I’m using Firefox with its built-in Marionette feature for automating some things. This causes the
navigator.webdriver browser property to be set to
true, which in turn causes Cloudflare to outright deny my browser for the
Checking if the site connection is secure check (stuck in an endless loop). Disabling Marionette without any further changes immediately makes the check complete just fine. Browser automation has perfectly valid/legitimate purposes though, so I don’t think CF should just deny browsers using it. Furthermore, Marionette requires a full restart of Firefox to toggle it, which makes it quite annoying when I have to visit sites protected by CF. Not sure how it works for the webdrivers of other browsers, but they might have the same problem.
Perhaps rather than simply denying automated browsers right away, Cloudflare could instead check if it’s sending an excessive amount of requests. Or maybe look for other indicators of abuse. Having automation enabled doesn’t outright decrease security in my opinion.
For comparison: I know Google reCAPTCHA (at least the v2 checkbox) also used to check for webdrivers being enabled, since it would always ask me multiple times to complete a challenge. Disabling Marionette makes it tick the box without any challenge. Nowadays I can immediately tick the box even with Marionette, so it seems they figured out better ways too.