Let’s talk about proxy servers. Proxy servers are often confused with virtual private networks (VPNs) because their network architectures are very similar. But proxies and VPNs are very different beasts.
Don’t worry: Below, I’ll introduce you to proxy servers, compare and contrast them to VPNs, and describe the many different types of proxy servers and how they’re used.
Also: The best proxy server services of 2025
Defining proxy servers
If you look at Webster’s three definitions of “proxy,” you’ll see that each one fundamentally describes an entity acting as a substitute for, or on behalf of, another.
That is exactly what a proxy server does. The proxy server sits between your computer and a remote computer (usually a server) and acts on behalf of your computer (or on behalf of the remote server).
Let’s say you’re using a proxy server to access a remote website like ZDNET. When you request this article, your computer sends a request to the proxy server. The proxy server, in turn, sends that request to ZDNET’s servers. A ZDNET server returns the page to the proxy. Finally, the proxy returns the page to your computer.
When ZDNET’s servers log the page request, they don’t log your computer’s IP address. Instead, they log the IP address of the proxy server. In this way, proxy servers provide you with IP address anonymity during the transaction.
A VPN does much the same. It, too, obfuscates your IP address so that the destination server doesn’t log it. But a VPN adds a layer of encryption between your computer and the VPN server, so that traffic between your computer and the VPN server can’t be read by a local hacker, your ISP, or, possibly, your government.
VPNs provide an essential layer of protection for individual users and corporate users, especially when using public Wi-Fi networks.
Also: Proxy vs. VPN: What is the difference, and which do I need?
Proxy servers provide partial protection, but they’re not primarily intended to protect laptop users on the go. They have a lot of other uses, depending on how they’re configured. That’s next.
Network placement proxies
This class of proxy is defined primarily based on where the proxy sits in the path of traffic.
You may not realize it, but almost all of us use proxy servers every day. In fact, most of us have one at home. That’s right, your home router is technically a NAT (network address translation) proxy server.
Let’s say the computer I’m typing this article into is located on my home network at 192.168.1.114. That’s not my address on the internet. My internet service provider assigned my router a completely different address. Home networks use NAT addressing to reduce the number of IP addresses that ISPs have to distribute, and to separate home networks from the overall internet.
Beyond the home or office router, the proxy server most people are familiar with is the forward proxy. This lives between your computer and a remote server or site. It relays requests. This proxy’s main role is hiding the requester’s IP address.
Also: The best VPNs for streaming: Expert tested
Big web scraping services take the concept of the forward proxy and turn it on its ear. They make page requests from big server farms, but each request is generally routed through a home computer. That way, the server they’re scraping doesn’t see the scraping requests as all coming from one entity that’s trying to build a database from their public data.
Commercial web scraping services often use apps that pay willing home users for a slice of their bandwidth. Malware providers also turn home users’ computers into proxies, but they do so by sneaking malevolent software onto an unsuspecting user’s machine.
Another proxy type in this category is the transparent or intercepting proxy. These are often used in corporations to track employee activity or are placed by court order in ISPs to track traffic. They intercept and log the traffic, and then pass it along.
A similar transparent proxy is one that decrypts SSL and TLS traffic at the edge of a network, inspects it, and then re-encrypts it to be passed along to its destination. This practice is often used by high-end firewalls to deep-inspect traffic to eliminate malware that might be hidden in encrypted packets.
There are also reverse proxies. These generally serve remote servers rather than individual users. Their purpose is to distribute the load or route traffic among a series of servers. A very common example is a load-balancing server that intercepts web page requests and distributes those requests among a series of nearly identical servers so no one server gets too bogged down by too much traffic.
Anonymity and IP-masking proxies
This class of proxy is defined by its purpose: anonymizing user requests.
There can be crossover between these categories. For example, we already discussed the most common IP-masking proxy, the home router.
There are hundreds of free public proxy servers provided across the internet. You can see a list here. These are often provided as services to people who really need to preserve their anonymity. The gotcha is that because they’re public, you never know. They could be provided in the spirit of goodwill, or they could be fielded by hackers hoping to intercept your traffic. You get what you pay for.
Also: Paid proxy servers vs. free proxies: Is paying for a proxy service worth it?
