Web scraping is growing exponentially, but so are countermeasures to block scrapers. In this comprehensive 2500+ word guide, we‘ll cover time-tested techniques to scrape effectively while avoiding detection.
Whether you‘re collecting data for research, monitoring prices, or building a browser automation system, scraping intelligently is key to success. Let‘s take a deep dive!
The Cat and Mouse Game of Scraping vs. Blocking
First, some scraping stats:
-
Web scraping usage has grown over 300% since 2018, with Python and JavaScript as the top languages .
-
Over 64% of sites now use advanced bot detection and CAPTCHAs to block scrapers .
-
Scraper related blocks have increased 200% in the travel sector and 175% in e-commerce .
Clearly there‘s an arms race underway between scrapers harvesting data and sites trying to thwart them. Businesses invest heavily in blocking to protect their content, servers, and comply with regulations.
To scrape effectively today, we must learn to avoid tripwires and fly under the radar.
Next we‘ll cover key motivations behind blocking and strategies to work responsibly within them.
Why Sites Block Scrapers in the First Place
Understanding a site‘s incentives provides clues to scrape smarter:
Protecting Proprietary Data and Content
A top priority for many sites is safeguarding their unique data and content. They‘ve invested in developing this intellectual property. Scraping can steal it without consent, undermining control.
For example, sports sites like ESPN scrape-protect detailed stats. News sites like WSJ block article text scraping to force subscriptions. Sites want to control access on their terms.
Avoiding Server Overload and Abuse
Websites balance performance and costs by provisioning to handle average traffic levels. Suddenly bombarding servers with thousands of scraping requests creates denial-of-service type conditions.
Retail sites time and again block Black Friday monitoring bots that grind websites to a halt. Respectful scraping means staying within reasonable limits.
Complying with Robots.txt and Similar Rules
The robots.txt file gives guidance to crawlers on what they can and can‘t access. Well-behaved scrapers read this and obey site owner directives. Ignoring robots.txt is a red flag you‘re overstepping bounds.
For example, Twitter‘s robots.txt forbids scraping user profiles without permission. Ethical scraping means respecting such guidance.
Business Interests and Legal Obligations
Companies may monetize data via APIs, want control over partnerships, or have contractual data use standards. Indiscriminate scraping contradicts these business interests.
Many sites also have legal duties around data handling. Scraping customer personal information (PII) without consent raises huge fines. It‘s critical to understand data regulations.
Now that we‘ve explored motivations, let‘s move on to specific evasion tactics…
Blending In with Browser-Like Headers
One of the most basic scraper exposures is suspicious HTTP headers. Standard libraries have identifiable signatures that differ from real browsers. We can fix this by mimicking header values from common browsers like Chrome:
headers = {
‘User-Agent‘: ‘Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36‘,
‘Accept‘: ‘text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8‘,
‘Accept-Language‘: ‘en-US,en;q=0.5‘,
} Some key headers to prioritize:
- User-Agent: Browser and version string. Set to a real value. Unique user-agents are red flags.
- Accept: Supported content types like HTML or JSON. Match browser limits.
- Accept-Encoding: Allowed compression formats. Browsers accept gzip/deflate.
- Accept-Language: Browser languages in priority order. Format per RFC spec.
- Upgrade-Insecure-Requests: Asks server to use HTTPS. Enabled in modern browsers.
- Cache-Control: Caching policy like no-cache or max-age. Most browsers set this.
Also watch ordering – some sites fingerprint based on header sequence! Mimic Chrome or Firefox order.
For bonus points, dynamically generate valid values within expected ranges for a natural look. There are great tools to mock real browser headers during development like this Chrome extension. The key is blending in with the herd, not standing out!
Rotating Random Proxy IPs
Scrapers frequently get caught by sending all traffic from a single identifiable IP. The solution is routing requests through proxies – intermediary IPs that mask your identity.
Some popular data scraping proxy services include:
- BrightData – 40M+ IPs with location targeting
- Smartproxy – 27M+ IPs, inc. mobile networks
- Oxylabs – Real-time residential IPs
- Soax – Geo-targeting, pays for IPs
Proxies can be configured in Python with the Requests module:
import requests
proxy = ‘52.143.191.204:3128‘
proxies = {
‘http‘: ‘http://‘ + proxy,
‘https‘: ‘https://‘ + proxy
}
requests.get(‘https://example.com‘, proxies=proxies)This routes the request through our proxy instead of directly from our own IP.
The key is cycling through a large, diverse pool of proxies. This prevents the same IPs from being blocked. Services like BrightData offer over 40 million IPs that can be rotated each request. Their APIs also allow targeting specific proxy locations.
Regularly refreshing proxies is essential to distribute traffic and appear human. Don‘t scrape important sites from a single proxy!
Executing JavaScript with Selenium Browser Automation
Traditional request scraping misses dynamically loaded content created by JavaScript on the client-side. Embedded game data, infinite scroll pages, and interactive visualizations all rely on JS.
