Anti-Bot Vendor Guide

What to expect and how to optimize for each provider.

Sessemi detects and solves challenges automatically. You don't need to know which vendor a site uses — send a URL, get back HTML. But understanding what each vendor cares about helps you choose the right pool and build resilient scrapers.

Choosing a Pool

Your choice of proxy pool has the biggest impact on cost, speed, and success rate:

Pool	Cost	Best For
datacenter	1 credit (plain) / 3 credits (solve)	Sites with no anti-bot or light protection. Fast and cheap, but flagged by providers that check IP reputation.
residential	3 credits (plain) / 5 credits (solve)	Sites that block datacenter IPs or use aggressive behavioral analysis. Sticky sessions for multi-page scrapes.

Rule of thumb: Start with datacenter. If you see challenge_provider: "datadome" in responses or high failure rates, switch to residential.

Cloudflare SUPPORTED

Cloudflare is the most common anti-bot provider — over 20% of websites use it. It presents challenges that verify the client is a legitimate environment, ranging from invisible proof-of-work to interactive widgets.

What You'll See

Challenge	User Experience	Typical Solve Time
JS Challenge	Invisible — runs proof-of-work in the background.	3–8 seconds
Managed Challenge	Cloudflare decides dynamically: invisible PoW, interactive widget, or pass-through.	2–10 seconds
Turnstile	Interactive "Verify you are human" widget.	2–5 seconds

Recommendations

Pool: Datacenter works for most Cloudflare sites. Cloudflare primarily validates request behavior, not IP reputation. Switch to residential only if you see persistent challenge_timeout failures, which indicates the site has a configuration that blocks datacenter ranges outright.

Batches: The first request to a domain triggers a solve. Subsequent requests reuse the clearance and complete in 1–3 seconds.

{
  "url": "https://cloudflare-protected-site.com/products",
  "pool": "datacenter",
  "solve": true,
  "wait_for": ".product-list"
}json

Cost optimization: Cloudflare on datacenter costs 3 credits. On residential it's 5. Since most Cloudflare configurations don't check IP reputation, datacenter is 40% cheaper with the same success rate.

DataDome SUPPORTED

DataDome is used by major e-commerce and real estate platforms. It's more aggressive than Cloudflare — it combines device fingerprinting, IP reputation scoring, and behavioral analysis. The key difference: DataDome cares a lot about where you're connecting from.

What You'll See

Challenge	User Experience	Typical Solve Time
Device Check	Invisible — fingerprints the client and scores the request. If it passes, no visible challenge.	0s (pass-through) or escalates
Slider CAPTCHA	Interactive "Slide to verify" widget. Appears when the device check fails or IP reputation is low.	30–50 seconds

Recommendations

Pool: Residential is strongly recommended. DataDome maintains an IP reputation database and blocks most datacenter ranges. With residential IPs, the device check often passes silently — requests complete in 2–3 seconds with no solver overhead.

Datacenter as fallback: Works but triggers the slider on almost every first request. Use it for low-volume scrapes where 30–50s solve time is acceptable.

DataDome is IP-sensitive. Clearance is tied to the IP address. If your IP changes between requests (common with datacenter pools), the clearance is invalidated. Residential sessions maintain sticky IPs, making multi-page scrapes reliable.

Coverage note. Works reliably on most e-commerce, real estate, and classifieds sites. Some high-security configurations use aggressive IP reputation scoring that can flag entire proxy ranges for a domain. If you see consistent blocked responses, try a different country value — DataDome's scoring varies by geography. You're not charged for failed requests.

AJAX Endpoints

Many DataDome-protected sites have AJAX endpoints for secondary data (phone numbers, prices, availability). These require the same clearance as page requests. To access them:

1. Use a session (session parameter) for the initial page load.

2. Use script-only mode to call AJAX endpoints on the same session.

3. Space calls at 1.5–2 second intervals. Rapid requests trigger behavioral detection.

// Step 1: Establish session
{
  "url": "https://datadome-site.com/listings",
  "session": "my-session",
  "solve": true
}

// Step 2: AJAX on same session (no url, script only)
{
  "session": "my-session",
  "script": "const r = await fetch('/api/data/123'); return await r.json();"
}json

Session burn detection. If AJAX calls start failing (403s or timeouts), the session is burned. Detect consecutive failures (3+) and re-establish a fresh session. See Error Recovery.

