Most residential proxy guides stop at country, state, and city. That’s enough for nine out of ten scrapes. The tenth one is where ASN targeting earns its keep, and it’s the difference between a residential proxy that looks like a Comcast subscriber in Atlanta and one that just looks like “an IP from the US.”
This is a practical guide to ASN-level targeting on residential proxies. What an ASN actually is, why it matters specifically for the residential pool, when you should reach for it and when country or city targeting is enough, and how to use the asn flag on the Shifter residential gateway with concrete examples.
If you only remember one sentence: ASN targeting lets you pick the carrier behind the IP, which matters whenever the site you’re scraping cares which ISP its visitors come from.
What is an ASN, in plain language
An Autonomous System Number is the identifier that says “this block of IP addresses belongs to this network operator.” Every ISP, every mobile carrier, every cloud provider, every big enterprise has at least one ASN. AT&T is AS7018. Comcast is AS7922. Charter Communications is AS20115. Vodafone (the UK consumer ISP) is AS5378. Deutsche Telekom is AS3320. These are issued by the regional internet registries (ARIN, RIPE, APNIC, LACNIC, AFRINIC) and they don’t change.
When packets cross the public internet, BGP, the routing protocol, traces every IP back to the ASN that announces it. Anyone can look up the ASN behind an IP using free tools like Hurricane Electric’s BGP toolkit or RIPE’s database. For a residential IP like 73.158.97.42, the lookup returns AS7922 (Comcast Cable Communications). For a datacenter IP like 52.0.0.1, you get AS14618 (Amazon). The ASN is what tells you whether you’re looking at a real consumer connection or a server farm.
That single signal, ASN category, is the most reliable feature anti-bot systems use to separate residential traffic from datacenter traffic. Cloudflare, Akamai, DataDome, PerimeterX, all of them score traffic partly by checking whether the source ASN belongs to a known hosting provider or a real ISP. It’s why a properly residential IP gets through where a datacenter IP gets a CAPTCHA, and it’s why the anatomy of a residential IP starts with which network owns it.
Why ASN matters for residential proxies specifically
The whole point of a residential proxy is that the IP looks indistinguishable from a real consumer connection. Country targeting gets you that for most use cases: a US residential IP is a US residential IP, regardless of whether it’s on Comcast or Verizon. For “scrape this US-only catalog and don’t get blocked,” country is enough.
But there’s a non-trivial set of scrapes where the site itself reads the ASN and changes what it shows you. That’s where ASN-level targeting stops being a nice-to-have.
Carrier-specific routing and content. Streaming services, ad networks, and some retail sites serve different content, different prices, or different inventory based on the visitor’s ISP. A monitoring tool that wants to see “what does an AT&T subscriber in Texas see on this page” can’t fake it with a generic US residential IP, it needs an AS7018 IP that the page actually routes as an AT&T visitor.
Per-ISP ad verification. Advertisers running campaigns through carrier-bundled placements (T-Mobile’s TV partnerships, ISP-distributed ad units) need to verify their creative on the carrier’s own network. The ad won’t render correctly, or won’t render at all, from any IP that isn’t on that carrier’s ASN.
Geo-restriction circumvention that uses ASN, not just country. Some news sites and government portals geo-fence by ISP, not by country, because they want to restrict to “real subscribers of domestic carriers.” A perfectly good country-matched residential IP on a different carrier can still get a 403 in those cases.
Quality-of-service testing. SaaS teams testing performance from a specific ISP’s network (“how does our app load from a Vodafone DSL connection in Madrid”) need traffic that actually originates on that ASN, otherwise the latency, MTU, and middlebox profile won’t match.
Anti-fraud research. Brand protection teams investigating a fraud pattern often need to reproduce traffic from a specific ASN to confirm whether the fraudster is operating from a real consumer connection or a known proxy provider’s ASN.
None of these are theoretical, all of them are why we expose ASN as a first-class targeting flag on the residential gateway, and all of them are reasons a country-only proxy is the wrong tool for the job.
When you don’t need ASN targeting
This is the part most articles skip. ASN targeting is a sharper tool than country, and it’s slower, more expensive in terms of IP availability, and gives you a smaller pool to work with. If you don’t need it, don’t use it.
You don’t need ASN targeting if:
- The site you’re scraping cares about country or city, not about ISP. Most e-commerce, most public-data scrapes, most SEO monitoring, most price aggregation.
- You’re rotating aggressively across a large session set. The benefit of pinning an ASN scales with how much each individual IP gets used. If you’re hitting one page per IP and moving on, ASN won’t change much.
