Comparisons

The 2026 CAPTCHA Guide for WAFs: Providers, Pricing, and the Bypass Economy

The CAPTCHA market has fragmented. This is the full map: every major provider and what it charges, the bypass services that solve challenges for less than the provider charges to run them, which WAFs can issue a challenge natively, and the harder 2026 question, what happens when a CAPTCHA blocks the AI agent your customer sent to buy from you.

24 min read
WAFplanet card for the 2026 CAPTCHA guide, showing that a bypass at $0.80 per 1,000 costs less than protection at $1.00 per 1,000.
WAFplanet card for the 2026 CAPTCHA guide, showing that a bypass at $0.80 per 1,000 costs less than protection at $1.00 per 1,000.

Every website is getting scraped. AI training crawlers, credential-stuffing bots, scalpers, LLM agents that ignore robots.txt and terms of service. If your site has data worth taking, someone is automating the collection of it.

CAPTCHAs are one answer. They have been the answer for two decades, and they are still the answer Google, Cloudflare, AWS, and Microsoft embed into their WAFs as a native enforcement action. But the landscape has shifted in ways that make the old assumptions dangerous. A bypass service will solve a reCAPTCHA v2 for $0.80 per thousand using an AI model, faster than a human can tick the "I am not a robot" box. Google charges the site owner $1 per thousand for the Enterprise version of the same challenge. Per request, the protection can cost the site more than the bypass costs the attacker. (That comparison has a catch, different denominators, which we unpack honestly in the bypass section.)

This post maps the full picture: every major CAPTCHA provider and what it costs, the bypass economy, which WAFs can issue a CAPTCHA challenge natively, when you should use one instead of a lighter alternative, and the question that reframes all of it in 2026, what to do when the "bot" you are challenging is an AI agent working for one of your customers.

TL;DR

  • Bypass is cheaper than protection. AI solvers undercut what providers charge to run the challenge, so treat CAPTCHA as a deterrent that raises the cost of automation, not a wall that stops it.
  • AI killed the image CAPTCHA. Any vision-capable LLM solves grids, sliders, and text puzzles now. If your defence is "click all the traffic lights," it is already bypassed.
  • WAF-native beats the standalone widget. Let the WAF decide when to challenge based on risk, and you avoid the "CAPTCHA on every form" tax on legitimate users.

The provider landscape in 2026

The CAPTCHA market looks nothing like it did three years ago. Google reCAPTCHA is still, by a wide margin, the most widely deployed CAPTCHA on the web, largely because it is free and has been the default for over a decade; technology-detection trackers consistently show it running on the large majority of sites that use any CAPTCHA at all. What has changed is not Google's install base, it is everything around it: a privacy-focused challenger tier, proof-of-work systems, and a self-hosted segment that barely existed before. One caveat on the headline numbers, the widely-quoted "99%+ share" figures measure share of detected deployments, which over-counts a free, easy-to-fingerprint, often-legacy widget. They are not a measure of traffic protected, nor of where new adoption is heading.

The fragmented 2026 CAPTCHA landscape: cloud providers, enterprise challengers, and a growing self-hosted tier. Tap a logo to jump to its section.

Every provider at a glance, with links. The bypass services are in The bypass economy; pricing is in What everything costs.

ProviderApproachDeployment
Google reCAPTCHAImage grid + invisible scoreSaaS (Google Cloud)
Cloudflare TurnstileInvisible JS challengeSaaS (free tier + enterprise)
hCaptchaImage challengeSaaS
Friendly CaptchaProof-of-workSaaS
Arkose LabsGamified interactiveEnterprise only
GeeTestSlider + behavioralEnterprise
ALTCHA / SentinelProof-of-workSelf-hosted or SaaS
AnubisProof-of-workSelf-hosted (open source)
Cap.jsProof-of-workSelf-hosted (open source)
mCaptchaProof-of-workSelf-hosted (appears inactive in 2026)
ProsopoHybrid proof-of-workSelf-hosted or SaaS
Private CaptchaProof-of-workSelf-hosted or SaaS

Google reCAPTCHA (v2, v3, Enterprise)

Still the default, but the cracks are showing. Google migrated reCAPTCHA to its Google Cloud Platform in 2025, which changed the pricing model and added a billing requirement even for the free tier. reCAPTCHA Essentials gives you 10,000 free assessments per month per organization, then $8 per month for 10,001 to 100,000, then $1 per 1,000 beyond that. Enterprise is a flat $1 per 1,000 with a monthly commitment.

