Oxylabs

Oxylabs routes residential requests through a backconnect entry point that assigns a new IP per request by default. Sticky sessions are activated via the session_id parameter in the proxy username, configurable up to 24 hours using the sesstime-1440 parameter. Standard session idle timeout is 10 minutes or 60 seconds of inactivity, whichever occurs first. Both rotating and sticky modes are selectable per connection via the username parameter — no plan change is required to switch modes. Unlimited concurrent sessions are documented.

Targeting parameters — country, state, city, ZIP, and ASN — are passed inside the proxy username string for residential proxies. Rotation configuration is code-level only; no dashboard-based toggle for switching between modes is documented. Authentication supports username/password in the proxy URL and IP whitelist up to 10 whitelisted IPs per account. Sub-user credentials are available for project isolation. OxyCopilot generates proxy integration code from natural language — this is a documented feature, not a marketing claim.

The developer portal at developers.oxylabs.io covers the full REST API, zone management, usage statistics endpoints, and integration guides for Python, Node.js, PHP, Ruby, and Java. Selenium, Puppeteer, and Playwright integration guides are documented. No dedicated pip or npm proxy client SDK exists — integration uses standard proxy URL format. An Oxy Proxy Extension for Chrome and an Oxy Proxy Manager Android app are available as tooling. No desktop PC proxy manager application is documented.

Oxylabs positions compliance as infrastructure, not marketing. The Ethical Proxy Acquisition Framework documents sourcing from fully consenting and compensated individuals. EWDCI founding membership predates the certification market and reflects a structural commitment rather than a badge purchase. ISO 27001:2022 and SOC 2 Type 2 provide independent audit coverage — the SOC 2 applies to the Scraper API product specifically, not to the full proxy network. KYC vetting applies to every customer, with applications rejected that do not meet documented criteria.

The honest gap in the compliance stack: no detailed technical sourcing whitepaper exists beyond the Code of Ethics language. The DPA is accessible via the Trust Center. Specific proxy traffic logging and retention periods are not published in public documentation. For legal teams running a full data-processing assessment, those gaps will require direct contact with Oxylabs rather than self-service documentation review.

On anti-bot targets, Oxylabs is positioned for large-scale scraping operations where residential IP quality is required for targets protected by Cloudflare, Akamai, or Datadome. Success on those targets depends on rotation logic and session management. The provider does not guarantee outcomes on specific target types — it provides the network depth and targeting tools that support appropriate request strategy.

The residential pool is reported at 175M+ unique IPs across 195 countries — the provider states this figure is calculated as unique exit nodes per day multiplied by days in the quarter, and it is self-reported without independent audit. City, state, ZIP, and ASN targeting are all confirmed for residential proxies. Targeting capabilities for datacenter, ISP, and mobile proxy types are not specified on the residential pricing page. Dedicated residential IPs with exclusive peer assignment are available as a purchasable product — a meaningful distinction from providers that offer only rotating pools.

Datacenter proxies include 2M+ IPs across 8,000+ subnets with IPv4 and IPv6 support — subnet diversity is documented in public evidence. Mobile proxies cover 20M IPs with 3G/4G/5G coverage and carrier targeting; total unique operator count is not published. ISP proxies are available in shared and dedicated formats — full country coverage list is not enumerated in public evidence. Rotating sessions and sticky sessions are both confirmed. Maximum sticky session is 24 hours. HTTP(S) and SOCKS5 protocols are confirmed; IPv6 is available on dedicated datacenter only and is not documented for residential or mobile types.

Usage monitoring includes per-user daily and monthly spend caps configurable in the dashboard. A PAYG hard ceiling of 50 GB per month prevents runaway spend. Self-service dashboard top-up is available without contacting support. The provider states a 99.9% uptime and 99.95% success rate on the residential product page — both figures are self-reported, and no financial SLA with penalty terms for proxy network downtime has been found in public documentation.