- Your bottleneck is concurrency, not trust score. Restricting to a single ASN shrinks the pool. If you’re already at 80% of the country pool’s available IPs, you’ll throttle yourself before the ASN match buys you anything.
- You just want “residential”. The residential pool is residential by definition. The ASN is already a consumer ISP. You don’t need to specify which one if you don’t care.
The right way to think about it: country gets you trust. ASN gets you a specific identity within that trust band. Most workloads need the former, not the latter.
How to use the asn flag on the Shifter gateway
The Shifter residential gateway accepts targeting flags inside the username. The flag for ASN is asn. Flag order doesn’t matter; you can combine asn with country, state, city, sid, and ttl in any order.
The most basic ASN-only call:
curl -x customer-USERNAME-asn-7922:PASSWORD@p.shifter.io:443 https://api.ipify.orgThat returns a residential IP whose announcing ASN is AS7922, Comcast Cable Communications. No country constraint, no city. If you want to constrain to a Comcast IP in a specific country (Comcast operates in the US only, but the pattern generalizes), add the country flag:
curl -x customer-USERNAME-country-us-asn-7922:PASSWORD@p.shifter.io:443 https://api.ipify.orgThe same IP can be sticky for a session. Add a sid (any string you generate, the gateway uses it as an opaque session id) and a ttl in seconds, the gateway will hold the same Comcast IP for the duration of that TTL on that session id:
curl -x customer-USERNAME-country-us-asn-7922-sid-9f3a2b7c-ttl-900:PASSWORD@p.shifter.io:443 \ https://target-site.example/page-1curl -x customer-USERNAME-country-us-asn-7922-sid-9f3a2b7c-ttl-900:PASSWORD@p.shifter.io:443 \ https://target-site.example/page-2Both requests come from the same residential IP, the same Comcast subscriber-shape source, for up to 900 seconds. Past that the gateway rotates while keeping the ASN constraint, so the next IP is still on AS7922.
All four protocols are supported on the same endpoint: HTTP, HTTPS, SOCKS5h, SOCKS5. Username and password are constant; targeting is per-request in the username.
For the full flag reference and authentication details, the gateway docs cover everything.
Common consumer ISP ASNs worth knowing
A short reference for the ASNs that come up most often in real scrapes. These are the announcing ASNs for the consumer broadband side of each carrier; some carriers also have separate ASNs for hosting or transit, which are not the ones you want for residential targeting.
| Carrier | ASN | Country |
|---|---|---|
| Comcast Cable | AS7922 | US |
| AT&T Internet Services | AS7018 | US |
| Charter Communications | AS20115 | US |
| Verizon (Fios) | AS701 | US |
| Cox Communications | AS22773 | US |
| T-Mobile US (Home Internet) | AS21928 | US |
| British Telecom (BT) | AS2856 | UK |
| Sky Broadband | AS5607 | UK |
| Virgin Media | AS5089 | UK |
| Vodafone UK | AS5378 | UK |
| Deutsche Telekom | AS3320 | DE |
| Vodafone Germany | AS3209 | DE |
| Free SAS | AS12322 | FR |
| Orange France | AS3215 | FR |
| Telefónica España | AS3352 | ES |
| Telecom Italia | AS3269 | IT |
| KDDI | AS2516 | JP |
| NTT Communications | AS4713 | JP |
| Bell Canada | AS577 | CA |
| Rogers | AS812 | CA |
You can confirm any of these on bgp.he.net before using them in production. ASN assignments are stable, but it’s worth a 30-second check the first time you target a new carrier.
Combining ASN with other flags
Targeting flags compose freely. The combinations that come up in practice:
country + asn. The most common. Pins both the country and the carrier within it. Useful for any test that needs “this carrier in this country.”
country + state + asn. For US carriers that operate nationally, this scopes to “Comcast IPs in Texas.” Note that not every ASN has coverage in every state, so over-constraining can shrink the pool to zero.
country + city + asn. Even tighter. Works best with large carriers in large cities. Don’t expect a working response for “Cox in Topeka.”
country + asn + sid + ttl. Sticky session pinned to a specific carrier. The pattern for any multi-step flow (login, navigation, checkout) that needs to look like one continuous subscriber session.
The general rule: each flag you add reduces the pool of matching IPs. ASN is a coarse filter at country level (millions of IPs for Comcast in the US) but turns sharp fast as you add state, then city. If a request returns 502, the most common cause is that the combination of flags has no available IPs right now. Drop the most specific flag and retry.
