Walmart Scraping: How to Choose Proxies and Set Up Data Collection Without Getting Blocked

1. IP reputation analysis

PerimeterX checks each IP address against a database of known proxy servers, datacenters, and VPNs. If your IP is in this database — you will receive a block or CAPTCHA. Walmart particularly harshly filters IPs from popular cloud providers (AWS, Google Cloud, DigitalOcean).

2. Behavioral analysis

The system tracks how a user interacts with the page: mouse movements, scrolling speed, clicks. Parsers using Selenium or Puppeteer often get caught here — they open pages too quickly, without natural pauses, and do not move the mouse.

3. TLS and HTTP fingerprinting

PerimeterX analyzes the TLS fingerprint of your connection (cipher order, extensions) and HTTP request headers. Standard Python libraries (requests, urllib) have unique fingerprints that are easily recognized. Even if you change the User-Agent, the system sees a mismatch between the headers and the actual browser.

4. JavaScript challenges

Upon a suspicious request, PerimeterX sends JavaScript code that performs checks in the browser: availability of the Canvas API, WebGL, screen parameters, installed fonts. Simple HTTP parsers (without a browser engine) cannot pass these checks and receive a block.

Proxy Type	Effectiveness for Walmart	Speed	Cost	Recommendation
Residential Proxies	⭐⭐⭐⭐⭐ Excellent — IPs of real users, minimal blocks	Average (200-800 ms)	High (from $7-15/GB)	Optimal for production
Mobile Proxies	⭐⭐⭐⭐⭐ Excellent — high trust score, rare blocks	Low (500-1500 ms)	Very high (from $50-100/month per IP)	For complex cases
Datacenter Proxies	⭐⭐ Poor — high likelihood of blocking (70-90%)	High (50-150 ms)	Low (from $1-3/IP)	Not recommended
ISP Proxies	⭐⭐⭐⭐ Good — static residential IPs	High (80-200 ms)	Average (from $30-80/month per IP)	For long-term tasks

Residential Proxies — the gold standard for Walmart

These are IP addresses from real home internet providers (Comcast, AT&T, Verizon in the US). Walmart sees them as regular customers, so the blocking rate is minimal — about 5-10% with proper configuration. The main advantage is the huge pools of addresses (millions of IPs), which allows for effective rotation.

When to use: monitoring prices on thousands of products, daily data collection, long-term projects. For parsing Walmart, residential proxies are the optimal choice in terms of efficiency and cost.

Mobile Proxies — maximum reliability

IPs from mobile operators (T-Mobile, Verizon Wireless) have the highest trust score with anti-bot systems. The reason is that one IP is used by thousands of real users (through the operator's NAT), so blocking it means blocking thousands of customers. Walmart practically does not block mobile IPs.

When to use: if residential proxies are not sufficient, if you need to parse particularly protected sections (for example, prices for specific regions), if the budget allows. Mobile proxies provide nearly 100% successful requests but are more expensive.

Datacenter Proxies — not for Walmart

IP addresses from datacenter servers (AWS, OVH, Hetzner) are instantly recognized by PerimeterX. Even if you buy "clean" IPs that have not been used for parsing before, the system still sees that it is a datacenter and not a home provider. The blocking rate is 70-90%.

The only scenario for use: testing the parser on a small volume of data (10-50 pages). They are categorically unsuitable for production.

With residential proxies:

• Average size of a Walmart product page: ~500 KB
• 10,000 products × 500 KB = 5 GB of traffic per day
• Monthly traffic: 150 GB
• Cost at $10/GB: $1,500/month
• Percentage of successful requests: 90-95%
• Real cost considering retries: ~$1,650/month

With datacenter proxies (theoretically):

• Cost for 100 IPs: ~$200/month
• Percentage of successful requests: 10-30% (the rest are blocks)
• Need to make 3-10 attempts for each product
• Real traffic: 15-50 GB (due to retries)
• Conclusion: the task is unfeasible — IPs quickly get banned, CAPTCHA at every step

If you need to collect data for market analysis or research just once, you can try a combined approach:

• Use datacenter proxies for initial collection of product URLs (category pages)
• Switch to residential proxies for obtaining detailed product information
• Cost: ~$50-100 for a one-time task
• Execution time: 2-4 hours instead of 10-20 hours with datacenters

Criterion	Residential	Datacenters
Data volume	Any — from 100 to millions of pages	Only small volumes (up to 1000 pages)
Frequency	Daily/weekly parsing	Only one-time tasks
Execution speed	Stable — no delays for retries	Unpredictable — many retries
Reliability	High — 90-95% success	Low — 10-30% success
Cost of failure	Low — pay only for successful traffic	High — wasting time and money on bans

1. Rotation on each request (Rotating Proxies)

Each HTTP request goes through a new IP address. This is the standard mode of operation for most residential proxy providers.

Pros:

• Minimal risk of blocking — each IP makes 1-2 requests
• Easy setup — the provider manages the pool
• You can parse aggressively — hundreds of requests per minute

Cons:

• Session issues — if the site uses cookies, each request = new session
• Slower — establishing a new connection takes 200-500 ms

When to use: For parsing Walmart product pages where authorization and sessions are not needed. This is the optimal strategy for most price monitoring tasks.

2. Sticky Sessions

One IP address is used for a series of requests over a certain period (usually 5-30 minutes), then it switches to a new IP.