Residential and mobile proxies are billed per GB on subscription tiers and PAYG. PAYG starts at $8/GB for residential and $9/GB for mobile, with a 50 GB monthly cap on PAYG. Subscription tiers range from Micro at $45.50/month to Corporate at $2,000/month. Dedicated datacenter and ISP proxies are billed per IP. Shared rotating datacenter is billed per GB. A 7-day business trial and a 3-day individual trial are available without credit card. Five free shared datacenter IPs are included on account creation.

KYC questionnaire is mandatory for every customer before full network access — this applies even to PAYG entry and the trial. Enterprise pricing at 1 TB and above requires custom pricing contact. Unused subscription GB does not roll over. No overage billing at penalty rates — PAYG stops at the monthly cap, and subscription service pauses at plan limit. Dedicated account managers are available for enterprise and subscription clients; self-serve PAYG accounts are handled through standard support.

You gain a compliance documentation stack that includes ISO 27001:2022, SOC 2 Type 2 (Scraper API), EWDCI founding membership, and KYC enforcement on both supply and demand sides. City, state, ZIP, and ASN targeting are all confirmed for residential proxies. Dedicated residential IPs with exclusive assignment are available. Per-user spend caps and configurable daily limits reduce billing surprises. The developer documentation includes OxyCopilot, full REST API, Scraper API, and Web Unblocker with full integration guides.

You give up immediate access — KYC is mandatory before full residential network access, for every customer at every spend level. Rotation is code-level only; no dashboard toggle exists. The SOC 2 Type 2 covers the Scraper API, not the full proxy network. Specific traffic logging and retention details are not in public documentation and require direct legal engagement. The PAYG 50 GB monthly cap limits burst use cases. Targeting capabilities for ISP and mobile products are not documented to the same depth as residential. No dedicated desktop proxy manager application exists.

• Your legal or procurement team requires ISO 27001 and SOC 2 audit documentation before approving a proxy vendor — Oxylabs provides documented ISO 27001 and SOC 2 audit coverage required for that procurement workflow
• You need dedicated residential IPs with exclusive peer assignment where IP sharing with other customers is not acceptable for your use case
• Your pipeline uses ZIP and ASN targeting on residential proxies at scale — both are confirmed without upcharge
• You're running multi-team proxy usage where per-user daily and monthly spend caps need to be enforced at the dashboard level without custom infrastructure
• You need AI-assisted proxy integration code generation without building a dedicated integration team

Oxylabs' constraints are structural, not incidental:

• You need to make requests today without a KYC process — mandatory vetting blocks immediate full-network access for every customer regardless of spend
• Your legal team requires SOC 2 Type 2 coverage on the proxy network specifically, not just the Scraper API — that certification gap requires direct engagement to resolve
• Your PAYG volume exceeds 50 GB per month — the PAYG cap is hard and cannot be extended without moving to a subscription plan
• You need a dashboard toggle for switching between rotating and sticky sessions without code changes — rotation is username-parameter-only throughout
• Your scraping target requires IPv6 residential or mobile proxies — IPv6 is available on dedicated datacenter only and is not documented for other product types

If Oxylabs' KYC friction or compliance scope doesn't match what you need:

• Bright Data — comparable enterprise positioning with EWDCI membership and an enterprise compliance framework; fits if you need a documented large residential pool with a full enterprise compliance stack and can absorb the KYC and pricing complexity
• Decodo — ISO 27001:2022 and EWDCI co-founder status at mid-market pricing without mandatory KYC on every plan tier; fits teams that need documented compliance without enterprise-level spend
• Infatica — full targeting depth including ASN at mid-market entry with a 7-day paid trial; fits if KYC requirements at the account level are a blocking constraint

Use Oxylabs if your procurement process requires independently audited compliance — ISO 27001, SOC 2, and EWDCI — and if dedicated residential IPs, ZIP/ASN targeting, and per-user spend controls are part of your technical requirements. Skip it if you need immediate access without KYC, if PAYG volume above 50 GB per month is your use case, or if IPv6 residential or mobile proxies are a hard requirement.