Scraping Google search results breaks for one specific reason: Google treats a stream of requests from a single IP as exactly what it is, a bot, and starts serving CAPTCHAs and 429s within a few dozen queries. The fix is not a clever header or a longer delay. It is sending each request from a different IP that reads as a real person, which is what proxy rotation does. Get the rotation model and the IP type right and SERP scraping becomes routine; get them wrong and you spend your time solving consent pages instead of parsing results.

This post is the practical version: why Google blocks the way it does, why per-request rotation beats a static pool for SERPs, which IP type actually survives, a working Python example you can run, and the point where a managed SERP endpoint is simply less work than maintaining your own rotation. If you want the proxy fundamentals first, what is a proxy server covers the one layer of indirection everything here builds on.

Why Google blocks scrapers so aggressively

Google's whole business is serving humans, so its abuse defenses are tuned to spot anything that is not one. A scraper trips several of them at once. The most visible signal is request volume from a single address: a real user fires a handful of searches an hour, while a naive scraper fires hundreds a minute from one IP. That rate alone is enough to draw a sorry/index consent page or a CAPTCHA.

The IP itself is the second signal. Google knows which address ranges belong to cloud and hosting providers, so traffic from a datacenter IP starts with a trust deficit before you send a single query. On top of that sit request-shape checks: missing or robotic headers, a TLS fingerprint that does not match the browser your user agent claims, no cookies, and identical timing between requests. Rotating IPs addresses the first two signals. It does not fix the rest, which is why rotation is necessary but not sufficient, a point we come back to.

Why per-request rotation is the right model for SERPs

Rotation means switching the exit IP so consecutive requests do not all originate from the same address. There are two delivery models, and the difference matters for Google specifically.

A sticky session holds one IP for a span of requests, which is what you want for logged-in flows where a sudden IP change looks suspicious. Per-request rotation swaps the IP on every call. Google search has no login and no session to preserve, so there is no benefit to holding an IP, and every reason to spread queries across many. Per-request rotation is the model that fits SERPs: a thousand queries spread across a thousand addresses each look like one curious user rather than one machine. For the mechanics of building rotation into a scraper, how to use rotating proxies goes deeper, and rotating IP address covers the concept on its own.

The pool size behind the rotation is the other half. Rotating across ten IPs at high volume just rate-limits ten IPs more slowly. A large pool is what keeps any single address under Google's per-IP radar, which is why rotation and pool size are really one decision.

The IP type decides whether rotation even helps

Rotation only buys you anything if the IPs you rotate through are trusted. Cycle through a thousand datacenter IPs and Google blocks all thousand on the same ASN signal, just spread out over more requests. The IP type is the load-bearing choice for SERP scraping.

IP type How Google treats it Cost and speed Fit for SERPs
Datacenter Recognized by ASN, low trust, blocked fast Cheapest, fastest Poor on its own
Residential Reads as a real home user, survives challenges Billed by bandwidth, slower Strong default
Mobile Hardest to block (carrier-grade NAT) Most expensive, slowest Overkill for most SERP work

For Google search the practical answer is residential: IPs that internet service providers assigned to real households, so a rotated query reads as an ordinary visitor rather than a server. Datacenter IPs are fine for tolerant targets but get flagged on SERPs quickly, and mobile is more trust than search results usually demand. The full tradeoff lives in datacenter vs residential proxies, and the static-residential middle ground in ISP vs residential proxies. The numbers here describe the typical case; your exact block rate shifts with query volume, region, and how hardened the specific result pages are.

Rotation is necessary, not sufficient

Swapping IPs defeats the per-IP rate limit and the datacenter-ASN check. It does nothing about a robotic TLS fingerprint, missing cookies, or identical request timing. A clean residential IP attached to an obviously automated request still gets a CAPTCHA. Treat rotation as one layer and pair it with believable headers, varied timing, and a real browser fingerprint when the pages render client-side.

Setting up proxy rotation in Python

The cleanest way to rotate is to point your client at a single rotating endpoint and let it swap the exit IP per request, instead of maintaining and health-checking a raw IP list yourself. To your code it is just a proxy: one host, one port, your token as the credential. Crawlbase Smart AI Proxy works this way, so the integration is a few lines.

Install the one dependency:

bash 
pip install requests

Then route requests through the rotating endpoint. The example searches several queries, varies the delay between them, and prints whether each came back clean:

python 
import requests
import random
import time
from urllib.parse import quote_plus

# One rotating endpoint swaps the exit IP per request.
proxy_url = "http://[email protected]:8012"
proxies = {"http": proxy_url, "https": proxy_url}

headers = {
    "User-Agent": (
        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
        "AppleWebKit/537.36 (KHTML, like Gecko) "
        "Chrome/124.0 Safari/537.36"
    ),
}

queries = ["web scraping", "residential proxies", "serp api"]

for query in queries:
    url = "https://www.google.com/search?q=" + quote_plus(query)
    resp = requests.get(url, proxies=proxies, headers=headers, verify=False)
    print(query, resp.status_code, "blocked" if "/sorry/" in resp.url else "ok")

    # Vary timing so requests do not arrive on a fixed clock.
    time.sleep(random.uniform(2, 5))

Replace _USER_TOKEN_ with the token from your Crawlbase account. Note what the code does beyond rotation: it sends a realistic User-Agent, randomizes the gap between requests, and checks for the /sorry/ redirect Google uses for challenge pages. Those touches are the difference between rotation that works and rotation that quietly returns consent pages you then parse as if they were results.