Three versions co-exist: v2 (interactive checkbox with optional image grid), v3 (invisible score from 0.0 to 1.0), and the Enterprise tier that adds account defender, transaction protection, and 11 scoring levels. The privacy cost is real: reCAPTCHA collects behavioral data, device fingerprints, and browsing signals that feed Google's ad ecosystem. An hCaptcha analysis puts the value of a single reCAPTCHA training signal at $0.001 or less. Read that figure as a motivated estimate, hCaptcha is a direct competitor selling the alternative, but the underlying point, that reCAPTCHA's "free" tier is paid for in data rather than dollars, is not seriously disputed.

Cloudflare Turnstile

Turnstile was marketed as the frictionless, privacy-first alternative. It runs lightweight JavaScript checks in the background, evaluates browser signals and device characteristics, and returns a verification token. Most users never see a challenge. Three modes exist: non-interactive (fully invisible), non-intrusive interactive (a clickable widget), and invisible (no visible element at all).

Pricing is the confusing part. Cloudflare markets Turnstile as "free" and provides a free tier with up to 20 widgets and unlimited challenge volume. At scale, however, you hit an enterprise wall: the only paid option above the free tier is a custom Enterprise contract, typically starting above $2,000 per month, with no self-serve mid-tier. If your traffic grows beyond what the free tier comfortably handles, you either stay on it or negotiate a contract. Cloudflare's product page emphasises the free tier; the enterprise pricing requires a sales conversation.

Privacy is genuinely better than reCAPTCHA: Turnstile does not harvest data for advertising. But it does collect behavioral signals (mouse movements, interaction timing) that may still require GDPR justification depending on your jurisdiction. hCaptcha's research claims Turnstile is cheaper to bypass than reCAPTCHA v3, suggesting Cloudflare prioritised UX friction over detection strength. (Same caveat: hCaptcha competes with both, so treat the direction of the claim as more reliable than the exact numbers.)

hCaptcha

Positioned as the privacy-friendly reCAPTCHA replacement, hCaptcha uses image-based challenges and is API-compatible with reCAPTCHA (making it a drop-in swap). In practice, the challenges take 3 to 10 seconds, which puts it in the same UX bucket as reCAPTCHA v2. Privacy is better than Google's but not clean: hCaptcha still collects interaction data, which it monetises by using human solves to label AI training data. The "free" pricing is subsidised by that labelling arrangement, and paid plans exist for high-volume sites.

Friendly Captcha

This takes a fundamentally different approach: proof-of-work instead of puzzles. The browser solves a lightweight cryptographic challenge in the background while the user fills out the form. There is no tracking, no behavioral data collection, no Google dependency. Privacy-first by design and GDPR compliant out of the box. Pricing starts with a free tier and scales from there. The tradeoff: proof-of-work has a battery impact on mobile, and the puzzle difficulty must be adaptive to stay effective against automated solvers.

Arkose Labs (FunCaptcha)

Enterprise-only gamified challenges: rotating 3D objects, image matching, spatial puzzles. The adaptive difficulty engine escalates challenge complexity in real time based on risk signals, making it one of the hardest CAPTCHAs to solve at scale. The flip side: enterprise contracts only, meaning you cannot self-serve, and the interactive challenges add meaningful friction when triggered. Arkose is not a choice for small sites; it is an insurance policy for high-value transaction flows (finance, gaming, large e-commerce).

GeeTest

Adaptive challenges (sliders, icon clicks, space puzzles) backed by seven layers of behavioral analysis. Claims an average verification time of 1.4 seconds and 360,000+ enterprise customers. Enterprise pricing on request, no public self-serve.

Self-hosted CAPTCHAs (ALTCHA/Sentinel, Cap.js, mCaptcha, Anubis, Private Captcha)

A growing category for sites that cannot or will not send their traffic data to a third party. Private Captcha's 2026 comparison is the most detailed breakdown of this space. The notable options:

  • ALTCHA / Sentinel: The old Altcha (MIT licensed) is effectively abandonware. The current product is Sentinel, a proprietary proof-of-work system at €99 or €799 per month. The Docker image is 1.1 GB (407 MB of that is node_modules). Rich feature set including form provider, spam detection, and link redirects, but the security posture of a 1 GB self-hosted appliance is questionable.
  • Cap.js: Lightweight proof-of-work (Apache 2.0). Runs on JavaScript and Redis, deployable in minutes. No dynamic difficulty scaling, no persistent storage, limited to JS frontends. Great for a Raspberry Pi, not for a production site under active scraping.
  • mCaptcha: Proof-of-work, open source, community driven. Looks dormant in 2026: the project's site (mcaptcha.org) no longer serves a working page, so treat it as legacy rather than a live option.
  • Anubis / Wicketkeeper: Proof-of-work challenges, free and self-hosted.
  • Prosopo: Hybrid proof-of-work, self-hosted or proprietary.
  • Private Captcha: Self-hosted with PoW and challenge options. The blog is from the provider itself, so treat comparisons with that context.

