How Cloudflare Bot Management Works
Cloudflare sits in front of a large share of the web, and its Bot Management product is one of the most widely encountered automated-traffic filters online. Here's a neutral look at how it scores requests and what each detection layer actually inspects.
Quick Answer
Cloudflare Bot Management assigns each request a bot score from 1 to 99 — where 1 means almost certainly automated and 99 means almost certainly human. That score is produced by several detection engines working together, and site operators write rules against it.
- →Four engines: Heuristics, Machine Learning, Anomaly Detection, JavaScript Detections
- →JA3/JA4 TLS fingerprints are available to Enterprise customers
- →The "Verifying you are human" interstitial is the Managed Challenge
This guide explains how Cloudflare Bot Management detects automated traffic — what each engine looks at and how the score is used. It is not a bypass walkthrough. Understanding the detection model matters because it explains why ordinary automated requests are flagged and why the system behaves the way it does for different kinds of clients.
The bot score (1-99)
Per Cloudflare's documentation, every request through Bot Management receives a bot score between 1 and 99. A score of 1 indicates traffic Cloudflare is confident is automated; a score of 99 indicates traffic it's confident comes from a human. Operators don't block at a fixed threshold — they write firewall rules that act on the score in combination with other request attributes.
The score isn't a single model output. It's the consolidated verdict of four distinct detection engines.
The four detection engines
Heuristics
A rules engine that catches clearly identifiable automation. Cloudflare documents that requests caught by heuristics are scored either 1 or 29. This is the fastest, most deterministic layer.
Machine Learning (the main engine)
The primary scoring engine, producing scores from 2 to 99. Per Cloudflare, it analyzes features across the billions of requests it sees daily to distinguish automated from human traffic patterns.
Anomaly Detection
An unsupervised approach that learns a site's normal traffic baseline and flags deviations. Cloudflare notes this engine is deprecated for new customers.
JavaScript Detections
A lightweight, invisible JavaScript probe that helps identify headless browsers and clients that don't behave like a full browser environment.
JA3 / JA4 TLS fingerprints
Separate from the scoring engines, Cloudflare exposes JA3 and JA4 TLS fingerprints to Enterprise Bot Management customers. These fingerprints summarize the way a client negotiates a TLS handshake — the cipher suites and extensions it offers — which often differs between a real browser and a scripting library.
Per Cloudflare's documentation, JA4 sorts the ClientHello extensions before hashing. That reduces fingerprint churn across modern browsers, which can shuffle extension order, making the fingerprint more stable than the older JA3 format.
Turnstile and Private Access Tokens
Turnstile is Cloudflare's CAPTCHA replacement. Per the docs it runs in three modes — Managed, Non-Interactive, and Invisible — and issues a cf-turnstile-response token that the origin validates. Instead of relying on fingerprinting, Turnstile can also accept Private Access Tokens, which validate a client via Apple device attestation.
For AI crawlers, Cloudflare announced on July 1, 2025 ("Content Independence Day") that it began blocking AI crawlers by default and launched a Pay Per Crawl beta. That beta reportedly uses an HTTP 402 "Payment Required" flow to let sites charge for crawl access.
What the challenge looks like
When a request scores low or matches a challenge rule, the most familiar experience is the "Verifying you are human" interstitial — that is Cloudflare's Managed Challenge. It runs a short non-interactive check in the browser and, if needed, presents a Turnstile widget before forwarding the request to the origin.
Why mobile / CGNAT IPs are treated differently
Mobile carrier IPs sit behind Carrier-Grade NAT (CGNAT), meaning thousands of real subscribers share a single public address. That shared nature is exactly why defenders can't treat a carrier IP the same as a datacenter IP: blocking it harms a crowd of legitimate humans.
Cloudflare made this design constraint explicit in its October 29, 2025 blog, "detecting CGN to reduce collateral damage." Cloudflare reported that CGNAT IPs were being rate-limited roughly 3× more often than non-CGNAT IPs — despite showing lower bot activity — and described work to detect CGN so that mitigations don't punish the many humans sharing those addresses.
This is a documented defender design constraint, not a bypass technique. It explains why mobile carrier IPs carry higher default trust: the collateral-damage cost of over-blocking them is high. See our explainer on CGNAT and mobile proxies.
Sources
Related Guides
Test on real mobile carrier IPs
Genuine 4G/5G IPs in the USA, UK, and Netherlands for legitimate, compliant data work. Test it for $5.