What amazon.com was observed using to filter automated traffic, and what IP class legitimate large-scale data collection tends to require. Reviewed July 2026.
Determined from public HTTP response signatures (cookies, headers and challenge assets), reviewed July 2026. Providers change their stack over time - verify current behavior yourself. This is read-only technical reference, not a bypass guide.
A CDN, WAF or challenge layer is present. How aggressively it challenges automated traffic varies by configuration and route.
Clean residential or mobile IPs generally pass; datacenter ranges are the usual failure point.
Online Marketplaces: Marketplaces layer rate limiting, TLS and browser fingerprinting, and login walls around listing and seller data, and many of the largest players are regional, so traffic from the wrong country stands out immediately. Collection here usually calls for geo-matched mobile or residential IPs, session persistence, and respect for each platform's terms and applicable data-protection law.
AWS WAF is Amazon Web Services' managed web application firewall. Site operators attach it to AWS edge and origin services such as CloudFront distributions, Application Load Balancers, and API Gateway, where it evaluates every HTTP request against a configurable web ACL before the request reaches the application. Its optional Bot Control managed rule group extends the base firewall from generic request filtering into dedicated bot detection and mitigation.
Full AWS WAF referenceResponsible use. This page describes the defense that exists, not how to defeat it. Always respect Amazon's robots.txt, Terms of Service and applicable law, and collect only data you are permitted to. We do not provide site-specific bypass instructions.
Data Works is our done-for-you web-data service: you send the URLs and fields, we run the collection on real 4G/5G carrier IPs and deliver clean, QA-checked CSV / JSON / API data. Prefer to run it yourself? The same carrier IPs are self-serve from $4/GB.
Yes. As of July 2026, amazon.com was observed running AWS WAF. A CDN, WAF or challenge layer is present. How aggressively it challenges automated traffic varies by configuration and route.
Clean residential or mobile IPs generally pass; datacenter ranges are the usual failure point. Whatever you use, respect Amazon's robots.txt and Terms of Service and collect only what you are permitted to.
Your browser runs from a home or mobile IP with clean reputation; a scraper on a datacenter or heavily-reused IP is scored and blocked before the page renders. Same request, different IP verdict.