The self-hosted segment shares one limitation: proof-of-work hurts mobile users disproportionately, requires adaptive difficulty to work against real attackers, and none of the open-source options match the detection sophistication of the cloud providers. They are a privacy-first choice, not a security-first one.

Beyond the major players, the long tail of the CAPTCHA market includes several regional and niche providers. Yandex SmartCaptcha (0.3% market share) is the leading option in Russian-language sites, offering both invisible and interactive modes. Tencent Captcha (0.04%) and NetEase Yidun serve the Chinese market with slider and behavioral challenges. MTCaptcha (0.03%) positions itself as a GDPR-compliant enterprise option with accessibility features. BotDetect (self-hosted, actively maintained, .NET/Java/PHP, works in China) and KeyCAPTCHA are smaller standalone offerings used primarily in legacy integrations. The 6sense list also tracks several names that are effectively dead: SolveMedia is parked and for sale, Are You a Human redirects to a domain parking page, sweetCaptcha has been overtaken by an unrelated blog, and NoMoreCaptchas and Captch Me no longer resolve. None of these challenge the top three by market share, but the active ones matter for sites with regional or compliance-specific requirements.

What everything costs

ProviderFree tierPaid tierEnterprise
Google reCAPTCHA10,000/mo (per org)$8/mo (10K-100K), then $1/1K$1/1K, monthly commitment
Cloudflare TurnstileYes (20 widgets, unlimited challenges)None (no mid-tier)Custom (~$2K+/mo)
hCaptchaYes (subsidised by data labelling)Paid plans availableCustom
Friendly CaptchaYesScaled plansCustom
Arkose LabsNoNo (enterprise only)Custom
GeeTestNoNo (enterprise only)Usage-based
ALTCHA Sentinel30-day trial€99/mo€799/mo
Cap.js / AnubisFree (self-hosted)N/AN/A

The critical observation: every CAPTCHA provider charges the site, and the bypass services undercut that price. We will quantify that in the next section.

The bypass economy

CAPTCHAs are not a check that bots cannot pass; they are a cost that raises the price of automation. The bypass market has matured into a clear tiered structure with well-documented pricing.

A note on the numbers below. The prices and success rates in this section come mostly from the solver services themselves and from comparison blogs run by companies in the same market. They have an obvious incentive to look cheap and capable, so treat the figures as advertised rates, not independently verified benchmarks. We plan to publish our own head-to-head solver test to replace these with measured numbers; until then, use them for order-of-magnitude, not precision.

The bypass market: commercial solver services and AI-powered tools that undercut the price of protection. Tap a logo to jump to its section.

Commercial solver services

2Captcha is the oldest and best-known: a human workforce that solves CAPTCHAs and returns tokens via API. Pricing ranges from €0.50 per 1,000 for simple image CAPTCHAs to €1.40 for Turnstile and €2.80 for high-score reCAPTCHA v3. FunCaptcha (Arkose) ranges from €1.40 to €50 per 1,000 depending on difficulty.

CapSolver is the AI-native alternative. It solves everything algorithmically without a human workforce, which gives it sub-10-second response times and effectively unlimited capacity. Their published rates: reCAPTCHA v2 at $0.80 per 1,000, Turnstile at $1.20, AWS WAF at $2.00, reCAPTCHA v3 Enterprise at $3.00 (targeting high scores of 0.7-0.9).

The full comparison table across solver services shows Anti-Captcha from $0.50 per 1,000 images, DeathByCaptcha from $0.99 per 1,000, and CapSolver from $0.40 per 1,000 tokens.

Bypass servicereCAPTCHA v2TurnstilereCAPTCHA v3 (high)FunCaptchaType
2Captcha€0.99-2.80/1K€1.40/1K€2.80/1K€1.40-50/1KHuman workforce
Anti-Captcha$0.50/1KSupportedSupportedSupportedHybrid (humans+templates)
CapSolver$0.80/1K$1.20/1K$3.00/1K-AI (automated)
DeathByCaptcha$0.99/1KSupportedSupported-Hyrbid (humans+OCR)

Read the critical line again: Google charges $1 per 1,000 for reCAPTCHA Enterprise assessments. CapSolver charges $0.80 per 1,000 to bypass them.

