Anti-Bot Bypass: Cloudflare, PerimeterX, DataDome
Under maintenancePricing
from $15.00 / 1,000 requests
Anti-Bot Bypass: Cloudflare, PerimeterX, DataDome
Under maintenanceBypass Cloudflare, PerimeterX (HUMAN) & DataDome at $15/1K requests. Stealth Camoufox returns clean HTML, reusable session cookies, CSS-extracted data, and screenshots. Runtime retry, timeout, URL, and proxy-session caps protect spend.
Pricing
from $15.00 / 1,000 requests
Rating
0.0
(0)
Developer
Actor stats
1
Bookmarked
44
Total users
13
Monthly active users
3 days ago
Last modified
Categories
Share
Anti-Bot Bypass Service
π‘οΈ The only native pay-per-use anti-bot bypass on Apify Store β bypass Cloudflare, PerimeterX (HUMAN) & DataDome at $5 per 1,000 requests today; approved $15 per 1,000 requests starts on 2026-06-19.
Send any protected URL. Get back clean HTML, reusable session cookies, extracted structured data, and optional screenshots. No subscriptions, no monthly minimums, no setup. Drop it into any scraper or pipeline as a one-call middleware.
π Why This Actor
| Feature | This Actor | ScrapingBee | Browserless | Bright Data Unlocker |
|---|---|---|---|---|
| Price | $5 / 1,000 requests today β approved $15 / 1,000 requests starts on 2026-06-19 | $49β199/mo subscription | $50β200/mo subscription | $3β8 / 1,000 + extra fees |
| No monthly fee | β Pure pay-per-use | β Monthly commitment | β Monthly commitment | β Commitment plans |
| Cloudflare bypass | β Camoufox + Turnstile path | β | β | β |
| PerimeterX bypass | β Press & Hold solver + 2Captcha fallback | β Limited | β Limited | β |
| DataDome bypass | β Cookie + fingerprint | β | β | β |
| Detection score (CreepJS) | 0% headless leak | unknown | detectable | unknown |
| Captcha solving | β Built-in 2Captcha integration | Add-on cost | Not included | Included |
| Reusable session cookies | β
Export _px3, cf_clearance, datadome, etc. | β | β | Limited |
| CSS extraction | β
JSON selector:name map | Limited | β | β |
| Native Apify integration | β Chain with any actor | β External API | β External API | β External |
| Residential proxy included | β US/EU/global | Extra add-on | Extra add-on | Quota based |
π‘ Save $600+/year vs SaaS subscriptions β same bypass quality, zero commitment, runs natively on the Apify platform.
β¨ Key Features
- π‘οΈ 3 protection systems handled β Cloudflare (incl. Turnstile), PerimeterX (HUMAN Security), DataDome
- π¦ Camoufox stealth Firefox engine β 0% detection score on CreepJS in headless + stealth mode
- πͺ Reusable session cookies β export
_px3,cf_clearance,datadome, etc. and reuse them with plainhttpx/requestsfor fast subsequent fetches - π CSS data extraction β pass a
{name: selector}map, get a clean key/value dict back - πΈ Screenshots on demand β optional base64 PNG for visual verification
- π Auto-retry with rotation β every retry uses a fresh fingerprint + new residential proxy session
- π€ Human simulation β realistic mouse movement, scroll, and delay patterns
- β±οΈ Timing telemetry β per-request bypass duration, total duration, attempt count
- π§ 2Captcha fallback β supply your 2Captcha API key to solve PerimeterX Press & Hold challenges automatically
- π¦ Bulk-friendly β pass an array of URLs; results pushed to the default dataset as JSON
π Profit-Safe Usage Patterns
Use these patterns to get better success rates and lower effective cost per successful page:
| Pattern | Best for | Recommended input |
|---|---|---|
| Cookie harvest first | Repeated requests to one domain | returnCookies: true, returnHtml: false, then reuse cookies with httpx, requests, Crawlee, or Playwright |
| Wait for real content | JS-heavy pages and search results | Set waitSelector to a stable page element, not a generic body selector |
| Bulk same-domain URLs | Multiple protected URLs | Send urls together so browser/session overhead is amortized |
