If you scrape the modern web, you probably know the pain of the JavaScript challenge.
Before you can access any data, the website forces your browser to execute a snippet of JavaScript code. It calculates a result, sends it back to an endpoint for verification, and often captures extensive fingerprinting data in the process.
Once you pass this test, the server assigns you a session cookie. This cookie acts as your "access pass." It tells the website, "This user has passed the challenge," so you don’t have to re-run the JavaScript test on every single page load.
For web scrapers, this mechanism creates a massive inefficiency.
It looks like you are forced to use a headless browser (like Puppeteer or Playwright) for every single request just to handle that initial check. But browsers are heavy, they are slow and they consume massive amounts of RAM and bandwidth.
Running a browser for thousands of requests can quickly become an infrastructure nightmare. You end up paying for CPU cycles just to render a page when all you wanted was the JSON payload.
The solution: Hybrid scraping
The answer to this problem is a technique I’ve started calling hybrid scraping.
This involves using the browser only to open the initial request, grab the cookie, and create a session. Once you have them, you extract that session data and hand it over to a standard, lightweight HTTP client.
This architecture gives you the access of a browser with the speed and efficiency of a script.
Implementing this in Python
To build this in Python, we need two specific packages:
A browser: We will use ZenDriver, a modern wrapper for headless Chrome that handles the "undetected" configuration for us.
HTTP client: We will use rnet, a Rust-based HTTP client for Python.
But why rnet? Well, within the initial TLS handshake where the client/server “hello” is sent, the information traded here can be fingerprinted, taking in things like the TLS version and the ciphers available for encryption. This can be hashed into a fingerprint and profiled.
Python’s requests package, which uses urllib from the standard library, has a very distinctive TLS fingerprint, containing ciphers (amongst other things) that aren’t seen in a browser. This makes it very easy to spot. Both rnet, and other options such as curl-cffi, are able to send a TLS fingerprint similar to that of a browser. This reduces the chances of our request being blocked.
Here is how we assemble the pipeline.
Step 1: Load the page (The handshake)
First, we define our browser logic. Notice that we are not trying to parse HTML here. Our only goal is to visit the site, pass the initial JavaScript challenge, and extract the session cookies.
What’s happening here:
We launch the browser, visit the site, and wait just one second for the JS challenge to run. Once we have the cookies, we call browser.stop(). This is the most important line: we do not want a browser instance wasting resources when we don’t need it.
Step 2: Use the cookies
Now that we have the "access pass," we can switch to our lightweight HTTP client. We take those cookies and inject them into the rnet client headers.
What’s happening here:Â
We convert the browser's cookie format into a standard header string. Note the “Emulation.Chrome142” parameter. We are layering two techniques here: hybrid scraping (using real cookies) and TLS fingerprinting (using a modern HTTP client). This double-layer approach covers all our bases.
(Note: Many HTTP clients have a cookie jar that you could also use; for this example, sending the header directly worked perfectly).
Step 3: Run the code
Finally, we tie it together. For this demo, we use a simple argparse flag to show the difference with and without the cookie.
Get the complete script
Want to run this yourself? We’ve put the full, copy-pasteable script (including the argument parsers and imports) in the block below.
Pros and Cons of Hybrid Scraping
Efficiency
Reduces RAM usage massively compared to pure browser scraping.
Higher complexity: You must manage two libraries (zendriver and rnet) and the glue code.
Speed
HTTP requests complete in milliseconds. Browsers take seconds.
State management: You need logic to handle cookie expiry. If the cookie dies, you must "wake up" the browser.
Access
You get the verification of a real browser without the drag.
Maintenance: You are debugging two points of failure: the browser's ability to solve the challenge, and the client's ability to fetch data.
Final thoughts
For smaller jobs, it might be easier to just use the browser; the benefits won’t necessarily outweigh the extra complexity required.
But for production pipelines, this approach is the standard. It treats the browser as a luxury resource: used only when strictly necessary to unlock the door, so the HTTP client can do the real work. It’s this session and state management that allows you to scrape harder-to-access sites effectively and efficiently.
If building this orchestration layer yourself feels like too much overhead, this is exactly what the Zyte API handles internally. We manage the browser/HTTP switching logic automatically, so you just make a single request and get the data.