One caveat, because it matters: those two prices are not measured against the same denominator. The site pays its per-assessment fee on every request it evaluates, the overwhelming majority of which are legitimate users; the attacker pays the solver fee only on the requests they actually choose to attack. So the site's true cost per blocked bot is higher than the sticker price, and the attacker's cost is only ever what a successful bypass is worth to them. The honest version of the claim is "protection costs the site more per request than bypass costs the attacker," not a literal dollar-for-dollar duel. It is still damning: a defence whose unit economics run underwater against the very attacker it targets is a weak defence. But state it the accurate way, because a sharp reader will notice the difference.

AI-powered open source bypass

The big shift in 2025-2026 is that you no longer need to pay a solver service. ai-captcha-bypass is a Python tool that uses GPT-4o or Gemini 2.5 Pro through Selenium to solve text CAPTCHAs, puzzle sliders, reCAPTCHA v2, and audio CAPTCHAs. It works by screenshotting the challenge, sending it to a vision model, and executing the returned action (mouse coordinates, text input, grid clicks).

Other tools: NopeCHA (browser extension, formerly open source, now closed, works with Selenium/Puppeteer/Playwright) and Buster (open source, uses speech recognition for reCAPTCHA audio challenges).

The implication: any moderately capable LLM with vision can now solve CAPTCHAs. The days where you needed a human farm or a training pipeline are over. This changes the threat model for every provider that relies on image-based or puzzle-based challenges.

How effective is the bypass?

A 2023 UC Irvine study found that roughly 50% of bot traffic already passes reCAPTCHA through various means. AI solvers now claim success rates above 90% on reCAPTCHA v2 and common puzzle CAPTCHAs. The practical reality is that CAPTCHAs remain effective against casual scraping and bulk automation (the attacker who does not want to pay per solve) but are not a reliable barrier against a motivated attacker with a budget.

Those 90%-plus figures are self-reported by the solvers, so weight them accordingly. And the market itself sits in a legal gray zone: solving another site's CAPTCHA to scrape it can run into computer-misuse and terms-of-service law, and where that line falls varies by jurisdiction and by whether the data is public. The services operate openly regardless, which tells you how weakly that boundary is enforced in practice.

The residential proxy blind spot

There is a gap in every CAPTCHA system that runs on IP reputation. Residential proxies are IP addresses from real home ISPs (Comcast, Vodafone, Deutsche Telekom) that have been repurposed as relay points. They come from three sources: compromised IoT devices running as SOCKS exit nodes, proxyware users (Honeygain, IPRoyal, Proxyrack) who install an app in exchange for money, and mobile proxy networks that rotate through carrier NAT pools. In all three cases the IP looks clean. It does not appear in any VPN database, data center ASN list, or threat intelligence feed because it belongs to a real subscriber at a residential address.

This breaks the detection pipeline that most WAF CAPTCHA systems rely on. reCAPTCHA v3 assigns a score partly based on IP reputation. Turnstile evaluates browser signals but routing through a residential exit node can normalize those. The IP itself triggers nothing. An attacker behind Bright Data or Oxylabs (the largest residential proxy brokers) can send requests from 50,000 clean home IPs across 150 countries, and none of them will look suspicious to a system that checks whether the IP belongs to a known datacenter ASN.

The bypass services already exploit this. When 2Captcha or CapSolver claims a client-side solve in under 10 seconds, the solver is often running behind a residential proxy network that does not raise flags at the challenge layer. The actual solver is invisible because the traffic arrives through a clean residential IP with plausible browser fingerprints.

What addresses this: Behavioral analysis that does not depend on IP reputation. HUMAN Security and Arkose Labs detect bot behavior through interaction patterns (mouse movement curves, timing anomalies, scroll behavior) rather than where the IP is registered. Peakhour specifically advertises residential proxy blocking as part of its AI-powered bot management layer, identifying proxy traffic through network fingerprinting and behavioral analysis. Cloudflare Bot Management scores requests across 40+ signals including TLS fingerprint, HTTP/2 settings, and browser characteristics that are harder to spoof than the source IP. reCAPTCHA Enterprise's account defender adds session-level behavioral history. None of these are foolproof, but they raise the cost of automation far above reCAPTCHA v2 with a clean IP.

Bottom line: If your only bot detection layer is "challenge visitors from datacenter IPs," you are already compromised. Residential proxies mean the challenge must happen at the behavioral layer, not the network layer. CAPTCHA is still useful, but it needs to sit on top of real bot management, not replace it.

WAF CAPTCHA integration: the main event

This is where the story changes. CAPTCHA used to be a standalone widget you pasted into your HTML. In 2026, the major WAF platforms have turned it into a native enforcement action: your WAF detects suspicious traffic and serves a challenge directly, without your application code needing to handle it. This is a significant architectural shift.

