Relationship between Turnstile and Security Settings -> Security Level


I’m wondering what the relationship is between Turnstile’s Widget Modes (Managed, Non-interactive, Invisible) and a website/zone’s Security → Settings → Security Level (Essentially off, Low, Medium, High, I’m Under Attack).

For example, on an e-commerce site if I’m specifically trying to protect against carding attacks, one strategy might be to put a Turnstile widget on the checkout page in Managed mode. But if the website has the Security Level under Security Settings set at say Medium or High would that Turnstile widget be redundant as they would have already been challenged?

Do you mean a website/zone’s security as set in a browser? Or do you mean in a Cloudflare firewall or something like that?

In Cloudflare … Domain/Zone → Security → Settings → Security Level


Turnstile currently is a one off challenge and should be used to protect individual actions, where as security level etc. are meant to challenge a visitor once and if they have passed not challenge them again.