Traces how anti-bot systems classify an IP at the network layer: ASN reputation, datacenter-versus-residential-versus-mobile labelling, IP-quality scoring, known-proxy feeds, and why even a clean home IP still leaks.
Traces how a working proxy pool is operated: rotation strategies, the difference between a banned IP and a dead one, health-check state machines, sticky versus rotating sessions, and the per-GB cost model that decides whether a crawl is profitable.
A vendor-neutral comparison of the three proxy types: how each is sourced, how each gets detected at the ASN and reputation layer, what a gigabyte actually costs, and which job each one fits.
Traces where residential and mobile proxy IPs actually come from: bundled SDKs, free-VPN monetization, peer-payout apps, and outright malware, plus the consent gap that runs through all of them.
How identity stays coherent when a crawler rotates IPs: binding cookies and sessions to exit nodes, what breaks when a session leaks across IPs, and the signals anti-bot systems use to catch the mismatch.
The strategic choice between holding one exit IP for a session and rotating per request: where statefulness forces stickiness, where rotation buys throughput, and how session-consistency checks punish the wrong call.
Traces how proxy dollars per gigabyte, CAPTCHA-solve dollars per thousand, and browser compute combine through a success rate into one number that actually matters: cost per successful record.
How anti-bot systems catch a proxy by comparing the OS in the HTTP User-Agent against the OS inferred from the raw SYN packet, why the two disagree, and where the check breaks down.
How servers catch a proxy by comparing where an IP claims to be against how long packets actually take to arrive. The speed-of-light floor, TCP-handshake timing, the TCP-vs-TLS cross-layer split, and JA4L.
Traces how WebRTC ICE candidate gathering uses STUN to surface local and real public IPs in JavaScript regardless of an HTTP proxy or VPN, the mDNS hostname mitigation Chrome shipped in 2019, and how anti-fraud systems use the mismatch.
Traces the three proxy roles defined in RFC 9110 — forward proxy, gateway (reverse proxy), and intercepting proxy — and places CDNs, API gateways, and corporate SSL-inspection boxes inside that taxonomy by the direction of trust.
Traces how proxies append to the X-Forwarded-For and Forwarded chains, why the client-facing end is trivially spoofable, how trusted-proxy and rightmost-IP resolution actually works, and the security bugs that follow from getting it wrong.
Traces the proxy from CERN httpd's 1994 caching gateway through corporate forward proxies, web anonymizers, the open-proxy spam era, Tor, and today's residential and mobile proxy economy built on consumer devices.