| PerimeterX / HUMAN | Press & Hold flows | Use humanize: true and provide captchaSolverApiKey for fallback solving |
| Debug blocked targets | New site integration | Enable screenshots and inspect protectionDetected, final URL, cookies, and error reason |
Recommended examples by protection type
Cloudflare / Turnstile page
PerimeterX / HUMAN page
DataDome-protected page
π₯ Input Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
url | string | β | Single target URL to bypass and fetch |
urls | array | β | Multiple URLs to process in one run; combined with url if both provided |
waitSelector | string | β | CSS selector to wait for after bypass to confirm content is ready |
extractSelectors | object | β | {name: cssSelector} pairs for structured extraction, e.g. {"title": "h1", "price": ".price"} |
returnHtml | boolean | true | Include full page HTML in each output item |
returnCookies | boolean | true | Include session cookies (reusable for fast subsequent fetches) |
returnScreenshot | boolean | false | Capture base64 PNG screenshot of final page state |
proxyConfiguration | object | US residential | Apify proxy config; residential is strongly recommended |
maxRetries | integer | 2 | Retry attempts per URL; each retry uses a fresh fingerprint + new proxy session |
timeoutSecs | integer | 60 | Max time per URL including all retries |
humanize | boolean | false | Simulate mouse movement, scroll, and realistic delays |
captchaSolverApiKey | string (secret) | β | 2Captcha API key β enables Press & Hold fallback for PerimeterX |
π€ Sample Output
Each successful URL becomes one dataset item. Failures still produce an item with status: "failed", diagnostic attempts, costControls, and a descriptive error β never a silent empty result.
π‘ Use Cases
- π Middleware for other scrapers β chain ahead of any actor to clear protection first
- πͺ Cookie harvesting β get session cookies, then scrape at full speed with plain HTTP (10Γ faster, 10Γ cheaper)
- π° Price monitoring β access e-commerce sites behind Cloudflare/PerimeterX (Mercari, Best Buy, Nike, etc.)
- π¬ Competitive research β reach competitor sites protected by bot detection
- π Data aggregation β collect from protected directories, classifieds, and listings
- π§ͺ QA testing β verify your own site's bot protection effectiveness against a known-good stealth client
- ποΈ News + content monitoring β paywalled or rate-limited public pages
- π€ AI data pipelines β feed clean HTML into LLM-based extraction systems
π Named Examples
1. Bypass Cloudflare Turnstile (simple)
2. Bypass PerimeterX Press & Hold (with 2Captcha)
3. Bypass DataDome (cookie harvesting)
4. Structured CSS extraction
5. Bulk URLs in one run
6. Visual verification with screenshot
π Integration Recipes
Python (Apify SDK)
Node.js (Apify Client)
Plain HTTP (curl)
n8n / Make / Zapier
Use the Apify node to call this actor and reuse the returned cookies in subsequent HTTP nodes for fast, cheap follow-up scraping.
β FAQ
Q: Does this work against every site?
A: It handles the three most common enterprise protections (Cloudflare, PerimeterX, DataDome) plus generic challenges. Some sites layer custom JS challenges, ML-trained PX models, or per-customer fingerprint blocklists where success rates vary. We do not silently return empty results β failed URLs are clearly marked status: "failed" with a reason.
Q: Why is it cheaper than ScrapingBee or Browserless? A: We do not run a SaaS backend with sales/support headcount. The actor runs natively on Apify with usage-based pricing. You skip the SaaS markup.
Q: How are PerimeterX Press & Hold challenges solved?
A: First with native mouse-based simulation. If that fails and you provided a captchaSolverApiKey, we automatically dispatch to 2Captcha as fallback.
Q: Can I reuse cookies? A: Yes β that is the recommended pattern for high-volume work. Bypass once, then scrape with plain HTTP using the returned cookies at ~10Γ lower cost.