Pros:

• Session and cookie preservation — can work with the cart, authorization
• Faster — reuses the TCP connection
• More "natural" behavior for anti-bot systems

Cons:

• Higher risk of blocking — one IP makes 10-50 requests
• Need to control limits — no more than 30-50 requests from one IP

When to use: If you need to parse data that requires authorization (for example, prices for registered users), or if you are emulating the behavior of a real buyer (viewing category → product → adding to cart).

3. Pool of static IPs with manual rotation

You take 50-100 static residential IPs (ISP proxies) and manage the distribution of requests among them yourself.

Pros:

• Complete control — you know how many requests each IP has made
• Maximum speed — static IPs are faster than rotating ones
• You can "warm up" IPs — make legitimate requests to improve reputation

Cons:

• Complex setup — need to write logic for request distribution
• More expensive — ISP proxies cost $30-80 per IP per month
• Risk of losing IPs — if one gets banned, you will need to replace it

When to use: For high-load systems with 100,000+ requests per day, where speed and stability are critical. Requires experience in parser development.

For price monitoring (simple parsing of product pages):

• Type: Rotating proxies with rotation on each request
• Delay between requests: 2-5 seconds
• Parallelism: 10-20 threads
• Geolocation: USA (preferably a state where there are physical Walmart stores)

For complex parsing (with authorization, cart):

• Type: Sticky sessions lasting 10-15 minutes
• Request limit per IP: maximum 30-40
• Delay between requests: 3-7 seconds (human emulation)
• Parallelism: 5-10 threads (less aggression)

1. User-Agent and HTTP headers

Standard libraries (Python requests, Node.js axios) send headers that instantly give away a bot. For example, User-Agent: python-requests/2.28.1 — this is a 100% block.

What needs to be changed:

• User-Agent — use fresh versions of Chrome/Firefox
• Accept — must match the content type
• Accept-Language — en-US for parsing Walmart US
• Accept-Encoding — gzip, deflate, br
• Referer — previous page (category or homepage)
• Sec-Fetch-* — Chrome headers for CSRF protection

2. TLS Fingerprint (JA3)

Each HTTP client has a unique TLS fingerprint — the order of ciphers, TLS extensions, protocol versions. PerimeterX compares this fingerprint with the User-Agent: if you write "Chrome 120" and the TLS fingerprint is from Python — you are blocked.

Solution:

• Use libraries that support custom TLS: curl-impersonate (Python), tls-client (Go)
• Or use a real browser via Selenium/Puppeteer — they have a real TLS fingerprint

3. JavaScript challenges and Canvas fingerprinting

PerimeterX may send JavaScript code that checks: whether the Canvas API is available, WebGL, what fonts are installed, screen size, timezone. Simple HTTP parsers cannot execute this code.

Solution:

• Use headless browsers: Puppeteer, Playwright, Selenium
• Be sure to enable detection bypass mode: puppeteer-extra-plugin-stealth
• Randomize parameters: window size, timezone, browser language

GET /ip/Product-Name/12345678 HTTP/1.1
Host: www.walmart.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate, br
Referer: https://www.walmart.com/browse/electronics/tv-video/3944_1060825
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
Connection: keep-alive

Request Type	Delay between requests	Maximum requests from one IP	Parallelism
Product Pages	2-5 seconds	30-50 pages (with rotating)	10-20 threads
Category Pages	3-7 seconds	20-30 pages	5-10 threads
Search	5-10 seconds	10-15 requests	3-5 threads
API Endpoints	1-3 seconds	50-100 requests	20-30 threads

If you make requests exactly every 3 seconds (3.000, 6.000, 9.000...), the anti-bot system recognizes the pattern. A real person cannot be that precise — they will have variations: 2.8 sec, 3.4 sec, 2.9 sec.

Correct implementation of delay (Python):

import random
import time

# Incorrect — fixed delay
time.sleep(3)

# Correct — randomized delay
delay = random.uniform(2.0, 5.0)  # from 2 to 5 seconds
time.sleep(delay)

1. Adaptive rate limiting

Track the percentage of successful requests. If you start receiving 403 or CAPTCHA — automatically increase delays and decrease parallelism.

success_rate = successful_requests / total_requests

if success_rate < 0.8:  # less than 80% successful
    delay_multiplier *= 1.5  # increase delays
    parallel_workers -= 2    # decrease threads
elif success_rate > 0.95:  # more than 95% successful
    delay_multiplier *= 0.9  # can speed up
    parallel_workers += 1

2. Distribution by time of day

Parse during peak hours of real users (evening in the US, 6:00 PM - 10:00 PM EST). During this time, your traffic mixes with legitimate traffic, and the anti-bot system is less aggressive. At night (2:00 AM - 6:00 AM EST), the protection may be stricter, as there are fewer real users.

3. Warm-up IP addresses

Before starting mass parsing, "warm up" the IP addresses with legitimate requests: open the homepage, a couple of categories, perform a search. This creates an activity history and increases the trust score of the IP.

# Warm-up sequence for a new IP
1. GET https://www.walmart.com/  # homepage
2. Delay 3-5 sec
3. GET https://www.walmart.com/browse/electronics  # category
4. Delay 4-7 sec
5. GET https://www.walmart.com/search?q=laptop  # search
6. Delay 3-6 sec
# Now you can parse target products