Skip to content
Cloudflare Docs

Challenges

Challenges are security mechanisms used by Cloudflare to verify whether a visitor to your site is a real human and not a bot or automated script.

When a challenge is issued, Cloudflare asks the browser to perform a series of checks that help confirm the visitor’s legitimacy. This process involves evaluating client side signals or asking a visitor to take minimal action such as checking a box. Challenges are designed to protect your application without introducing unnecessary friction. Most visitors will pass challenges automatically without interaction.

Cloudflare does not use CAPTCHA puzzles or visual tests like selecting objects or typing distorted characters. All challenge types are lightweight, privacy-preserving, and optimized for real-world traffic.


Turnstile

Use Cloudflare's smart CAPTCHA alternative to run less intrusive challenges.

Bots

Cloudflare bot solutions identify and mitigate automated traffic to protect your domain from bad bots.

WAF

Get automatic protection from vulnerabilities and the flexibility to create custom rules.

DDoS Protection

Detect and mitigate Distributed Denial of Service (DDoS) attacks using Cloudflare's Autonomous Edge.