Cloud WAFs with native CAPTCHA

Cloudflare WAF + Turnstile

Cloudflare has the deepest integration. Turnstile is available as a standalone widget for any site, but it also integrates directly into Cloudflare WAF rules as a challenge action. The Turnstile + WAF + Bot Management pipeline can rate-limit, score requests, and serve a Turnstile challenge at the edge before traffic reaches your origin. The Pre-Clearance feature extends this to fetch/XHR requests, not just HTML form submissions. Turnstile is free at the widget level; Cloudflare WAF starts at $20 per month (Pro).

AWS WAF + CAPTCHA / Challenge

AWS WAF has two native challenge actions: CAPTCHA and Challenge. The CAPTCHA action serves an interactive Amazon-hosted puzzle. The Challenge action is lighter: it runs a JavaScript proof-of-computation in the browser without user interaction. Pricing is granular: CAPTCHA at $4 per 10,000 attempts, Challenge at $0.40 per million responses. The Bot Control managed rule group ($10 per month per Web ACL plus $1 per million requests) can automatically apply CAPTCHA or Challenge based on bot category. This is the most granular CAPTCHA pricing model of any cloud WAF, and the Challenge action (sub-penny cost) is a viable always-on option for most endpoints.

Azure Front Door WAF + CAPTCHA

Azure Front Door WAF (Premium tier) offers a native Microsoft CAPTCHA challenge. When a WAF rule matches, it returns an interactive CAPTCHA page. Successful completion passes the request through to standard WAF rule processing. The Bot Manager Ruleset 1.1 can automatically apply CAPTCHA based on bot risk scoring. Usage-based pricing, part of Front Door Premium.

Google Cloud Armor + reCAPTCHA Enterprise

Google Cloud Armor integrates with reCAPTCHA Enterprise to serve challenge pages at the edge. Cloud Armor evaluates reCAPTCHA session tokens and can block or allow based on the risk score. The Bot Management add-on ties reCAPTCHA scoring to Cloud Armor's WAF rules. You pay reCAPTCHA Enterprise pricing on top of Cloud Armor costs.

Imperva, Akamai, Fastly, F5, Radware, Prophaze

All of these enterprise WAFs offer CAPTCHA challenge actions as part of bot management add-ons. The pattern is consistent: the base WAF detects anomalous traffic, the bot management module assigns a risk score, and the platform can respond with a CAPTCHA or JavaScript challenge at the edge. Pricing is enterprise-only and bundled into the bot management SKU. The specific implementations:

  • Imperva serves CAPTCHA or JS challenges as part of Advanced Bot Protection.
  • Akamai supports reCAPTCHA integration plus branded challenge pages via Bot Manager.
  • Fastly offers dynamic client challenges via Bot Management (not on the Essential Next-Gen WAF plan).
  • F5 Distributed Cloud includes JS challenge and CAPTCHA as part of Bot Defense.
  • Radware and Prophaze include CAPTCHA as part of their WAAP bot management.

Self-hosted WAFs with CAPTCHA

If you self-host your WAF, the options are narrower but real.

BunkerWeb (free, open source)

BunkerWeb is the most flexible self-hosted option. Its USE_ANTIBOT setting supports seven different modes: turnstile, hcaptcha, recaptcha, mcaptcha, captcha (simple image challenge), javascript (proof-of-computation), and cookie (challenge-response cookie). The antibot state is persisted in a session cookie so returning users do not get re-challenged. This level of provider choice in a self-hosted WAF is unique. Free and open source, runs on Nginx.

SafeLine WAF (free, open source)

SafeLine includes an Anti-Bot Challenge that dynamically issues CAPTCHAs to suspicious clients. Part of its bot protection layer alongside rate limiting and IP blocking. The Hacker News overview of SafeLine confirms CAPTCHA challenges as a core feature. Free, self-hosted.

CrowdSec (free + paid tiers)

CrowdSec's Nginx bouncer supports CAPTCHA remediation: when an IP is flagged by CrowdSec's threat intelligence (either local signals or the community blocklist), the bouncer can return a CAPTCHA instead of a block. The CAPTCHA is served at the Nginx level, not at the application level. Also available as a Cloudflare Worker bouncer. Free tier covers community signals; paid Security Engine adds commercial threat intelligence.

RhinoWAF (free, open source)

Open source Go WAF for Traefik/Nginx with built-in hCaptcha integration. Privacy-focused, GDPR compliant. Less mature than the options above.

