I’ve been using Cloudflare as a CDN for my site, and everything was working fine until my site recently received over 10K user visits in a short period of time. After that, my site started showing the “Verify you are human” CAPTCHA to users., This creates a bad user experience as visitors need to wait for verification, and I want to avoid this. I’ve heard this might be related to security settings in Cloudflare or the increase in traffic triggering stricter checks.
What steps have you taken to resolve the issue?
Checked the Cloudflare settings for security and traffic thresholds.
Tried accessing the site on different devices to confirm the CAPTCHA issue.
What are the steps to reproduce the issue?
Use Cloudflare as a CDN for a website.
Allow the site to receive 10K+ visits in a short time.
Open the site on a mobile or desktop browser and observe the CAPTCHA (“Verify you are human”) prompt.
Regarding the issue with the “verify you are human” CAPTCHA that users are seeing is likely triggered by the security settings, which are designed to protect your site from bots, abuse, or suspicious traffic. You should maybe apply rate limiting rules on your hostname or even block countries you do not do Business with by using custom rules as per described here: Overview · Cloudflare Web Application Firewall (WAF) docs
Instead of presenting CAPTCHA, you have two alternatives:
Go to Security → WAF → Custom Rules.
Create a rule to challenge suspicious traffic using JavaScript instead of CAPTCHAs:
Rule Expression: Target specific traffic you want to monitor (e.g., specific IP ranges or geographies).
Action: Set to Challenge (JS Challenge).
This allows Cloudflare to verify users transparently, without requiring them to solve a CAPTCHA.
You can also apply Turnstile as per described here: Cloudflare Turnstile · Cloudflare Turnstile docs as Turnstile can be embedded into any website without sending traffic through Cloudflare and works without showing visitors a CAPTCHA.