What Is PerimeterX (HUMAN Security)?

Paste into ChatGPT, Claude, or any LLM

On this page

PerimeterX, now operating as part of HUMAN Security, is a bot-protection vendor whose biggest asset is its network. It protects 29,650+ sites including Nike, Walmart, Zillow, and StubHub, and verifies roughly 15 trillion interactions per week across 3 billion devices. Get detected on one customer and your fingerprint is flagged across the entire network — the cross-site reputation effect is the strongest in the industry.

Sites protected	29,650+ — Nike, Walmart, Zillow, StubHub, ticketing
Weekly interactions verified	~15 trillion across 3 billion devices
Detection cookies	_px3, _pxde, _pxhd
Scoring model	5-vector unified — TLS + IP + headers + JS FP + behaviour
Network effect	Reputation shared across all customers — fingerprint burns are global

How PerimeterX scores requests

All five vectors must pass simultaneously: TLS fingerprint, IP reputation, HTTP header order and content, JavaScript fingerprint (canvas, WebGL, audio), and behavioural signals (mouse, scroll, dwell). Fixing only one or two has zero effect — the unified score requires the full set. This is unlike Cloudflare (where TLS plus IP gets you a long way) or DataDome (where IP weight is dominant).

The fingerprint is sent in the _px3 cookie and a POST to collector-PXxxxxxx.perimeterx.net. The "Human Challenge" — a press-and-hold button — is the visible fallback when the score is borderline; a hard block returns 403 with no challenge.

The network effect

Because HUMAN ingests signals from 29,650 sites simultaneously, a fingerprint that gets flagged on one customer is automatically lower-trust on all others. The practical implication for scrapers: never reuse a browser fingerprint across different protected domains. Generate a fresh canvas hash, WebGL renderer, and TLS profile per session per target. Camoufox's per-instance fingerprint randomisation handles this if you spin up a new browser instance for each domain.

What works

Address all five vectors at once:

TLS: curl_cffi with current Chrome impersonation, or a real Camoufox / Chrome browser.
IP: residential or mobile. Datacenter is dead on PerimeterX regardless of fingerprint.
Headers: match Chrome's exact order and casing — curl_cffi handles this.
JS fingerprint: Camoufox or CloakBrowser — JS patches are detected via Function.toString().
Behaviour: realistic warm-up navigation, Bezier-curve mouse paths (Botasaurus), human-like timing.

Managed APIs (Bright Data ASP, Zyte) handle all five transparently at the cost of per-request pricing. For high-volume scraping the engineer-time crossover usually favours the managed option.

Code example

python

from camoufox.sync_api import Camoufox

# Camoufox with geoip aligns all 5 identity vectors and ships
# a real canvas + WebGL + audio fingerprint
with Camoufox(
    headless=True,
    geoip=True,
    proxy={
        "server": "http://residential:port",
        "username": "user", "password": "pass",
    },
    humanize=True,   # adds human-like mouse/scroll cadence
) as browser:
    page = browser.new_page()
    page.goto("https://perimeterx-protected.com/")
    page.wait_for_timeout(2500)   # let _px3 collector POST
    data = page.goto("https://perimeterx-protected.com/api/items").json()

Related terms

What Is Anti-Bot Detection?

Anti-bot detection is the set of techniques websites use to distinguish automated traffic from human users — and to block, challenge, or thr…

What Is Browser Fingerprinting?

Browser fingerprinting is a technique that identifies and tracks a visitor by combining dozens of small, observable characteristics of their…

What Is Camoufox?

Camoufox is a stealth-focused fork of Firefox with anti-fingerprinting patches applied at the C++ build level. Unlike playwright-stealth, wh…

What Is a Residential Proxy?

A residential proxy routes your HTTP traffic through a real residential internet connection — a home broadband or fiber line — instead of th…

Anti-Bot Vendor Detection Cheatsheet

The first step of any scrape against a protected site is identifying which anti-bot vendor is in front of it. The vendor determines almost e…

What Is a CAPTCHA Solver?

A CAPTCHA solver is software that automatically completes CAPTCHA challenges on behalf of an automated client. It receives the challenge fro…

Concept map

How PerimeterX (HUMAN) connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections

You are here · Anti-Bot

Tools & solutions for this topic

Frequently asked questions

Is PerimeterX the same as HUMAN Security?

They are the same company now. HUMAN Security acquired PerimeterX in 2022; the PerimeterX product is operated as part of HUMAN’s Bot Defender. Cookie names (_px3, _pxde) are unchanged for backward compatibility.

What does the "Human Challenge" press-and-hold button do?

It measures hold duration, pressure consistency, finger movement, and timing. The button itself is easy to click, but the surrounding fingerprint and IP determine whether you even see it. Failing the challenge typically does not result in a CAPTCHA — it results in a 403 with no recourse.

Why is the network effect so important?

Because PerimeterX shares reputation across 29,650+ customers, a fingerprint that fails on Nike is automatically lower-trust on Walmart. Scrapers that reuse fingerprints (the same canvas hash, the same TLS profile, the same IP) across targets burn them very quickly. Per-target session isolation is essential.

Can I bypass PerimeterX without a browser?

For lightly-configured customers, yes — curl_cffi with the right TLS profile and residential IP works. For Nike, Walmart, Zillow, and similar high-value targets, the behavioural signals are weighted heavily enough that a real browser context (Camoufox, CloakBrowser) is effectively required.

Last updated: 2026-05-26