Looking for an overview? See the PerimeterX product page

Resolving PerimeterX/HUMAN 403 Errors

PerimeterX (now HUMAN) uses behavioral analysis with "Press & Hold" challenges to detect bots. When requests lack valid _px3 tokens, servers return 403 errors. MeshPrivacy resolves these challenges by simulating valid behavioral patterns and generating short-lived tokens.

Error Codes

Code	Meaning	Resolution
403	Bot detected, access denied	Generate valid _px3 token via API
200	"Press & Hold" challenge page	Complete challenge via API

Token TTL: approximately 60 seconds. Tokens must be used quickly after generation.

Cookies & Detection

Session Cookies

_px - Primary detection cookie

_px2 - Extended session data

_px3 - Challenge token (~60s)

_pxhd - Device fingerprint hash

_pxvid - Video frame analysis

Detection Methods

Canvas fingerprinting (2D)

WebGL parameters (GPU)

Audio context hashing

Mouse movement tracking

Click pattern analysis

Service Variants

perimeterx_invisible Primary

Invisible behavioral challenge. Collects fingerprint data and submits for verification without visible user interaction.

perimeterx_hold

"Press & Hold" interactive challenge. Simulates the hold-button interaction pattern required by HUMAN's challenge page.

Integration Example

// Submit PerimeterX task to MeshPrivacy
const response = await fetch('https://api.meshprivacy.com/v1/tasks/submit', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-API-Key': API_KEY
  },
  body: JSON.stringify({
    service: 'perimeterx_invisible', // Use perimeterx_invisible for standard challenges
    url: 'https://target-site.com/',
    proxy_config: 'http://user:pass@ip:port', // Your proxy
    app_id: 'PX...', // PerimeterX App ID from page source
    uuid: '', // Optional - existing UUID if available
    vid: '', // Optional - existing VID if available
    user_agent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...'
  })
});

const { task_id } = await response.json();

// Poll for result
const result = await fetch(`https://api.meshprivacy.com/v1/tasks/result/${task_id}`, {
  headers: { 'X-API-Key': API_KEY }
});

const { cookies } = await result.json();
// IMPORTANT: Use cookies._px3 immediately - expires in ~60 seconds

FAQ

Why do PerimeterX tokens expire so quickly?

The _px3 token has a ~60 second TTL by design to prevent token sharing and replay attacks. Plan your request flow to use tokens immediately after generation.

What is the "Press & Hold" challenge?

HUMAN's signature challenge requires users to press and hold a button for a specific duration. MeshPrivacy simulates the behavioral patterns expected by this challenge type.

Is HUMAN the same as PerimeterX?

Yes, PerimeterX rebranded to HUMAN Security in 2022. The underlying technology and cookie names (_px*) remain the same.

Related Services

Akamai|DataDome|Incapsula|Kasada