Companies that use Cloudflare Turnstile

Analyzed and validated by Henley Wing Chiu ยท Updated
All โ€บ web application firewall โ€บ Cloudflare Turnstile

Cloudflare Turnstile We detected 88,515 companies using CloudFlare Turnstile including popular sites such as Carrefour, DoorDash, Keysight Technologies, John Hopkins University and TransUnion. Read our methodology for finding companies that use Cloudflare Turnstile. Note: We track companies that installed CloudFlare Turnstile on their website. We track companies using Cloudflare here

โฑ๏ธ Data is delayed by 1 month. To show real-time data, sign up for a free trial or login
Company Employees Industry Country Region Usage Start Date
008perception 2โ€“10 Retail
United States
North America
01Mars 2โ€“10 Technology, Information and Internet
France
Europe
032c 11โ€“50 Newspaper Publishing
Germany
Europe
050media 51โ€“200 Technology, Information and Internet
Netherlands
Europe
0xtings 2โ€“10 Retail
United States
North America
1-CP 2โ€“10 Technology, Information and Internet
Germany
Europe
1000 Degrees Pizza Salad Wings 501โ€“1,000 Restaurants
United States
North America
1000 Hearts 1 employee Non-profit Organizations
Australia
Oceania
1000 Miglia 11โ€“50 Events Services
Italy
Europe
1001 Organic 11โ€“50 Food and Beverage Manufacturing
Tanzania
Africa
1001 Remedies 2โ€“10 Wellness and Fitness Services
United Kingdom
Europe
100 Acres 2โ€“10 Personal Care Product Manufacturing
United Kingdom
Europe
100 ideas 2โ€“10 Retail
United Kingdom
Europe
100K Ideas 11โ€“50 Business Consulting and Services
United States
North America
The100MenHall 2โ€“10 Retail
United States
North America
100Percent Wellness Co 2โ€“10 Retail
Pakistan
Asia
100% Chiropractic Franchise 501โ€“1,000 Medical Practices
United States
North America
100% Nutrition 2โ€“10 Retail
United States
North America
็›Š็™พๅˆฉ่ผ”ๅ…ท็”Ÿๆดป้คจ 100POWER 2โ€“10 Retail
Taiwan
Asia
100 Proof Press 2โ€“10 Retail
United States
North America
Showing 1-20

Our methodology for finding companies that use Cloudflare Turnstile

What this captures, and what it doesn't

We believe in being transparent about how we collect our data and what its limitations are, unlike most other data providers who operate as black boxes.

This methodology captures companies that have embedded the Turnstile script on a publicly reachable page. It is the most reliable signal that Turnstile is actually wired into a site's frontend, as opposed to merely being on a procurement list somewhere.

It does not capture a few important scenarios:

  • Companies that have installed the Turnstile script but never actually trigger it. The widget is invisible until something on the page causes the challenge to render, so a script that sits dormant looks the same to us as one being actively used. We assume that if a company has gone to the trouble of embedding it, they intend to use it.
  • Companies that only use Turnstile on pages behind a login or other authentication wall. Our crawl runs against publicly reachable URLs, so anything gated by a sign-in flow, an internal admin tool, or a customer dashboard is invisible to us.

We also do not track companies that use Cloudflare WAF features more broadly. WAF protects traffic at the network layer rather than through an embedded frontend script, so it requires a completely different detection approach and lives in its own dataset.

How we figured this out

We start with a list of the most popular domains belonging to roughly 3 million companies, ranked by headcount as reported on their LinkedIn company profiles. For each domain, we crawl the homepage and inspect the scripts loaded by the page.

1. Script source detection. Turnstile is delivered as a JavaScript file served from challenges.cloudflare.com. We check whether any <script> tag on the page loads a resource from that host. A hit tells us the page is pulling something from Cloudflare's challenge infrastructure, which is the first necessary signal.

2. Turnstile-specific verification. The challenges.cloudflare.com host serves more than just Turnstile, so a match on the hostname alone is not enough. We then verify that the script being loaded is specifically the Turnstile client (typically turnstile/v0/api.js or a closely related path) rather than a script tied to a different Cloudflare challenge product. Only domains that pass both checks make it into the dataset.

Alternatives and Competitors to Cloudflare Turnstile

Explore vendors that are alternatives in this category

HumanSecurity HumanSecurity Oracle WAF Oracle WAF Spur Spur Indusface Indusface Cloudflare Enterprise Cloudflare Enterprise Cloudflare Turnstile Cloudflare Turnstile Akamai Bot Manager Akamai Bot Manager F5 Distributed Cloud F5 Distributed Cloud HAProxy HAProxy Sucuri Sucuri PerimeterX PerimeterX Google Cloud Load Balancer Google Cloud Load Balancer AWS Application Load Balancer AWS Application Load Balancer AWS WAF AWS WAF Barracuda WAF Barracuda WAF Imperva Imperva AWS Application Load Balancer for Backend Services AWS Application Load Balancer for Backend Services Imperva WAF Imperva WAF Radware Cloud WAF Radware Cloud WAF F5 BIG IP F5 BIG IP Azure Application Gateway Azure Application Gateway Netscaler Netscaler

Loading data...