Akamai SUPPORTED

Akamai Bot Manager is used by large enterprises — airlines, banks, retailers. It collects device telemetry and scores requests server-side. Unlike Cloudflare and DataDome, Akamai rarely shows visible challenges — most decisions happen invisibly.

Sessemi detects and solves Akamai challenges automatically. The first request to an Akamai-protected domain takes longer than Cloudflare or DataDome. Subsequent requests to the same domain reuse the clearance and are significantly faster.

Akamai is the heaviest vendor. Expect higher per-page times than Cloudflare or DataDome. Use sessions (session param) to reuse clearance across requests to the same domain.

Coverage note. Works on standard Akamai configurations. Enterprise sites with advanced session binding may require browser solving for every page — use the session param to optimize repeated requests to the same domain. Test your target site in the playground first. You're not charged for failed requests.

Batch Scraping

Sessemi is optimized for batch workloads. The first request to a protected domain pays the solve cost; subsequent requests reuse the clearance.

Scenario	First Page	Pages 2–N	100 Pages
Cloudflare + DC	~8s	~2s	600 credits
DataDome + Residential	~3s (bypass) or ~40s (solve)	~2s	500–1,000 credits
Akamai + Residential	~18s	~2–7s	1,000–2,000 credits
No protection + DC	~1s	~1s	100 credits

The first request pays the tax. For DataDome on residential, most requests bypass entirely — no solve needed.

AJAX Enrichment Pattern

Many scraping workflows need secondary data behind AJAX endpoints — phone numbers, prices, availability. The recommended pattern:

1. Session for page HTML — establishes clearance, solves challenges if needed.

2. Direct requests for pagination — pages 2–N reuse clearance automatically.

3. Script-only for AJAX — runs fetch() inside the session with valid clearance.

Factor	Recommendation
Request rate	1.5–2 seconds between AJAX calls. Faster rates trigger behavioral detection.
Session lifetime	Sessions expire after 5 minutes idle. Plan batch sizes accordingly.
Failure recovery	Track consecutive failures. After 3, re-establish the session.
Concurrency	Script-only calls share the session. Keep AJAX calls sequential per session.

Error Recovery

Diagnostic Fields

Field	What It Tells You
challenge_provider	Which vendor was detected: `cloudflare`, `datadome`, `akamai`, or `none`.
failure_type	Why it failed: `challenge_timeout`, `burned`, `navigate_failed`.
solved	`true` when a challenge was detected and solved. Track this for cost analysis.

Common Failures

Pattern	Likely Cause	Fix
challenge_timeout on DC	Site blocks datacenter IPs entirely.	Switch to `pool: "residential"`.
failure_type: burned	IP is hard-blocked for this domain.	Residential handles this automatically (new session = new IP). On DC, retry — the pool rotates.
AJAX 403s or timeouts	Too many rapid requests burned the session.	Re-establish the session. Increase delay to 1.5–2s between calls.
Intermittent failures on residential	Residential IP was previously flagged. Rare.	Retry — new session gets a new IP.

Named Sessions

Named sessions let you persist cookies across multiple requests to the same domain. A session is created by passing "session": "my-name" in the request. All subsequent requests with the same session name reuse the cookies, clearances, and IP.

When to Use Sessions

Pattern	Example
Token minting	Load homepage to mint auth cookies, then hit internal API endpoints on the same session. Vinted example →
Cookie injection	Solve a challenge, then set application cookies (store IDs, locale preferences) via `custom_cookies` on the same session.
Multi-page crawls	Paginate through product listings or search results. One solve, many pages — all on the same IP and cookie jar.

Session Lifecycle

Sessions expire after 5 minutes of inactivity or 1 hour total. When a session expires, the next request with that name creates a fresh one — new IP, new cookies. For long-running scrapers, detect 401/403 and re-establish the session.

Mint, Then Replay

The most common pattern: one expensive browser request to solve challenges and capture cookies, followed by many cheap requests that replay those cookies.

// Step 1: Browser solve + cookie minting (~6s)
{
  "url": "https://www.example.com",
  "pool": "residential",
  "country": "FR",
  "session": "my-session"
}

// Step 2+: Cookie replay (~2s each)
{
  "url": "https://www.example.com/api/products?page=1",
  "pool": "residential",
  "country": "FR",
  "session": "my-session"
}

Cost impact: The first request pays the solve cost (3–5 credits). Subsequent requests on the same session pay the base cost only (1–3 credits). For a 100-page crawl, sessions reduce total credits by 80–90%.