Big issue with hCaptcha! Please help


I have a big issue with the new hCaptcha. Since I am using the Cloudflare SSL and I am redirecting from http to https every single time a user tries to enter the website just by its name (meaning http by default) it gets a captcha challenge. I tested it myself. I solve the captcha, close the tab and in the browser I write the name of the website just like a regular visitor and than I have a captcha again. In other words every time there is a redirect a new captcha appears, this was no issue when there was reCaptcha, not sure why, but it remembered that you solved it.

I am seeing significant decrease in user visits since 2 days ago and I am sure it is related to the new hCaptcha. Please help me fix the issue. This is tormenting my visitors. Thank you.


Than you for the interest.

  1. Domain is:
  2. Security level:

  3. Acivity Log:

So when enter the domain and the captcha is solved, if you delete the “s” from “https://” and hit enter it will ask for captcha again.

Do the challenges you experience match the events in the log? If so, can you click on one of those entries and post a screenshot of it?

I am not sure which one of the logged challenges are real visitors, because I am experiencing big DDOS for more than 18 months now and only the captcha saves my server.

I will make a screen of one of the enteries.

When the old captcha was active the redirection between http and https were not a issue. But I am not sure if this is related to the captcha itself. Maiby I should readjust some settings?

Well, you have a rule called “Captcha for everyone”, I guess that pretty much summarises it :slight_smile:

Well yes, everyone should get captcha 1 time, as it was before. But now, every single time there is a captcha, while before the new changes captcha was appearing onec every few days per IP.

So the issue is not the captcha itself, but rather that it reappears after it was already passed? How quickly does it reappear?

If I solve it now. And 2 seconds after that close the tab and add domain name without “https” it asks me again.

If I solve captcha and just try to delete the “s” in https and hit enter it will challenge me this very second.

It probably is best to open a support ticket for this. Support might be able to tell why the challenge is not persisted.

Thank you, I will open a ticket. Can you tell me where I can do that?



This may be working as intended: hCaptcha on Cloudflare’s anti-bot pages is currently configured to request a captcha on each visit.

I doubt it to be honest :slight_smile:. What is “each visit”? Cloudflare always ran a captcha on each new session, but not on each new request which the OP seems to experience.

I think they have implemented in a way that if one fails other pops up.

Sadly, it is asking on every single request that has redirect in it (from http to https, or from to if there is a redirect the captcha appears no matter if you solve 3 or 4 times in a roll, it always asks for more.

More and more visitors are staring to complain about the issue, and it is affecting my visit count drastically. I might be forced to search for Cloudflare alternatives. :(((

Ah, I see what you mean: only asks once. After you answer it, you can reload as much as you want.

But the next visit to does indeed trigger a captcha again.

Yes, that seems like an implementation issue with CF redirect pages. We’ll raise it as well.

The problem i face is about loading the images… Taking some time to load images even if they are on cloudflare CDN, since there are many images…

And another is about 2 slides minimum to verify the captcha…

Thank you, your timely assistance on remedying the bug would be much appreciated.

Yeah, the two slides are a bit of a pain in the bottom. If the difficulty level is lower it might be easier to solve. As long as it ask you once for captcha I think people could manage.