Best practices that keep rotation working

A few habits keep a rotating SERP scraper healthy over time rather than for the first hour.

  • Throttle per IP, not just overall. A large pool lets you keep total throughput high while no single address sees more than a trickle. The pool absorbs the volume; the per-IP rate stays human.
  • Randomize timing and headers. Fixed delays and one static User-Agent are a fingerprint. Vary both. Rotating user agents alongside IPs is covered in how to scrape websites without getting blocked.
  • Detect blocks, do not parse through them. Watch for the /sorry/ redirect, CAPTCHA markup, and empty result containers. Treat those as failures to retry on a fresh IP, not as data.
  • Back off when challenged. If block rates climb, slow down and widen the pool rather than hammering harder. Aggression after a flag deepens the flag.
  • Use a browser only when the page needs one. Plain HTTP is faster and cheaper; reserve headless rendering for result types that load client-side. Web scraping with Python and Selenium shows that path.

If your goal is ranking and keyword research specifically, SEO proxies covers the geo-targeting angle, since SERPs differ by country and the exit IP's location decides which results you see.

When a managed SERP endpoint beats rolling your own

Everything above is buildable, and for low volume it is worth building. The cost shows up at scale. Rotation alone leaves you owning the rest of the fight: maintaining pool health, matching TLS fingerprints, solving or routing around CAPTCHAs, rendering result pages that load client-side, and retrying on every challenge. That is most of a SERP-scraping stack, and rotation was only the first layer of it.

A managed endpoint collapses that work into one request. You send a URL or a query; it picks a trusted residential IP, sends a believable fingerprint, renders when the page needs a browser, retries server-side on a block, and returns the finished result. The Crawling API is built for exactly this: where a raw rotating proxy hands you a clean IP and steps back, the API absorbs the blocks and hands you the success. The tradeoff between the two is laid out in backconnect proxy vs crawling API.

Crawlbase Google Scraper

Skip building rotation from scratch. Smart AI Proxy is one endpoint over a large residential, datacenter, and mobile pool that rotates per request and retries on blocks, so the right IP type gets matched to Google instead of you health-checking a list. When the result pages need a browser or you would rather not own the anti-bot layer at all, the Crawling API wraps rendering and retries around the same pool. Run your real queries through it on the free tier first.

Start free
Recap

Key takeaways

  • Google blocks on volume and IP reputation first. One address firing many queries, especially from a datacenter range, is the signal you have to defeat.
  • Per-request rotation fits SERPs. Search has no session to hold, so spread every query across a large pool instead of sticking to one IP.
  • IP type decides the outcome. Residential is the strong default for Google; rotating datacenter IPs just get blocked more slowly.
  • Rotation is necessary, not sufficient. Pair it with realistic headers, varied timing, block detection, and rendering only when the page needs it.
  • Buy the managed path when scale arrives. A SERP or crawling API owns fingerprints, CAPTCHAs, rendering, and retries that rotation alone leaves on your plate.

Frequently Asked Questions (FAQs)

Why does Google block scrapers so quickly?

Google tunes its abuse defenses to spot anything that is not a human browsing. A single IP firing many searches a minute trips a per-IP rate limit, and traffic from a known datacenter range starts with low trust before the first query. Add robotic headers, no cookies, and identical timing, and the result is a CAPTCHA or a /sorry/ consent page within a few dozen requests.

How many proxies do I need to scrape Google reliably?

Enough that no single IP exceeds a human-looking request rate at your target volume. There is no fixed number: it scales with how many queries per minute you run. Rotating across ten IPs at high volume just rate-limits ten IPs more slowly, so a large rotating pool, not a handful of static addresses, is what keeps each IP under Google's radar.

Which proxy type is best for scraping Google search results?

Residential proxies. They exit from IPs that ISPs assigned to real households, so a rotated query reads as an ordinary visitor rather than a server. Datacenter IPs are recognized by ASN and blocked fast on SERPs, and mobile is usually more trust (and cost) than search results require. Start residential and only escalate if specific result pages still challenge you.

Should I use sticky sessions or per-request rotation for SERPs?

Per-request rotation. Sticky sessions exist to hold one identity across a logged-in flow, and Google search has no login or session to preserve. Swapping the exit IP on every request spreads your queries across the pool so each address looks like one casual user instead of one machine.

Is rotating proxies enough to avoid Google CAPTCHAs?

Not by itself. Rotation defeats the per-IP rate limit and the datacenter-ASN check, but it does nothing about a robotic TLS fingerprint, missing cookies, or fixed request timing. A clean residential IP on an obviously automated request still draws a CAPTCHA. Pair rotation with realistic headers, varied delays, and a real browser fingerprint when pages render client-side.

When is a SERP or crawling API better than building my own rotation?

Once volume grows past a few thousand queries, or when result pages render client-side. Rotation is only the first layer; you still own pool health, fingerprints, CAPTCHA handling, rendering, and retries. A managed endpoint collapses all of that into one request: you send a query and get a parsed result, with rotation and anti-bot handling done server-side.

HRHassan Rehan
Hassan Rehan
Software Engineer · Crawlbase
Software engineer at Crawlbase writing hands-on guides on rotating proxies, scraping, and the practical details of wiring proxies into real code.
Start Building

Crawl any site at scale, without fighting infrastructure.

Crawlbase handles proxies, fingerprints, and CAPTCHAs so your team ships data pipelines instead of maintaining crawl plumbing. 1,000 requests free, no card required.

Get a free API key →Read the docs
Self-serve · No sales call required · Enterprise crawl volumes available