WAFs without native CAPTCHA

ModSecurity, Coraza, open-appsec, and NAXSI are rule engines, not enforcement proxies. They can detect attacks, but they cannot serve a CAPTCHA challenge to the client by themselves. To add CAPTCHA to one of these, you need a separate reverse proxy layer (Nginx, HAProxy) or an application-level integration. This is not a flaw in those tools, it is a deliberate architectural boundary, but it means they are not part of the CAPTCHA-as-WAF-action story.

The 2026 wrinkle: the traffic you challenge might be working for your users

Every framing so far treats automation as hostile. In 2026 that assumption is quietly breaking, and it is the most important shift in this whole space. A growing share of "bot" traffic is agents acting on behalf of real people: an assistant booking travel, a research agent comparing prices across a dozen sites, a shopping agent completing a checkout its user explicitly asked for. These agents browse, read, and buy, and they hit the exact same CAPTCHAs your WAF serves to scrapers. OpenAI, Anthropic, and Google all ship agents that drive a real browser on a user's behalf, and they trip challenge pages constantly.

This turns a technical control into a business decision. Challenge aggressively and you keep scrapers out, but you also turn away the agent your customer sent to buy from you, and you make yourself invisible to the AI assistants that increasingly sit between people and the web. Wave everything through and you are back to paying for someone else's scraping. Nothing at the network level cleanly separates "my user's agent" from "someone else's scraper," because they look identical: both render JavaScript, move a mouse, and, as we have seen, solve puzzles.

So the industry is shifting the question from "prove you are human" to "prove something verifiable about the client." That is a fundamentally different model, and three strands of it are worth watching:

  • Token attestation (Privacy Pass / Private Access Tokens). An IETF-standardised flow where a trusted attester (Apple devices, for example) vouches that a client is a genuine device or a real signed-in user, without revealing who they are. A WAF that accepts these tokens can skip the CAPTCHA entirely: no puzzle, no tracking, nothing for the user to do. Cloudflare and Fastly already support this path. Cloudflare framed it, accurately, as eliminating CAPTCHAs for attested Apple clients.
  • Verified bots and signed agent identity (Web Bot Auth). Instead of blocking all automation, platforms keep allowlists of known, well-behaved bots, and the newer work adds cryptographic identity so a legitimate agent can prove which service it belongs to with a signed request, rather than hoping its user-agent string is trusted. This lets you admit the good agents on purpose instead of by accident.
  • Pay-per-crawl and agent gateways. Some operators are replacing the binary block with a price: charge automated clients for access instead of fighting them. Cloudflare launched a pay-per-crawl model in 2025 that turns unwanted-but-valuable bot traffic into a billing line rather than a threat to squash.

The strategic point: a CAPTCHA is a blunt instrument in a world where a lot of high-value traffic is both automated and welcome. If your 2026 bot strategy is still "challenge anything that looks non-human," you are optimising for a threat model that is already out of date. The forward-looking question is not just "when do I challenge," it is "when do I challenge, when do I silently attest, and when do I let a known agent through, or charge it for the privilege." Most WAFs cannot express that full spectrum yet. The ones that get there first will have a real advantage.

When CAPTCHA helps and when it hurts

The conversion cost is real

A Stanford study found that CAPTCHA challenges can reduce form conversions by up to 40%. Baymard's classic usability analysis documents the reasons: users cannot read the challenge, do not understand why it exists, or find it insulting to be treated like a bot after they have already filled out a 10-field form. The friction compounds on mobile.

The invisible modes (reCAPTCHA v3, Turnstile non-interactive, Friendly Captcha PoW) mitigate this significantly. But none of them eliminate it entirely. v3 scores penalise VPN and proxy users. Turnstile sometimes forces visible challenges. PoW drains mobile batteries. Every CAPTCHA has a UX cost, and the cost is highest on the flows you care about most: registration, checkout, login.

Accessibility is a cost, and increasingly a legal one

CAPTCHAs are one of the web's most documented accessibility barriers. Visual puzzles exclude blind and low-vision users; audio alternatives defeat deaf-blind users and are unusable in a noisy environment; drag-and-slider challenges assume fine motor control; and time-limited, high-cognitive-load puzzles lock out users with cognitive disabilities. The W3C has warned about this for years, and it is not a fringe concern. It maps directly onto WCAG failure criteria, and therefore onto legal exposure: inaccessible CAPTCHAs have featured in US ADA web-accessibility complaints, and in the EU the European Accessibility Act (in force since June 2025) raises the stakes for consumer-facing services.

There is a bitter irony here. The audio-CAPTCHA fallback that exists to serve blind users is exactly the hole that Buster and the other audio-solving tools drive through. The accessible path and the bypass path are the same path. This is one more argument for the invisible approaches, proof-of-work, risk scoring, token attestation, which sidestep the accessibility problem entirely because there is no puzzle for anyone, disabled or not, to fail.