Q: Will my IP get blocked? A: No β the actor uses Apify residential proxies. Each retry rotates to a new IP and a fresh browser fingerprint.
Q: What happens if I hit a CAPTCHA the actor cannot solve?
A: The output item is returned with status: "failed", protectionBypassed: false, and a clear reason like cloudflare_timeout or perimeterx_no_solver_key. You are not silently overcharged for an empty dataset.
Q: Does it work for authenticated/logged-in pages?
A: Yes β pass pre-existing cookies via extraCookies (advanced flag). For full login flows, combine with a small custom actor that posts to the login endpoint, then chain here.
π οΈ Troubleshooting / Error Matrix
| Symptom | Likely cause | Fix |
|---|---|---|
cloudflare_timeout | Page expects interactive Turnstile that residential IP can't solve | Pass captchaSolverApiKey; try a different proxy country |
perimeterx_no_solver_key | Press & Hold needed but no 2Captcha key supplied | Add captchaSolverApiKey |
protectionDetected: "datadome" but blocked | Aggressive DataDome with device fingerprint blocklist | Increase maxRetries, enable humanize |
Empty extractedData | Selector didn't match | Set waitSelector for the relevant element first |
| Timeout on long pages | Default 60s too low | Increase timeoutSecs to 120β180 |
| Output HTML feels incomplete | Page renders content after JS scroll/interaction | Enable humanize: true |
| Repeated failures on same domain | Domain trained against generic stealth tools | Open a support thread β many sites need a small per-site config |
π§― Built-In Spend Controls
To protect customers and keep the actor profitable ahead of the scheduled $15/1K pricing update, the runtime now enforces these caps even for direct API callers:
| Control | Runtime cap |
|---|---|
| Retry attempts per URL | 3 |
| Per-URL timeout | 180 seconds |
| URLs per run | 25 |
| Total proxy/browser attempts per run | 50 |
Every output item includes a costControls object showing requested vs. applied limits, URL truncation, timeout caps, and attempts used. If every URL fails, the run is intentionally marked FAILED while preserving per-URL diagnostic dataset items so customers and maintainers can see exactly what blocked the attempt.
π² Pricing
- $0.005 per request today β scheduled to become $0.015 per request on 2026-06-19 β Apify pay-per-event model
- $0.005 actor-start charge β covers compute + residential proxy
- No monthly subscription, no minimum spend, no commitment
- Compare: ScrapingBee $49/mo (5K credits), Browserless $50/mo minimum, Bright Data Unlocker has commitment plans + extra fees
- Pay only for what you actually request
π Related Tools & Cross-Sell
Companion Apify Actors (recurring data)
- Cars.com Scraper β vehicle listings with built-in Cloudflare bypass
- AutoTrader Scraper β Akamai-protected listings
- Realtor.com Scraper β DataDome-protected real estate data
- Zillow Scraper β PerimeterX-protected real estate listings
- GoodRx Drug Price Scraper β 6,600+ medications, pricing
- Etsy Scraper β listings, shops, pricing
- Depop Scraper β fashion resale marketplace
- Poshmark Scraper β fashion resale listings
- Vinted Scraper β EU fashion resale
- ThredUp Scraper β secondhand fashion
- ZocDoc Doctor Finder β doctor directory
Self-Hosted Standalone Toolkit
Need to run this anti-bot bypass on your own infrastructure, no Apify dependency, no per-request fees? Check the Anti-Bot Bypass Toolkit Python package β $49 one-time on Gumroad, full source code, commercial license, lifetime updates.
π Reviews & Feedback
If this actor saved you time or money, please leave a review on the Apify Store page β it directly helps other developers find it. Found a site that blocks us? Open a discussion and we'll investigate.
π Privacy & Compliance
- All requests go through Apify's residential proxy network β no logs are stored beyond the Apify run lifecycle
- 2Captcha API keys are stored as secrets β never logged, never exposed in run output
- This tool is intended for accessing public web pages. Comply with target sites' Terms of Service and local laws.
- Not for credential stuffing, abuse, or activity that violates platform rules
