Cloudflare Turnstile
Cloudflare Turnstile is a CAPTCHA alternative that verifies visitors are human without a puzzle, often used on login and signup forms. It is detected from the Turnstile widget script and challenge iframe.
Turnstile on a form indicates anti-automation protection. On a credential-collecting page it can also lend a phishing site a veneer of legitimacy, so it should be read alongside the rest of the scan.
Commonly deployed alongside Cloudflare Turnstile
Of the 9,977 public scans where Cloudflare Turnstile was detected, these are the technologies most often present on the same site. The share is the percentage of Cloudflare Turnstile sites that also ran each one.
| Technology | Category | Share of Cloudflare Turnstile sites |
|---|---|---|
| Cloudflare | wappalyzer | 100% |
| X-UA-Compatible | miscellaneous | 65.4% |
| Cloudflare Bot Management | wappalyzer | 62.65% |
| HTTP/3 | wappalyzer | 53.16% |
| reCAPTCHA | wappalyzer | 44.64% |
| HSTS | wappalyzer | 28.03% |
| Google Cloud | wappalyzer | 25.41% |
| Google Cloud CDN | wappalyzer | 25.35% |
| hCaptcha | wappalyzer | 20.82% |
| Open-Graph-Protocol | miscellaneous | 13.54% |
| jQuery | wappalyzer | 11.54% |
| Google Analytics | wappalyzer | 8.63% |
| Cloudflare Browser Insights | wappalyzer | 8.39% |
| JQuery | miscellaneous | 8.2% |
How ScanMalware detects Cloudflare Turnstile
Cloudflare Turnstile is detected by analysing the response headers, HTML markup, JavaScript runtime and asset URLs captured when ScanMalware loads the site in a real headless browser.
From any scan you can pivot into related signals — JARM TLS fingerprints, ASN ownership and BGP routing, certificate history, JavaScript analysis and the overall security verdict — to understand not just that Cloudflare Turnstile is present, but how it is being used. Open the full search interface for Cloudflare Turnstile →
Recent public scans featuring Cloudflare Turnstile
A rolling sample of recent public scans where Cloudflare Turnstile was detected. Listing a site here is not a safety judgement — open a scan to see its full verdict.
| Site | Scanned |
|---|---|
| Guam Travel Guide Overview - MileHacker https://www.milehacker.com/travel/guam/guam-travel-guide-overview/ | 2026-06-21 |
| Price Bailey Chartered Accountants | Accountancy Firm https://pricebailey.co.uk | 2026-06-21 |
| Cathie Wood - Trader Summit https://tradersummit.net/speaker/cathie-wood/ | 2026-06-21 |
| Community | Community Wiki | Fandom https://community-sitcom.fandom.com/wiki/Community | 2026-06-21 |
| GOOSE « https://purehoneymagazine.com/goose/ | 2026-06-21 |
| Toy Story 5 | Disney Pixar Animation Studios Wikia | Fandom https://disney-pixar-animation-studios.fandom.com/wiki/Toy_Story_5 | 2026-06-21 |
| Toy Story 5 | Toy Story fanom Wiki | Fandom https://toy-story-fanom.fandom.com/wiki/Toy_Story_5 | 2026-06-21 |
| Photography1000 https://www.photography1000.com/login/2094613590812322?e=2870220456 | 2026-06-21 |
Frequently asked questions about Cloudflare Turnstile
- Does using Cloudflare Turnstile mean a website is unsafe?
- No. Cloudflare Turnstile is a stack component, not a verdict. ScanMalware scores the whole page — its scripts, redirects, certificates, threat-intelligence matches and behaviour — so a site using Cloudflare Turnstile can be perfectly safe or actively malicious.
- How many sites using Cloudflare Turnstile has ScanMalware scanned?
- Cloudflare Turnstile has been detected in 9,977 public scans on ScanMalware.com. Each scan is a real headless-browser visit, and the figure updates as new URLs are submitted.
- What technologies are commonly used with Cloudflare Turnstile?
- Across scanned sites, Cloudflare Turnstile is most often seen alongside Cloudflare, X-UA-Compatible and Cloudflare Bot Management. The full co-occurrence breakdown is listed on this page.
Browse all profiled technologies on the technology index, or scan a URL to see its full stack.