# Bypass Akamai

 97% success on Akamai-protected targets. One API parameter.

##  Sensor payload signed. `_abck` minted. Page cleared. 

- **Real browser fingerprints.** [TLS](https://scrapfly.io/web-scraping-tools/ja3-fingerprint), [HTTP/2](https://scrapfly.io/web-scraping-tools/http2-fingerprint), [Canvas](https://scrapfly.io/web-scraping-tools/canvas-fingerprint), and [WebGL](https://scrapfly.io/web-scraping-tools/webgl-fingerprint) all match real Chrome on every request.
- **Adaptive challenge solving.** [JavaScript execution](https://scrapfly.io/docs/scrape-api/javascript-rendering), CAPTCHAs, proof-of-work, handled without solver keys.
- **Session intelligence.** Unblocked browser sessions reused across requests so Akamai sees a single coherent visitor.
 
**One API parameter.** Add `asp=True`. See the [ASP docs](https://scrapfly.io/docs/scrape-api/anti-scraping-protection).

 [Get Free API Key](https://scrapfly.io/register) [Read ASP docs](https://scrapfly.io/docs/scrape-api/anti-scraping-protection) 

 1,000 free credits. No credit card required. 

 

   

 FINGERPRINT DATA  LIVE  

















 

 

 + 4,000 more datapoints... 

 

 4,000+

 Fingerprint Datapoints 

200M+

 Proxy IPs 

50+

 Anti-Bots 

 



 

 

 

 

 

---

 COVERAGE## Every Akamai Signal, Matched

Bit-for-bit fingerprint parity with real Chrome. Not monkey-patching, not surface-level, engineered at the protocol and C++ layers.

 

 ##### \_abck Cookie Signed. Sensor Data Accepted.

Akamai Bot Manager issues the `_abck` cookie after the `sensor_data` payload verifies. The payload carries device telemetry, browser properties, and hardware fingerprints; a single mismatch against the observed request fingerprint invalidates the cookie instantly and blocks every follow-up request. Scrapfly generates authentic sensor\_data under a real browser and keeps `_abck` valid across the session.

**97%**success rate on akamai

**\_abck**cookie minted + kept valid

**sensor\_data**payload signed under real chrome

**1,400+**protected sites coverage

 





 

 

 ##### TLS Fingerprint, Byte-Perfect Chrome

Akamai inspects TLS fingerprint at the edge. A JA4 hash that doesn't match a known browser profile triggers the bmak script path immediately. Curlium emits the exact Chrome ClientHello, cipher order, GREASE, ALPN, signature algorithms, HTTP/2 SETTINGS frame.

[JA4 / JA3 match](https://scrapfly.io/web-scraping-tools/ja3-fingerprint)

[HTTP/2 SETTINGS](https://scrapfly.io/web-scraping-tools/http2-fingerprint)

Cipher order

ALPN / GREASE

 

 





 ##### Why DIY Bypasses Fail

Open-source Akamai bypass stacks break on every bmak rotation.

 | **curl-impersonate** | no sensor\_data |
|---|---|
| **akamai-bypass (OSS)** | broken per bmak rev |
| **Selenium + stealth** | fingerprint leaks |
| **Playwright** | Canvas + Audio mismatches |
| **Scrapfly** | 97%, tracked daily |

 





 

 ##### \_abck Refresh

Akamai rotates the cookie on a tight cadence. Scrapfly caches and rotates in lockstep, so a stale cookie never triggers a block.

 **auto** rotation handled 

 





 ##### Device Fingerprint, C++ Patches

Akamai reads Canvas hash, WebGL renderer, AudioContext, screen metrics, font enumeration, and Navigator plugins. Scrapium patches all of them in Chromium C++, not via JavaScript hooks that `toString()` inspection exposes.

[Canvas](https://scrapfly.io/web-scraping-tools/canvas-fingerprint)

[WebGL](https://scrapfly.io/web-scraping-tools/webgl-fingerprint)

[Audio](https://scrapfly.io/web-scraping-tools/audio-fingerprint)

Font list

Plugins

Screen

 

 





 ##### Fortune 500

~30% of Fortune 500 sites use some form of Akamai protection. Common in retail, airlines, and finance.

- Retail
- Airlines
- Finance
 
 





 

 ##### Akamai Detection Stack, Every Layer Matched

Akamai chains TLS → bmak sensor payload → \_abck cookie → device fingerprint → behavioral telemetry. Break one layer and the cookie invalidates.

 **TLS + HTTP/2**Curlium emits exact Chrome wire format

 

 **bmak Sensor Payload**generated under Scrapium C++ Chrome

 

 **\_abck Cookie Lifecycle**minted, cached, rotated, replayed

 

 **Behavioral Telemetry**mouse, keyboard, scroll timing realistic

 

 

 





 ##### bmak Sensor Collection

Akamai's `bmak.js` fingerprints the device and mints a signed sensor payload. Scrapium runs the collector under real Chrome semantics; the payload verifies server-side.

- Device telemetry matched
- Browser properties native
- Hardware signals coherent
- Timing signals realistic
 
 





 

 

---

 PROOF## One Parameter. Akamai Cleared.

Add `asp=True`. Scrapfly detects Akamai and routes through the correct engine, Curlium for HTTP-layer targets, Scrapium for JS-heavy ones.