CAPTCHA placement anti-patterns

The most common mistakes:

  • Putting CAPTCHA on login: Blocks legitimate users, signals that you have a rate-limiting or credential-stuffing problem you should solve at a lower level.
  • Not putting it on registration: Lets bots create accounts en masse, which then bypass the login CAPTCHA with valid credentials.
  • Showing the same challenge every time: CAPTCHA should be risk-adaptive, or you are punishing every visitor for the behaviour of a few.
  • Using interactive CAPTCHA for low-value actions: A newsletter signup does not need Arkose Labs. A password reset button does.

Where CAPTCHA is still the right tool

  • Account registration (high-value target for bots)
  • Password reset and account recovery flows
  • High-value transactions (ticketing, limited inventory, financial transfers)
  • Forms that attract spam (contact forms, comment sections on high-traffic sites)
  • API endpoints where rate limiting alone is insufficient

Alternatives to CAPTCHA

For many endpoints, lighter alternatives are more effective than CAPTCHA and carry zero UX cost:

  • Rate limiting: The first line of defence. Blocks bulk scraping by volume alone.
  • JS challenges: AWS WAF Challenge and Cloudflare's JS challenge run a proof-of-computation in the browser. Invisible to users, cheap for the site, expensive for bots at scale.
  • Honeypot fields: Invisible form fields that bots fill in but humans do not see. Trivial to implement, catches unsophisticated scrapers.
  • Time-based checks: If a form submission arrives in under two seconds, it is almost certainly a bot. Bypassable but catches naive automation.
  • Behavioral biometrics: Mouse movement, scroll patterns, typing cadence. Services like SilentShield aim for fully invisible verification, though the market is less mature than the major CAPTCHA providers.
  • Proof-of-work: Browser computes a cryptographic puzzle. Friendly Captcha and ALTCHA use this. No tracking, no images, zero user friction, but higher mobile battery cost and server validation overhead.
  • IP reputation + fingerprinting: Block known bad IPs and require additional verification from suspicious fingerprints. Services like FingerprintJS and the built-in reputation systems in Cloudflare, AWS, and Azure WAF provide this without any challenge.

Decision framework: which CAPTCHA + WAF combo for which scenario

ScenarioWAFCAPTCHAWhy
Small site, wants simple protection, no budgetCloudflare (free tier)Turnstile (non-interactive)Free, minimal friction, good enough for most bots. Accept the enterprise pricing cliff at scale.
Mid-size e-commerce, runs on AWSAWS WAFAWS Challenge (for browse), CAPTCHA (for checkout)Granular pricing, Challenge costs pennies. Use CAPTCHA only on the high-value cart/checkout flow.
EU-based, strict GDPR requirementsBunkerWeb or CloudflareTurnstile (non-interactive) or Friendly CaptchaTurnstile has no ad-tracking data flow. Friendly Captcha has no tracking at all. BunkerWeb gives you both options.
High-value transactions (finance, gaming)Imperva, Akamai, Cloudflare EnterpriseArkose Labs or reCAPTCHA EnterpriseBudget justifies enterprise pricing. Arkose is hardest to bypass; Enterprise reCAPTCHA has the best scoring granularity.
Self-hosted infrastructure, no cloud WAFBunkerWeb or SafeLineBunkerWeb: any provider. SafeLine: built-in CAPTCHA challengeBunkerWeb is the most flexible. SafeLine is simpler. Both are free.
Privacy-maximalist, zero third-party dataBunkerWebCap.js or Anubis (self-hosted PoW), or ALTCHA SentinelYour data never leaves your server. Accept lower detection quality vs cloud providers.
Already runs CrowdSecCrowdSec bouncer (Nginx/Cloudflare)CrowdSec CAPTCHA remediationFree, fits existing CrowdSec deployment. CAPTCHA is triggered by threat intelligence signals, not every request.
API-heavy applicationAny of the aboveAWS Challenge or JS challenge (not CAPTCHA)APIs cannot render visual challenges. Use proof-of-computation or token-based verification.

The takeaway

CAPTCHA in 2026 is no longer a binary choice between "has it" and "does not." The market has stratified into three tiers: cloud WAFs with native challenge actions (Cloudflare, AWS, Azure, Google, Imperva, Akamai), self-hosted WAFs with CAPTCHA support (BunkerWeb, SafeLine, CrowdSec), and standalone widgets that do not integrate with your WAF at all.

