Precursor
Precursor is a client-side, session-based verification system that continuously evaluates a visitor's behavior over time. Instead of relying on a single challenge event, Precursor runs ongoing verification in the browser to detect automation that appears legitimate in individual requests but exhibits non-human patterns across a session.
Precursor operates as a continuous client-side verification loop:
- A client-side script is injected into the page
- The script continuously collects signals and performs verification
- Each execution produces signals that are evaluated by Cloudflare
- Results are used to update session state stored in the
cf_clearancecookie - The process repeats throughout the session
This enables Cloudflare to continuously evaluate session behavior over time.
Enable Precursor for your zone:
- In the Cloudflare dashboard, select your zone.
- Go to Security > Settings.
- Locate Precursor.
- Turn on Precursor.

-
Choose a mode: To fully verify a user session, visitors may need to complete a lightweight Challenge to establish a valid session. Precursor provides two modes depending on whether you want to prioritize user experience or strict verification:
-
Minimize Friction (default) Does not show an interstitial Challenge to the visitor. Instead, Precursor attempts to establish session state in the background. This provides a smoother user experience, but cannot guarantee that every session is fully verified.
-
Maximize Security (recommended) Shows a lightweight interstitial Challenge to establish a valid session if one does not already exist. This ensures every session is verified before a user can proceed, but may introduce additional friction.
-

For most customers, selecting a mode is the only configuration required.
Precursor runs across your zone by default. Rules do not enable or disable Precursor — they determine which mode applies to each request.
For example:
- Run Minimize Friction across your site, but run Maximize Security to enforce a valid session on
/checkout. - Run Maximize Security on all pages, except your homepage.
Precursor supersedes JavaScript Detections (JSD):
- moves from one-time execution to continuous verification
- introduces session-based state
- enables dynamic runtime control
If you enable Precursor, you should disable JavaScript Detections (JSD).
Precursor and Challenges serve different roles:
- Challenges provide point-in-time verification
- Precursor provides continuous, session-level verification
Precursor does not replace Challenges. Instead, it strengthens them by:
- determining when additional Challenges should be required
- re-evaluating visitors after they have already passed a Challenge
- identifying automation that emerges over time
Precursor is tightly integrated with cf_clearance. When running Precursor:
- effective clearance may be reduced or invalidated
- additional Challenges may be triggered
- the visitor may be re-verified during the same session
Once Precursor runs on a zone, its detections appear in the zone's Analytics view. To open it, select your zone in the Cloudflare dashboard, then go to Security > Analytics > Traffic > Bot analysis. The bot score distribution and WAF rule-match counts now include Precursor's behavioral and biometric detections.
For more information, refer to Security Analytics.