Errors you’ll see and what to do about them
The Shifter gateway returns standard HTTP status codes for proxy-level errors. Three are worth knowing:
407 Proxy Authentication Required. Your username or password is wrong, or you used a flag name the gateway doesn’t recognize. Re-check the spelling of asn (not as, not asn_number) and confirm the password.
502 Bad Gateway. No IPs match your filter right now. Either the ASN is empty in our pool (rare for the major consumer ASNs above, common for niche ones), or you’ve over-constrained with country + state + city + asn. Loosen one constraint and retry.
504 Gateway Timeout. The upstream took too long. Almost always a target-site issue, not a proxy issue. Retry with backoff.
For 407s specifically: the gateway treats unknown flags as authentication errors rather than silently ignoring them. That’s deliberate, it stops a typo like asn-7922a from quietly turning into “no ASN constraint at all.”
ASN targeting is not magic
Two important caveats, because too many proxy vendors handwave on this:
ASN tells you which network announces the IP, not how the site classifies the user. Most sites read the ASN directly via a BGP-backed IP database, but some sites have their own classification layers (TLS fingerprint, header order, geolocation databases that disagree with BGP) and an AS7922 IP is necessary but not sufficient to be treated as a Comcast user. If you’re seeing weird behavior with the right ASN, check your headers, your TLS profile, and your fingerprint before blaming the ASN match.
Pool sizes vary by ASN. Major US carriers have huge residential pools. Mid-tier European ISPs and Asia-Pacific carriers can be smaller. If you need both high concurrency and a specific small ASN, plan for it; the pricing page is the same per-GB rate regardless of ASN, but availability isn’t.
FAQ
How do I find the ASN of a website I want to scrape? You don’t, the website’s ASN doesn’t matter, the visitor’s ASN does. What you usually want is “which ASN should my proxy traffic come from to look like a real user of this site?” If the site is a US streaming service, the answer is “any large US consumer ISP ASN.” If the site cares specifically about which carrier, you can usually figure it out by reading their geo-fence policy or testing a few major carriers and seeing which ones get through.
Can I use ASN targeting with sticky sessions?
Yes. Add sid-<your-session-id>-ttl-<seconds> to the username alongside asn-<number>. The gateway pins one IP on that ASN for the lifetime of the session, then rotates within the same ASN past TTL.
Does ASN targeting guarantee the IP routes through that ISP?
The IP is announced by that ASN via BGP, which is the authoritative answer to “who owns this IP.” That’s what sites read when they classify by carrier. What ASN targeting does not guarantee is the latency profile of a subscriber on that network, the route the packets take from your machine to ours, or the geographic location within the carrier’s footprint. Use country, state, or city to pin geography.
Is ASN-level targeting different from ISP targeting? Practically, no, ASN is how networks identify themselves and how sites read them. “ISP targeting” is the marketing term, “ASN targeting” is the technical one. Same feature.
Why doesn’t datacenter or ISP-static targeting use ASN flags the same way? Datacenter proxies come from hosting-provider ASNs (AWS, OVH, Hetzner), which are exactly the ASNs anti-bot systems flag, so there’s no point in picking one. ISP static residential proxies come from a specific ISP partnership we already maintain, so the ASN is implicit in the plan you bought. ASN targeting is meaningful specifically for the residential rotating pool, where there are many possible carriers in any country.
Is using ASN targeting against any provider’s terms of service? ASN targeting is a routing concept, not a circumvention technique. You’re asking a residential proxy to send traffic from a specific carrier’s IP space, which is exactly what residential proxies do, just more precisely. The same rules apply that apply to any web scraping: respect robots.txt where it’s load-bearing, don’t degrade the target, follow rate limits, and don’t violate the specific terms of services that prohibit automated access. Our acceptable use policy is the source of truth for what’s allowed on Shifter.
When to actually reach for it
ASN targeting is a precision tool. Most scrapes don’t need it; the ones that do can’t really do without it.
The questions worth asking before you add asn to your gateway calls:
- Does the target site change what it serves based on the visitor’s ISP, or just the country?
- Am I testing on behalf of a specific carrier or running carrier-segmented measurement?
- Do I have enough concurrency budget that pinning to one ASN won’t bottleneck me?
If the answer to any of those is yes, ASN targeting is the right tool. If not, country and city will do the same job with a larger pool to draw from.
Either way, the new Shifter residential gateway ships ASN targeting on every plan, no upcharge, no separate product. Switch the flag on, point at a real carrier ASN, and the rest of your scrape stays the same.