The critical facts to carry away:

  • Bypass is cheaper than protection. The solver services undercut Google's Enterprise pricing. Base your economics on this reality: CAPTCHA is a deterrent, not a wall.
  • AI killed the image CAPTCHA. GPT-4o and Gemini 2.5 Pro can solve them. If your protection relies on image selection or text recognition, it is time to upgrade to behavioral or proof-of-work approaches.
  • WAF-native CAPTCHA is better than a widget. When the WAF decides when to challenge, you avoid the "CAPTCHA on every form" anti-pattern. AWS Challenge at $0.40 per million is cheaper than serving reCAPTCHA JS to every visitor.
  • Self-hosted is viable for privacy but weaker for security. The open-source options trade detection quality for data sovereignty. If your threat model includes motivated actors, a cloud CAPTCHA provider with AI-trained models and global threat intelligence will outperform anything you can run on your own hardware.
  • CAPTCHA is one layer, not the whole stack. Rate limiting, IP reputation, fingerprinting, JS challenges, and WAF rules all come before the CAPTCHA decision. Use all of them, and deploy CAPTCHA only as the escalation point when the other signals are inconclusive.
  • Not all bots are the enemy any more. In 2026 a large and growing slice of automated traffic is agents working for your actual customers. "Prove you are human" is the wrong question for them; token attestation, verified-bot identity, and pay-per-access are where the smart operators are heading. Blocking blindly now means losing the traffic that increasingly mediates discovery and purchase.

The question is no longer "which CAPTCHA should I use." It is "at what point in my WAF rule evaluation should I challenge the client, and with which mechanism?" The answer depends on your WAF, your traffic profile, your compliance requirements, and how much you are willing to spend on the arms race.

Frequently Asked Questions

If bypass services undercut the price of protection, why bother with CAPTCHAs at all?

Because most attackers are not willing to pay per-solve. CAPTCHAs raise the floor: casual scraping, bulk automation, and drive-by bots bounce. The bypass economy only helps motivated attackers with a budget. For 90% of bot traffic, a CAPTCHA at $0 (native WAF challenge) is cost-effective even if $0.80 per 1,000 bypasses exist.

Which WAF has the best CAPTCHA pricing?

AWS WAF. CAPTCHA at $4 per 10,000 attempts, Challenge (JS proof-of-computation) at $0.40 per million responses. That is sub-penny. Cloudflare Turnstile is free for up to 20 widgets but hits a wall at enterprise pricing (~$2,000+ per month) with no self-serve mid-tier. Google Cloud Armor adds reCAPTCHA Enterprise costs ($1 per 1,000) on top of WAF pricing.

Is self-hosted CAPTCHA (Cap.js, Anubis, ALTCHA) a viable option?

For privacy-first sites, yes. For security-first sites, not really. Proof-of-work hurts mobile users, none match the detection sophistication of cloud providers, and the open-source options lack adaptive difficulty. The exception is BunkerWeb, which supports Turnstile, hCaptcha, reCAPTCHA, mCaptcha, JS challenge, and cookie challenge - all configurable in one self-hosted WAF.

Are AI vision models making CAPTCHAs obsolete?

Not yet, but the trend is clear. Tools like ai-captcha-bypass (GPT-4o, Gemini 2.5 through Selenium) solve text, puzzle slider, reCAPTCHA v2, and audio challenges with over 90% success. The 2026 shift is that you no longer need a human farm. This affects image-based and puzzle CAPTCHAs most. Proof-of-work (Friendly Captcha, Cap.js) and behavioral scoring (Turnstile, reCAPTCHA v3) are less affected.

Can residential proxies bypass CAPTCHAs entirely?

Yes, and that is the point. Residential proxy IPs look like real home users to every IP reputation database. They do not trigger reCAPTCHA v3 low scores or Turnstile flags because the IP itself is clean. Bypass services already use them. The fix is behavioral analysis: Peakhour, HUMAN Security, and Cloudflare Bot Management score requests on interaction patterns and device fingerprints, not just IP origin. If your CAPTCHA strategy relies on IP reputation alone, residential proxies are a blind spot.

What happened to SweetCaptcha?

SweetCaptcha was an action-based graphical CAPTCHA launched in 2011 that replaced distorted text with friendly drag-and-drop challenges (like dragging a carrot onto a bunny). It gained popularity but permanently ceased operations in late 2015 after a major security incident: researchers at Sucuri found its widget was being hijacked to inject adware and pop-ups onto sites using it. The domain now hosts an unrelated blog. Dead CAPTCHAs matter to this discussion because they illustrate the vendor risk of relying on a small CAPTCHA provider: if they vanish or get compromised, your forms break silently. The long tail of CAPTCHA providers includes several names in the same graveyard.