To render JavaScript, we need full browser automation tools like Selenium and Playwright:
from selenium import webdriver
options = webdriver.ChromeOptions()
driver = webdriver.Chrome(options=options)
driver.get(‘https://example.com‘)
html = driver.page_source # contains JS rendered contentHere Selenium directly controls Chrome to execute page scripts and build the final DOM like a real user‘s browser would.
The catch is browser automation is easy to detect. The solution is using tools like Puppeteer Extra and Stealth Plugin to spoof telltale signs of Selenium:
from selenium import webdriver
from selenium_stealth import stealth
options = webdriver.ChromeOptions()
driver = webdriver.Chrome(options=options)
stealth(driver,
languages=["en-US", "en"],
vendor="Google Inc.",
webgl_vendor="Intel Inc.",
renderer="Intel Iris OpenGL Engine",
)This fakes browser fingerprints like languages, vendor strings, and WebGL rendering to mask automation.
Also carefully humanize interactions with realistic typing, scrolling, clicks, and hovers. Aggressive automation is a red flag. Smooth natural browsing evades detection.
Analyzing and Spoofing Browser Fingerprints
Beyond headers and IP, sites fingerprint browsers by probing hundreds of subtle configuration differences like screen size, fonts, and supported features.
Selenium exposes automation artifacts like missing browser extensions or plugins. Fingerprinting checks for oddities like this to detect bots.
We can use tools like Selenium Stealth to spoof many fingerprint variables:
from selenium import webdriver
from selenium_stealth import stealth
options = webdriver.ChromeOptions()
options.add_argument("window-size=1400,600")
driver = webdriver.Chrome(options=options)
stealth(driver,
fonts="Times, Verdana",
gpu="Google SwiftShader",
platform="Win32",
webgl_vendor="Intel Inc."
)This fakes browser font lists, GPU/WebGL rendering, and platform specifics. Combine this with proxy rotation to frustrate fingerprint tracking.
Next generation fingerprinting uses advanced techniques like canvas and WebGL rendering analysis. Tools like FP-Scanner can check your custom scraper‘s fingerprints against a database of thousands of known values. Study your fingerprints and optimize spoofing for maximum randomness.
Adding Delays Between Requests
Scrapers often blast sites with back-to-back rapid requests in quick succession. This is a quick giveaway compared to human patterns.
Introducing delays makes traffic appear more natural and avoids overloading servers:
import requests
import time
urls = [...] # list of URLs
for url in urls:
response = requests.get(url)
time.sleep(5) # pause 5s between requests Start with 3-5 seconds between requests, and randomize intervals to be less predictable. Scrape any given site slowly at first.
Many paid scraping services like BrightData automatically pace requests evenly. This prevents blasting a site if your script has a bug. Intelligent pacing is essential for respectful site usage.
Reacting to Different Block Pages
When you do get blocked, server responses provide clues for how to recover:
-
403 Forbidden – Access forbidden, IP likely blocked. Rotate proxies.
-
429 Too Many Requests – You‘re rate limited. Slow down paced requests.
-
503 Service Unavailable – Server overloaded. Slow down or pause scraping temporarily.
-
CAPTCHAs – Pass a challenge to prove you‘re human.
-
reCAPTCHA – Advanced CAPTCHA system from Google. Paid solving services can help.
For most blocks, the answer is using more proxies at easy pacing. But repeated CAPTCHAs likely mean that site doesn‘t want scraping. Consider focusing efforts elsewhere.
Leveraging Paid Scraping APIs
Building a well-rounded undetectable scraper requires expertise across many complex domains like proxy management, browser emulation, OCR, and avoiding AI detection systems.
Fortunately paid scraping APIs handle this heavy lifting for you with just a few lines of code:
import scrapingbee
client = scrapingbee.ScrapingBeeClient(api_key=‘ABC123‘)
response = client.get(url=‘https://example.com‘)
html = response.contentPopular scraping APIs include:
- ScrapingBee – 5M free requests
- ScraperAPI – 1M free requests
- BrightData – 72 hour free trial
- SerpApi – 100 free searches
These services take care of proxy rotation, browser fingerprinting, CAPTCHAs, and blocks. Less work for you means more time spent deriving insights from scraped data.
Paid APIs also provide extra tools like JavaScript rendering, HTML cleanup, CSS selectors, and more – all accessible via simple request APIs.
Scraping Ethically and Intelligently
Scraping and blocking will always be an arms race. Yet the most sustainable approach is scraping ethically and intelligently.
This means respecting sites‘ wishes, checking robots.txt, studying terms of service, limiting load, and leveraging data responsibly. Avoid viewing blocking circumvention as the default.
With good judgement, we can leverage scraping to derive insights while also supporting a healthy web ecosystem. Sites that offer clear guidance are showing they value their communities. Aim to be a considerate member.
I hope this guide has provided a comprehensive playbook to scrape effectively in 2022 and beyond. Please apply these lessons in a thoughtful manner and happy scraping!
