# Bypass F5 95% success on F5-protected targets. One API parameter. ## `TS*` persisted. `f5_cspm` cleared. ASM rules matched. - **Real browser fingerprints.** [TLS](https://scrapfly.io/web-scraping-tools/ja3-fingerprint), [HTTP/2](https://scrapfly.io/web-scraping-tools/http2-fingerprint), [Canvas](https://scrapfly.io/web-scraping-tools/canvas-fingerprint), and [WebGL](https://scrapfly.io/web-scraping-tools/webgl-fingerprint) all match real Chrome on every request. - **Adaptive challenge solving.** [JavaScript execution](https://scrapfly.io/docs/scrape-api/javascript-rendering), CAPTCHAs, proof-of-work, handled without solver keys. - **Session intelligence.** Unblocked browser sessions reused across requests so F5 sees a single coherent visitor. **One API parameter.** Add `asp=True`. See the [ASP docs](https://scrapfly.io/docs/scrape-api/anti-scraping-protection). [Get Free API Key](https://scrapfly.io/register) [Read ASP docs](https://scrapfly.io/docs/scrape-api/anti-scraping-protection) 1,000 free credits. No credit card required. FINGERPRINT DATA LIVE + 4,000 more datapoints... 4,000+ Fingerprint Datapoints 200M+ Proxy IPs 50+ Anti-Bots --- COVERAGE## Every F5 Signal, Matched Bit-for-bit fingerprint parity with real Chrome. Not monkey-patching, not surface-level, engineered at the protocol and C++ layers. ##### TS Cookies Persisted. ASM Rules Cleared. F5 BIG-IP ASM anchors sessions with `TS*`, `BIGipServer*`, and `F5_ST` cookies. The Application Security Manager layers WAF rules and bot signatures on top, plus the `f5_cspm` client-side protection script. Scrapfly keeps every cookie coherent and runs `f5_cspm` under real browser semantics. **95%**success on f5 big-ip asm **TS\***session cookies persisted **f5\_cspm**cspm script handled **10,000+**protected sites coverage ##### Session Persistence Cookies F5 anchors session state with multiple cookies. A missing or rotated value forces re-authentication; a mismatched value triggers ASM block. TS\* session BIGipServer\* F5\_ST tracking LastMRH\_Session ##### Why DIY Bypasses Fail F5's BIG-IP ships custom ASM policies per customer, generic bypass libraries can't track them all. | **curl-impersonate** | no f5\_cspm execution | |---|---| | **requests + cookies** | TS chain breaks | | **Selenium** | fingerprint mismatches | | **Playwright + stealth** | cspm leaks | | **Scrapfly** | 95%, tracked daily | ##### TLS Match Curlium emits Chrome-exact TLS at the BIG-IP edge so ASM rules don't escalate. **JA4** chrome-identical ##### Device Fingerprint, C++ Patches F5's f5\_cspm reads Canvas, WebGL, AudioContext, Navigator, plus screen + timezone. Scrapium patches every signal at Chromium source level so JS-hook detection sees native bindings. [Canvas](https://scrapfly.io/web-scraping-tools/canvas-fingerprint) [WebGL](https://scrapfly.io/web-scraping-tools/webgl-fingerprint) [Audio](https://scrapfly.io/web-scraping-tools/audio-fingerprint) Navigator Screen Timezone ##### Enterprise Standard F5 BIG-IP is the enterprise reference. Heavy in banking, healthcare, regulated industries. - Banking - Healthcare - Enterprise SaaS ##### F5 Detection Stack, Every Layer Matched F5 chains TLS → ASM rule engine → TS cookie chain → f5\_cspm client check → bot signature DB. Every layer must pass. **TLS + HTTP/2**Chrome wire format at BIG-IP edge **ASM Rule Engine**WAF rules + bot signatures dodged **TS Cookie Chain**session persistence kept coherent **f5\_cspm Client Check**script run under real Chrome ##### ASM + f5\_cspm F5 ASM applies WAF rules + bot signatures. The f5\_cspm client-side protection script verifies browser authenticity. - f5\_cspm script execution - ASM challenges cleared - WAF rule evasion - Bot signature dodging --- PROOF## One Parameter. F5 Cleared. Add `asp=True`. Scrapfly detects F5 and routes through the correct engine, Curlium for HTTP-layer targets, Scrapium for JS-heavy ones. Set `asp=True` and Scrapfly handles F5 automatically. Picks [Curlium](https://scrapfly.io/curlium) or [Scrapium](https://scrapfly.io/scrapium) per target. Python TypeScript Go Rust HTTP / cURL ``` from scrapfly import ScrapeConfig, ScrapflyClient, ScrapeApiResponse client = ScrapflyClient(key="API KEY") api_response: ScrapeApiResponse = client.scrape( ScrapeConfig( url='https://httpbin.dev/html', # bypass anti-scraping protection asp=True ) ) print(api_response.result) ``` ``` import { ScrapflyClient, ScrapeConfig } from 'jsr:@scrapfly/scrapfly-sdk'; const client = new ScrapflyClient({ key: "API KEY" }); let api_result = await client.scrape( new ScrapeConfig({ url: 'https://httpbin.dev/html', // bypass anti-scraping protection asp: true, }) ); console.log(api_result.result); ``` ``` package main import ( "fmt" "github.com/scrapfly/go-scrapfly" ) func main() { client, _ := scrapfly.New("API KEY") result, _ := client.Scrape(&scrapfly.ScrapeConfig{ URL: "https://httpbin.dev/html", // bypass anti-scraping protection ASP: true, }) fmt.Println(result.Result.Content) } ``` ``` use scrapfly_sdk::{Client, ScrapeConfig}; #[tokio::main] async fn main() -> Result<(), Box> { let client = Client::builder().api_key("API KEY").build()?; let cfg = ScrapeConfig::builder("https://httpbin.dev/html") // bypass anti-scraping protection .asp(true) .build()?; let result = client.scrape(&cfg).await?; println!("{}", result.result.content); Ok(()) } ``` ``` http https://api.scrapfly.io/scrape \ key==$SCRAPFLY_KEY \ url==https://httpbin.dev/html \ asp==true ``` // RESPONSE json ``` { "result": { "status_code": 200, "success": true, "url": "https://httpbin.dev/html", "content": "...", "content_format": "raw", "content_type": "text/html; charset=utf-8", "response_headers": { "content-type": "text/html; charset=utf-8", "server": "cloudflare" }, "cookies": [], "duration": 1842, "log_url": "https://scrapfly.io/dashboard/monitoring/log/01J...", "asp_cost": 30 }, "context": { "asp": true, "proxy": { "country": "us", "type": "datacenter" } } } ``` [ Python SDK docs → ](https://scrapfly.io/docs/sdk/python) [ TypeScript SDK docs → ](https://scrapfly.io/docs/sdk/typescript) [ Go SDK docs → ](https://scrapfly.io/docs/sdk/golang) [ Rust SDK docs → ](https://scrapfly.io/docs/sdk/rust) [ HTTP API docs → ](https://scrapfly.io/docs) [ Get Free API Key ](https://scrapfly.io/register) [ ASP Documentation → ](https://scrapfly.io/docs/scrape-api/anti-scraping-protection) --- FAQ## Frequently Asked Questions ### Can I test on my specific F5 targets? Yes. The free plan includes 1,000 API credits with no credit card required. Enable `asp=True` and test your exact targets before committing. Scrapfly achieves 95% success on F5-protected sites; failed requests are not charged. ### How much does ASP cost? ASP starts at 30+ credits per request, scaling with target complexity. You pay for what a specific target needs, not a flat premium. See [pricing](https://scrapfly.io/pricing). ### What is BIG-IP ASM? F5's Application Security Manager (ASM) is a web application firewall with a bot-signature layer on top. It anchors sessions with TS\*, BIGipServer, and F5\_ST cookies. Scrapfly keeps all three coherent across requests and patches the f5\_cspm client-side protection script under real browser semantics. --- // SEE ALSO### Bypass every other major anti-bot vendor too. ASP handles every major anti-bot stack with the same flag. Switch targets, keep the parameter. [Cloudflare](https://scrapfly.io/bypass/cloudflare) [Akamai](https://scrapfly.io/bypass/akamai) [DataDome](https://scrapfly.io/bypass/datadome) [PerimeterX](https://scrapfly.io/bypass/perimeterx) [Kasada](https://scrapfly.io/bypass/kasada) [Incapsula](https://scrapfly.io/bypass/incapsula) [AWS WAF](https://scrapfly.io/bypass/aws-waf) [Get Free API Key](https://scrapfly.io/register) [View all anti-bot bypasses](https://scrapfly.io/bypass)