Within this class of proxy there are generally three subclasses: anonymous, transparent, and elite. The difference is what the target server knows about you. Transparent servers don’t anonymize your IP address at all. The target server knows your IP and knows you’re connecting via a proxy. These servers are mostly used for convenience, for example, where traffic bottlenecks.
Anonymous proxies protect your IP address, but the target server knows that you’re using a proxy server. Elite servers also protect your IP address, and they also hide the fact that you’re even connecting via a proxy server.
You might have also heard of Tor (the onion router). Tor is an open-source project set up to protect the origin of Internet traffic from servers. Tor bounces traffic across three or more relays (usually volunteer-run and free) so servers can’t tell where you’re coming from, or even what country you’re in when accessing a server.
Security and policy enforcement proxies
This class of proxy is defined by its intent to manage network security, often at the edge of a corporate network.
Web application firewall proxies block web exploits or too many access requests. Content-filtering or censoring proxies screen forbidden content. Parental-control or secure web gateway proxies enforce safe browsing. Identity-aware zero-trust proxies verify user identity. Measurement or quality-of-experience proxies log performance metrics.
When programming, I use a debugging proxy to capture web page requests and server responses that help me debug how my code responds. This can be incredibly helpful to see what’s happening during the round trip to the server.
Earlier, we talked about security proxies that intercept network requests to inspect them for malicious intent. There’s a malicious evil twin of that called a man-in-the-middle proxy. This is a server that often acts like a Wi-Fi access point. Users connect to it, thinking they’re connecting to, say, the airport’s Wi-Fi. Instead, the man-in-the-middle proxy hoovers up all the web traffic it can intercept, later mining it for personal identifying information, unencrypted monetizable data, and credential information.
Also: How to turn on Private DNS Mode on Android – and why it’s a must for security
Performance and acceleration proxies
The last main class of proxy we’re going to discuss in this article is the various proxies that are put in place to optimize network performance. These generally improve speed or reduce bandwidth usage by caching data.
Caching is an interesting solution and a logistical challenge all its own. The idea is that data (particularly images and videos, which use more bandwidth) is stored closer to users so that it doesn’t have to be retransmitted over and over. Caching reduces server load, but it also works well when bandwidth is limited.
For example, a company or a college that has fairly minimal “pipes” might cache regularly accessed content so the data is really stored on the local LAN, rather than requested from remote servers.
The logistical challenge revolves around keeping that data updated. Probably the single biggest support request I got back when I published a tool for non-profits to collect donations was that the donation forms didn’t update.
That was because servers cached the forms, making it impossible for them to tell when one donor was done with the form and another was entering donation data. I eventually solved the problem by building cache-detecting code into the forms, and placing a warning message when caching that might lead to corruption was detected.
Different servers and clients deal with caching data differently. Even your browser caches pages, which is why, when something isn’t working, you’re often advised to clear your browser cache.
So many proxies, so little time…
There so many different types of proxies, we could write a book. We covered quite a few, but here’s a list of a bunch more we haven’t covered.
- SOCKS4 / SOCKS5 proxy
- FTP proxy
- SMTP mail-relay proxy
- DNS forwarder / DNS proxy
- Smart DNS proxy
- TURN relay proxy (WebRTC)
- SIP proxy (VoIP signaling)
- MQTT / IoT gateway proxy
- NAT64 translation proxy
- Edge CDN point-of-presence proxy
- API gateway / microservice proxy
- Datacenter proxy
- Mobile carrier proxy
- Rotating proxy pool
- Sticky-session proxy
- Distorting proxy
- Multicast streaming proxy
- And more…
As you can see, proxy serving is a very powerful and versatile network architecture that adds value all across the internet, in server clusters, and even inside your home.
What about you? Did you know your router is really a proxy server? Have you ever routed your traffic through a forward proxy, or deployed a reverse proxy to balance server loads? Which of the four proxy categories (network placement, anonymity, security, or performance) do you rely on most, and why? Let us know in the comments below.
You can follow my day-to-day project updates on social media. Be sure to subscribe to my weekly update newsletter, and follow me on Twitter/X at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, on Bluesky at @DavidGewirtz.com, and on YouTube at YouTube.com/DavidGewirtzTV.