At its homepage, catawiki.com is protected by Akamai Bot Manager. Typical approach to reach it reliably: Matched TLS/JA3-JA4 + correct header order; browser sensor where _abck is enforced. Difficulty is per-URL, so deep pages — profiles, listings, search — are usually harder.
TLS fingerprinting is its strongest vector (JA4 added in 2026); the sensor_data → _abck path needs the JS sensor to run.
Typical access
Headless browser that runs JavaScript
Why it didn’t pass cleanly
Blocked (403)
Blocked (403) with no named reason.
Detected vendors
Evidence
Detection confidence: low
Homepage-level, datacenter-IP snapshot, June 12, 2026.
This is a passive, homepage-level snapshot and can be inaccurate or out of date — anti-bot vendors update their models continuously, deep pages are usually more protected than the homepage, and a datacenter IP sees more challenges than a residential one. Treat it as a directional signal, not a guarantee.
The homepage is the open front door. On a marketplaces site the valuable pages behave differently — here's the plan to characterise catawiki.com before you build.
Product detail
JS renderUsually open or JS-rendered, but readily CAPTCHA-gated on rapid or referer-less hits.
Search / category listing
CAPTCHA-proneThe most-scraped surface — the first to throw a CAPTCHA or rate-limit.
Cart / checkout
login wallHighest friction: usually login + WAF; not a public surface.
Find a real deep URL cheaply from the site’s robots.txt and sitemap.xml, then run each through the anti-bot checker. This is an advisory based on the category and catawiki.com’s homepage result — detect the wall, never try to pass a login.