Best Cloudflare Turnstile Solver

Cloudflare Turnstile is Cloudflare's privacy-focused CAPTCHA replacement, designed to verify visitors without presenting visual challenges. It is increasingly common on sites using Cloudflare's CDN and security products.

For automation, Turnstile requires a solving service that returns a cf-turnstile-response token.

Cloudflare Turnstile Solver Rankings

CaptchaAI's reported 100% Turnstile solve rate is one of its most cited advantages — benchmark results confirm very high rates for this specific type.

How Cloudflare Turnstile Solving Works

The solving service returns a cf-turnstile-response token. You inject this token into the form or XHR request, and the server validates it against Cloudflare's API.

Key Parameters

• websiteURL: The URL of the page with the Turnstile widget
• websiteKey: The Turnstile site key (found in page source: data-sitekey)

Python Integration (CaptchaAI)

import requests
import time

API_KEY = "YOUR_API_KEY"

def solve_cloudflare_turnstile(page_url: str, site_key: str) -> str:
    """Solve Cloudflare Turnstile and return cf-turnstile-response token."""
    resp = requests.post("https://ocr.captchaai.com/in.php", data={
        "key": API_KEY,
        "method": "turnstile",
        "sitekey": site_key,
        "pageurl": page_url,
        "json": 1,
    })
    data = resp.json()
    if data["status"] != 1:
        raise ValueError(f"Submission failed: {data}")

    task_id = data["request"]
    time.sleep(5)
    for _ in range(24):
        r = requests.get("https://ocr.captchaai.com/res.php", params={
            "key": API_KEY,
            "action": "get",
            "id": task_id,
            "json": 1,
        }).json()
        if r["status"] == 1:
            return r["request"]
        if "ERROR" in str(r.get("request", "")):
            raise ValueError(f"Error: {r['request']}")
        time.sleep(5)

    raise TimeoutError("Turnstile solve timed out")

Python Integration (Anti-Captcha JSON format)

import requests
import time

API_KEY = "YOUR_API_KEY"

def solve_turnstile_anticaptcha(page_url: str, site_key: str) -> str:
    resp = requests.post("https://api.anti-captcha.com/createTask", json={
        "clientKey": API_KEY,
        "task": {
            "type": "TurnstileTaskProxyless",
            "websiteURL": page_url,
            "websiteKey": site_key,
        },
    })
    task_id = resp.json()["taskId"]

    time.sleep(5)
    for _ in range(24):
        r = requests.post("https://api.anti-captcha.com/getTaskResult", json={
            "clientKey": API_KEY,
            "taskId": task_id,
        }).json()
        if r["status"] == "ready":
            return r["solution"]["token"]
        time.sleep(5)

    raise TimeoutError("Turnstile solve timed out")

Finding the Turnstile Site Key

import re
import requests

def get_turnstile_sitekey(url: str) -> str:
    page = requests.get(url, headers={"User-Agent": "Mozilla/5.0"})
    # Pattern 1: data-sitekey attribute
    match = re.search(r'data-sitekey=["\']([^"\']+)["\']', page.text)
    if match:
        return match.group(1)
    # Pattern 2: cf_turnstile options object
    match = re.search(r'"sitekey"\s*:\s*"([^"]+)"', page.text)
    if match:
        return match.group(1)
    raise ValueError("Turnstile sitekey not found")

Cloudflare Turnstile vs. Cloudflare Challenge (JS)

These are two different Cloudflare protection types:

If you are blocked by a full-page Cloudflare challenge (not just a Turnstile widget), you need a solver that supports Cloudflare Challenge mode specifically.

FAQ

Why does CaptchaAI claim 100% Turnstile solve rate? Cloudflare Turnstile uses behavioral signals rather than a complex visual challenge. AI-first solvers that simulate legitimate browser behavior reliably pass this challenge under standard conditions.

Does the Turnstile token expire? Yes. Tokens are valid for a short window. Inject and submit within 1–2 minutes of receiving the token.

My solved token is still failing — why? Check: (1) correct pageurl matching the exact URL with the widget, (2) the site uses Turnstile specifically (not Cloudflare Challenge), (3) the token field name in the form is cf-turnstile-response.

Compare Cloudflare Turnstile solvers at captcharank.com/compare.

Production Readiness Notes

Use Best Cloudflare Turnstile Solver as a decision and implementation aid, not just as a one-time reference. The practical test for best cloudflare turnstile solver is whether the same approach behaves reliably when traffic is messy: rotating sessions, expired tokens, changing widget parameters, intermittent solver delays, and target pages that refresh without warning. For Automation developer / scraping engineer, the safest rollout is to start with a narrow fixture, record every submitted task, and compare the solver response with the browser state that finally submits the form. That makes failures explainable instead of mysterious, especially when a target alternates between visible challenges, invisible checks, and server-side verification.

Evaluation Criteria

A type-specific guide should map the widget parameters to the solver task fields, then verify that the returned token is accepted by the target page rather than merely returned by the API. For Cloudflare challenge work, the most useful scorecard combines technical acceptance with operational cost. A low nominal price is not enough if retries double the real cost per accepted token, and a fast median solve time is not enough if p95 latency stalls the queue. Track these criteria before you standardize the workflow:

• The challenge subtype, sitekey, action, rqdata, blob, captchaId, or page URL used for each task.
• Median and p95 solve time, separated by provider and target domain.
• Accepted-token rate on the target page, not just successful API responses.
• Retry count, timeout count, zero-balance incidents, and invalid-parameter errors.
• The exact browser, proxy region, and user-agent that submitted the solved token.

Rollout Checklist

Before this guidance moves into a production job, build a small acceptance suite around the pages that matter most. Run it with a fixed browser profile, then repeat with the proxy and concurrency settings you expect in production. Keep the first release conservative: bounded polling, clear timeout handling, and a fallback path when the solver cannot return a usable answer. For Cloudflare challenge, separate Turnstile widgets from managed challenges, track clearance cookies, and confirm that the success selector proves access to the protected page. That checklist keeps the article useful after the first copy-paste, because the integration is judged by end-to-end completion rather than by whether a code sample returned a string.

Monitoring Signals

Healthy CAPTCHA automation is observable. Log the task id, provider, challenge type, target host, queue time, solve time, final submit status, and normalized error code for every attempt. Review those logs in daily batches at first, then move to alerts once the baseline is stable. Sudden drops usually come from target-side changes: a new sitekey, a changed action name, a stricter hostname check, an added managed challenge, or a proxy pool that no longer matches the expected geography. When you can see those shifts quickly, provider switching becomes a controlled decision instead of a late-night rewrite.

Maintenance Cadence

Revisit the setup whenever the target UI changes, when the solver provider changes task names or pricing, or when benchmark data shows a sustained latency or solve-rate shift. Keep one known-good fixture for each CAPTCHA subtype and rerun it after dependency upgrades, browser updates, and proxy changes. If the article is used for vendor selection, repeat the same fixture across at least two providers before renewing a balance or migrating the whole pipeline. That habit keeps best cloudflare turnstile solver work aligned with the real target behavior rather than with stale assumptions.