint.

Q: What happens if I hit a CAPTCHA the actor cannot solve? A: The output item is returned with status: "failed", protectionBypassed: false, and a clear reason like cloudflare_timeout or perimeterx_no_solver_key. You are not silently overcharged for an empty dataset.

Q: Does it work for authenticated/logged-in pages? A: Yes — pass pre-existing cookies via extraCookies (advanced flag). For full login flows, combine with a small custom actor that posts to the login endpoint, then chain here.

---

🛠️ Troubleshooting / Error Matrix

Symptom	Likely cause	Fix
cloudflare_timeout	Page expects interactive Turnstile that residential IP can't solve	Pass captchaSolverApiKey; try a different proxy country
perimeterx_no_solver_key	Press & Hold needed but no 2Captcha key supplied	Add captchaSolverApiKey
protectionDetected: "datadome" but blocked	Aggressive DataDome with device fingerprint blocklist	Increase maxRetries, enable humanize
Empty extractedData	Selector didn't match	Set waitSelector for the relevant element first
Timeout on long pages	Default 60s too low	Increase timeoutSecs to 120–180
Output HTML feels incomplete	Page renders content after JS scroll/interaction	Enable humanize: true
Repeated failures on same domain	Domain trained against generic stealth tools	Open a support thread — many sites need a small per-site config

---

💲 Pricing

• $0.005 per result — Apify pay-per-event model
• $0.005 actor-start charge — covers compute + residential proxy
• No monthly subscription, no minimum spend, no commitment
• Compare: ScrapingBee $49/mo (5K credits), Browserless $50/mo minimum, Bright Data Unlocker has commitment plans + extra fees
• Pay only for what you actually request

---

🔗 Related Tools & Cross-Sell

Companion Apify Actors (recurring data)

• Cars.com Scraper — vehicle listings with built-in Cloudflare bypass
• AutoTrader Scraper — Akamai-protected listings
• Realtor.com Scraper — DataDome-protected real estate data
• Zillow Scraper — PerimeterX-protected real estate listings
• GoodRx Drug Price Scraper — 6,600+ medications, pricing
• Etsy Scraper — listings, shops, pricing
• Depop Scraper — fashion resale marketplace
• Poshmark Scraper — fashion resale listings
• Vinted Scraper — EU fashion resale
• ThredUp Scraper — secondhand fashion
• ZocDoc Doctor Finder — doctor directory

Self-Hosted Standalone Toolkit

Need to run this anti-bot bypass on your own infrastructure, no Apify dependency, no per-request fees? Check the Anti-Bot Bypass Toolkit Python package — $49 one-time on Gumroad, full source code, commercial license, lifetime updates.

---

📝 Reviews & Feedback

If this actor saved you time or money, please leave a review on the Apify Store page — it directly helps other developers find it. Found a site that blocks us? Open a discussion and we'll investigate.

---

🔒 Privacy & Compliance

• All requests go through Apify's residential proxy network — no logs are stored beyond the Apify run lifecycle
• 2Captcha API keys are stored as secrets — never logged, never exposed in run output
• This tool is intended for accessing public web pages. Comply with target sites' Terms of Service and local laws.
• Not for credential stuffing, abuse, or activity that violates platform rules