 

Set `asp=True` and Scrapfly handles Akamai automatically. Picks [Curlium](https://scrapfly.io/curlium) or [Scrapium](https://scrapfly.io/scrapium) per target.

     Python TypeScript Go Rust HTTP / cURL  

      

 ```
from scrapfly import ScrapeConfig, ScrapflyClient, ScrapeApiResponse
client = ScrapflyClient(key="API KEY")

api_response: ScrapeApiResponse = client.scrape(
    ScrapeConfig(
        url='https://httpbin.dev/html',
        # bypass anti-scraping protection
        asp=True
    )
)
print(api_response.result)
```

 ```
import { 
    ScrapflyClient, ScrapeConfig 
} from 'jsr:@scrapfly/scrapfly-sdk';

const client = new ScrapflyClient({ key: "API KEY" });
let api_result = await client.scrape(
    new ScrapeConfig({
        url: 'https://httpbin.dev/html',
        // bypass anti-scraping protection
        asp: true,
    })
);
console.log(api_result.result);
```

 ```
package main

import (
	"fmt"
	"github.com/scrapfly/go-scrapfly"
)

func main() {
	client, _ := scrapfly.New("API KEY")
	result, _ := client.Scrape(&scrapfly.ScrapeConfig{
		URL: "https://httpbin.dev/html",
		// bypass anti-scraping protection
		ASP: true,
	})
	fmt.Println(result.Result.Content)
}
```

 ```
use scrapfly_sdk::{Client, ScrapeConfig};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let client = Client::builder().api_key("API KEY").build()?;

    let cfg = ScrapeConfig::builder("https://httpbin.dev/html")
        // bypass anti-scraping protection
        .asp(true)
        .build()?;

    let result = client.scrape(&cfg).await?;
    println!("{}", result.result.content);
    Ok(())
}
```

 ```
http https://api.scrapfly.io/scrape \
key==$SCRAPFLY_KEY \
url==https://httpbin.dev/html \
asp==true
```

 

 

 // RESPONSE    json  

 ```
{
  "result": {
    "status_code": 200,
    "success": true,
    "url": "https://httpbin.dev/html",
    "content": "<html>...</html>",
    "content_format": "raw",
    "content_type": "text/html; charset=utf-8",
    "response_headers": {
      "content-type": "text/html; charset=utf-8",
      "server": "cloudflare"
    },
    "cookies": [],
    "duration": 1842,
    "log_url": "https://scrapfly.io/dashboard/monitoring/log/01J...",
    "asp_cost": 30
  },
  "context": {
    "asp": true,
    "proxy": {
      "country": "us",
      "type": "datacenter"
    }
  }
}
```

 

 

 

 [ Python SDK docs → ](https://scrapfly.io/docs/sdk/python) [ TypeScript SDK docs → ](https://scrapfly.io/docs/sdk/typescript) [ Go SDK docs → ](https://scrapfly.io/docs/sdk/golang) [ Rust SDK docs → ](https://scrapfly.io/docs/sdk/rust) [ HTTP API docs → ](https://scrapfly.io/docs) 

 

 

 [ Get Free API Key ](https://scrapfly.io/register) [ Read the Bypass Guide → ](https://scrapfly.io/blog/posts/how-to-bypass-akamai-anti-scraping) 

 

---

  FAQ## Frequently Asked Questions

 

  ### Can I test on my specific Akamai targets?

 Yes. The free plan includes 1,000 API credits with no credit card required. Enable `asp=True` and test your exact targets before committing. Scrapfly achieves 97% success on Akamai-protected sites; failed requests are not charged.

 

   ### How much does ASP cost?

 ASP starts at 30+ credits per request, scaling with target complexity. You pay for what a specific target needs, not a flat premium. See [pricing](https://scrapfly.io/pricing).

 

   ### What is the \_abck cookie?

 Akamai's \_abck cookie carries the bot score derived from sensor data: device telemetry, browser properties, and hardware fingerprints. A mismatch between \_abck and the observed request fingerprint marks the visitor as a bot. Scrapfly regenerates the sensor data under a real browser and keeps the cookie valid across requests.

 

   ### What industries use Akamai?

 Akamai is common in retail, airlines, and finance. About 30% of Fortune 500 sites use some form of Akamai protection. DIY guide: [how to bypass Akamai](https://scrapfly.io/blog/posts/how-to-bypass-akamai-anti-scraping).

 

  

 

  ---

 // SEE ALSO### Bypass every other major anti-bot vendor too.

ASP handles every major anti-bot stack with the same flag. Switch targets, keep the parameter.

 [Cloudflare](https://scrapfly.io/bypass/cloudflare) 

 [DataDome](https://scrapfly.io/bypass/datadome) 

 [PerimeterX](https://scrapfly.io/bypass/perimeterx) 

 [Kasada](https://scrapfly.io/bypass/kasada) 

 [Incapsula](https://scrapfly.io/bypass/incapsula) 

 [F5](https://scrapfly.io/bypass/f5) 

 [AWS WAF](https://scrapfly.io/bypass/aws-waf) 

 

 

 [Get Free API Key](https://scrapfly.io/register) [View all anti-bot bypasses](https://scrapfly.io/bypass)