Pre-clearance support
You can integrate Cloudflare challenges on single-page applications (SPAs) by allowing Turnstile to issue a clearance cookie. The clearance level is set upon widget creation or widget modification using the Turnstile API’s clearance_level
. Possible values for the configuration are no_clearance
, jschallenge
, managed
, or interactive
. All widgets are set to no_clearance
by default.
For Enterprise customers eligible to toggle off domain checks, Cloudflare recommends issuing clearance cookies on widgets where at least one domain is specified.
Refer to the blog post ↗ for an example of pre-clearance implementation.
- Interactive: Interactive Pre-clearance allows a user with a clearance cookie to not be challenged by Interactive, Managed Challenge, or JavaScript Challenge Firewall Rules
- Managed: Managed allows a user with a clearance cookie to not be challenged by Managed Challenge or JavaScript Challenge Firewall Rules
- Non-interactive: Non-interactive allows a user with a clearance cookie to not be challenged by JavaScript Challenge Firewall Rules
Clearance cookies generated by the Turnstile widget will be valid for the time specified by the zone-level Challenge Passage value. To configure the Challenge Passage setting, refer to the WAF documentation.
- Log in to the Cloudflare dashboard ↗ and select your account.
- Go to Turnstile > Add Site.
- Under Would you like to opt for pre-clearance for this site? select Yes.
- Choose the pre-clearance level from the select box.
- Select Create.
- Log in to the Cloudflare dashboard ↗ and select your account.
- Go to Turnstile.
- Go to the existing widget or site and select Settings.
- Under Would you like to opt for pre-clearance for this site? select Yes.
- Choose the pre-clearance level from the select box.
- Select Update.
If a verified bot encounters a page where a Turnstile widget is implemented, the challenge will fail and the verified bot will see a 403
error from the Turnstile endpoint.
However, if a verified bot is excluded from the rule which pre-clearance will grant clearance for, it will pass. Users can create a WAF custom rule to exclude verified bots.