Calibration Target

Captcha / Bot Challenge

Emulates a Cloudflare-style 'Checking your browser' interstitial with a Turnstile-like widget, cf_clearance cookies, and content that only settles after JS executes. Tests whether scanners crash on bot-protection screens.

Back to hub Reload scenario

Checking your browser before accessing the site...

This process is automatic. Your browser will redirect to your requested content shortly.

Expected Findings

Page emulates a Cloudflare/Turnstile interstitial and requires JS to settle.
Response sets `__cf_bm` and `cf_clearance` cookies and a `cf-ray` header.
Content only renders after the simulated challenge completes.
This is not a vulnerability; it tests scanner behavior on bot-protection screens.

Primary Flows

Challenge orchestrator Returns challenge HTML and CF cookies
Turnstile siteverify POST a token to verify
Turnstile widget JS Stub of the client widget

Signals

CF cookie

Set-Cookie: __cf_bm=...; Path=/; HttpOnly; Secure; SameSite=None

CF header

cf-ray: 8a1b2c3d4e5f-MAD
server: cloudflare

Notes

Scanners that flag this as a vulnerability or fail to crawl past the interstitial are misbehaving.