Explainer

What Is a Backconnect Proxy? One Endpoint, a Whole Pool Behind It

What is a backconnect proxy? A single gateway you connect to that routes back through a pool of exit nodes. Why it is called backconnect, how it differs from a proxy list, and when to use it.

HProxy Team · ·Updated July 18, 2026 ·6 min read
HProxy. Explainer

Skip the dead lists.

Our free proxy list re-checks every exit every few minutes across 100+ countries, with a live last-checked time, so you copy IPs that worked moments ago, not a stale text dump.

Open the free proxy list

The first time someone buys residential proxies expecting a text file of IP addresses, they get something that looks wrong instead: a single hostname, a port, and a password. No list. That single address is a backconnect proxy, and the reason it comes as one endpoint instead of ten thousand lines is the most important thing to understand about how modern residential networks actually work.

We run a proxy network, so here is the architecture without the mystique: what a backconnect proxy is, why it carries that odd name, how it differs from managing a plain proxy list, and when the one-endpoint design is exactly what you want.

What is a backconnect proxy?

A backconnect proxy is a single gateway endpoint that routes each of your requests back out through one of many exit nodes in a pool. You connect to one address, and behind it the gateway selects which real IP your traffic leaves from, drawn from a pool of thousands or millions. You never see or manage the individual addresses. One hostname stands in for the entire pool.

The contrast with an ordinary proxy is the whole idea. A normal proxy is one IP you borrow. A backconnect proxy is a doorway into a pool, and the doorway decides which IP you exit through on any given request.

Why it is called backconnect

The name describes the direction the connections run, and it is genuinely clever. When the exit nodes are residential devices (someone's home router, a phone, a desktop) they sit behind home NAT and cannot accept incoming connections from the internet. You cannot simply connect to them. So the architecture flips the flow: each exit node dials out to the provider's gateway and holds that connection open. The node connects back to the gateway, hence backconnect.

When your request arrives at the gateway, it does not open a new connection to a home device (it cannot). It routes your request back down one of the connections a node already established, and that node makes the request to the target and passes the answer back up the same path. The gateway is a switchboard sitting on top of a mesh of outbound connections its nodes opened. That is the trick that makes an army of otherwise unreachable home devices usable as proxies at all.

Backconnect vs a proxy list

The older way to use many proxies is a proxy list: a file of IP:port lines you load into your tool and cycle through yourself. You own every part of the operation, which means you own every problem too. You have to check which addresses are still alive, retire the dead ones, spread load so you do not hammer any single IP, and re-source the list as it decays. For a small, stable set this is manageable. At scale it is a second job.

A backconnect proxy moves all of that behind the gateway. The provider owns the pool, runs the health checking, drops dead nodes, and balances the load, and exposes one endpoint that never changes. Your tool connects to the same address every time and gets a different, live exit on the other side without knowing anything happened. That is why you can point software that has no concept of proxy rotation at a backconnect gateway and it simply works: nothing on your side changes, while everything behind the gateway does. We cover the rotation behavior itself in what is proxy rotation.

Backconnect describes the architecture, not the behavior

It is worth separating two ideas that almost always travel together. Backconnect is the architecture: one gateway in front of a pool. Rotation is the behavior: changing the exit over time. A backconnect gateway usually rotates the exit on every request by default, and also offers sticky sessions that hold one exit for a timed window (typically one to thirty minutes) so a login or a checkout can complete on a single address. But you could run a backconnect gateway that hands you one stable exit and never rotates, and it would still be backconnect. The two ship together so often that the words get used interchangeably, which is why the same product often gets sold as a rotating proxy. Knowing they are separate helps you read the sticky and per-request options correctly, which we compare in rotating vs static residential proxies.

How you connect to one

Two authentication styles are standard. The first is credentials: a username and password sent with each connection, often with a session token and geo targeting encoded right into the username, so a small change to the username string pins your exit to one country, one city, or one sticky session. The second is IP whitelisting: you register your server's address with the provider and the gateway accepts your traffic without a password. Credentials are more flexible when you need to steer sessions and locations from code; whitelisting is simpler when everything runs from one fixed server.

When backconnect is the right tool

A backconnect proxy is the right call whenever you want the ban resistance of a large pool without the operational weight of running one yourself: high-volume scraping, price and availability monitoring, search-results collection, and ad verification across regions all fit. It is also the honest requirement for residential work at any real scale, because managing millions of flaky home connections by hand is not something anyone should attempt.

It is the wrong tool when you need one stable identity that never moves, an account that has to look like the same person every day. For that you want a static ISP proxy, not a pool. And because the exits are real home devices, build for their nature: any single node can be slow or drop mid-request, so retries are a design assumption, not an afterthought.

The bottom line

A backconnect proxy is one gateway that hides a whole pool behind it, made possible by exit nodes that dial back to the gateway rather than waiting to be reached. It trades a list you manage for an endpoint that manages itself, which is the only sane way to use residential IPs at scale.

Our residential network is exactly this: one backconnect gateway, geo targeting down to the city, ethically sourced exits that dial back to us, and per-gigabyte pricing from $0.65/GB with a balance that never expires, so a bursty job never pays for idle addresses. You can verify any exit with our proxy checker and test the concept for free from our free proxy list before you scale up.

Sources and further reading

Frequently asked questions

What is a backconnect proxy?
A backconnect proxy is a single gateway address you connect to that routes your request back out through one of many exit nodes in a pool. You never handle the individual IPs; you point your tool at one hostname and port, and the gateway picks which address your traffic actually leaves from. It is the architecture behind almost every rotating residential service.
Why is it called 'backconnect'?
Because the exit nodes connect back to the gateway rather than the other way around. Residential devices sit behind home routers and NAT, so they cannot accept incoming connections directly. Instead each node dials out to the provider's gateway and holds that connection open, and when you send a request the gateway routes it back down one of those established connections to a node, which then reaches the target.
What is the difference between a backconnect proxy and a proxy list?
A proxy list is a set of individual IP:port addresses you load and manage yourself, checking which are alive and rotating them in your code. A backconnect proxy hides all of that behind one endpoint: the gateway owns the pool, the health checking, and the rotation, so a single unchanging address gives you the whole pool automatically.
Does a backconnect proxy always rotate?
Usually, but not necessarily. Most backconnect gateways rotate the exit on every request by default, and also offer sticky sessions that hold one exit for a timed window. Backconnect describes the architecture (one gateway in front of a pool), while rotation describes the behavior on top of it. The two almost always ship together, but they are separate ideas.
How do I authenticate to a backconnect gateway?
Two common ways. Either username and password credentials sent with each connection, often with session tokens and geo targeting encoded into the username, or IP whitelisting where the gateway accepts traffic from your server's address without a password. Credentials are more flexible for controlling sessions and location; whitelisting is simpler for a fixed server.
Are backconnect proxies residential?
Most are, because the model was built to make a large pool of unreliable home connections usable through one stable endpoint. But the architecture works with any IP type, and backconnect datacenter and mobile gateways also exist. Residential is simply where the one-gateway-hides-the-mess design pays off most.

Get proxies that are alive right now

Our free list re-checks every exit every few minutes and shows a last-checked time, so you copy IPs that worked moments ago, not a stale text dump. When the location has to survive a real check, the paid network holds up.

47M+ proxy checks run · 100+ countries · HTTP / HTTPS / SOCKS · re-checked every few minutes · no signup