What is the best free alternative to Cloudflare Turnstile?

We have 2 open source alternatives to Cloudflare Turnstile that you can self-host for free.

Can I self-host an alternative to Cloudflare Turnstile?

Yes! All 2 alternatives listed here can be self-hosted on your own servers, giving you full control over your data and privacy.

Are these Cloudflare Turnstile alternatives really free?

Yes, all alternatives are open source and free to use. Some may offer paid hosting or premium features, but the core software is always free.

Best Self Hosted Alternatives to Cloudflare Turnstile

A curated collection of the 2 best self hosted alternatives to Cloudflare Turnstile.

Cloudflare Turnstile is a privacy-focused CAPTCHA alternative that verifies human users for websites and APIs without interactive puzzles. It provides managed challenges, bot-detection signals, and integration SDKs/endpoints to validate requests and reduce automated abuse.

Anubis

Anubis is a lightweight web AI firewall that protects sites from AI crawlers and scraping bots using configurable request challenges and bot policies.

Anubis is a lightweight web AI firewall utility that protects upstream websites from high-volume scraper bots, especially AI crawlers. It sits in front of your origin and uses one or more challenges to decide whether to allow a request through.

Key Features

Challenge-based request gating to deter automated scraping and crawler traffic
Designed to be lightweight and affordable to run in front of community sites and small services
Configurable bot policies for allowlisting or blocking specific clients (including “good bots”)
Acts as a standalone alternative for environments where a hosted reverse-proxy security service is not desired

Use Cases

Protecting personal sites, forums, and small communities from aggressive AI crawler traffic
Adding an anti-scraping layer in front of an origin server to reduce load and bandwidth costs
Enforcing access rules for known bots and automated clients via explicit allow/deny policies

Limitations and Considerations

Can be a disruptive (“nuclear”) approach that may block smaller scrapers and potentially useful crawlers unless explicitly allowlisted

Anubis is best suited for operators who need a self-managed, challenge-based front door for HTTP traffic and want fine control over which automated clients are permitted. When tuned with sensible policies, it can help balance discoverability with uptime protection.

16.2kstars

478forks

View Details

Cap

Lightweight, self-hostable CAPTCHA alternative using SHA-256 proof-of-work challenges to protect forms and APIs from bots without tracking or visual puzzles.

Cap is a lightweight, privacy-preserving CAPTCHA alternative that uses SHA-256 proof-of-work challenges instead of image puzzles. It is designed to be fast to load, accessible, and simple to integrate into modern websites and APIs without user tracking.

Key Features

Proof-of-work challenge system based on SHA-256 (no visual CAPTCHA puzzles)
Very small client footprint with no external dependencies
Privacy-first design with no telemetry sent to third parties
Highly customizable widget styling via CSS variables
Invisible mode to run challenges in the background
Machine-to-machine (M2M) friendly flows to protect APIs while allowing trusted automation
Standalone deployment option via container for running Cap as a service (with extra operational features such as analytics)

Use Cases

Protecting public web forms (login, signup, contact forms) from spam and automated abuse
Adding bot mitigation to API endpoints while keeping UX minimal for legitimate users
Replacing traditional CAPTCHA providers in privacy-sensitive or compliance-focused environments

Limitations and Considerations

Proof-of-work increases client CPU usage, which can impact low-power devices; difficulty tuning may be required
Not ideal for defending against attackers with substantial compute resources without additional rate-limiting and abuse controls

Cap provides a practical, modern approach to bot protection by shifting verification from user interaction to lightweight computation. It works well for teams that want a fast, customizable, privacy-respecting alternative to traditional CAPTCHA widgets.

4.8kstars

253forks

View Details

Why choose an open source alternative?

•Data ownership: Keep your data on your own servers
•No vendor lock-in: Freedom to switch or modify at any time
•Cost savings: Reduce or eliminate subscription fees
•Transparency: Audit the code and know exactly what's running

Alternatives List

Anubis

Key Features

Use Cases

Limitations and Considerations

Cap

Key Features

Use Cases

Limitations and Considerations

Why choose an open source alternative?