Cloudflare APO & Siteground Anti-Captcha Bot - Redirect Loop


These two services do not currently work together. Enabling both causes this redirect loop on the non-www domain:

The options are:

  • Disable APO (which of course I’d rather not do)
  • Disable Siteground’s anti-captcha bot (which Siteground are extremely reluctant to do).

Here is Siteground’s response & request to Cloudflare:

"Cloudflare does not honour the “cache-control: no-cache” HTTP header of the CAPTCHA page, which leads to the page getting cached by Cloudflare.

Consequently, the cached CAPTCHA page is served to visitors each time, making solving the CAPTCHA and proceeding to the website impossible. This is also what appears to be causing the redirect loop as well.

We are in contact with Cloudflare regarding that matter and they should eventually deploy a fix regarding these hindrances, but until then the only solution is to disable either their APO service."

Is this true/is there a fix in the works?

Thank you,


If it’s not been announced, there’s no telling what’s in the works.

…or…??? They left off the the other option from their “either.”

:point_up:t3: There’s your best option.

I suspect it used to say “either their APO service or Siteground anti-captcha bot” but they since removed that recommendation.

I am not techy, but have requested they disable it, which they now have. But their warning is obviously concerning (below). Hope it is indeed on the roadmap (would not know where to look for annoucements/roadmap).

"Note that we wish our anti-bot captcha protection to remain active on your “moneystocker com” domain name as the anti-bot captcha protection is a security feature which SiteGround uses in order to protect your sites from malicious access such as bad bots. The bad bots are bots which crawl your sites viciously with the intention to cause high CPU usage and thus to bring sites down.

Please note that such bots not only can cause high CPU usage and thus to get your sites down, but also can try to find vulnerabilities in your sites and using these vulnerabilities bad bots can be used for hacking your sites."

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.