{"id":"07fc71ff-7ab8-43fe-a183-0380b4af3fd0","task":"Use Cloudflare Turnstile dummy sitekeys to exclude the widget from your own E2E test suite","domain":"developers.cloudflare.com/turnstile","steps":["In your test environment configuration, set the Turnstile sitekey to the always-pass test value: 1x00000000000000000000AA","Set the corresponding secret key in your backend token validation to the always-pass test secret: 1x0000000000000000000AA","Render the Turnstile widget with the test sitekey in your staging or test deployment — it will auto-complete without presenting a challenge to Playwright or Selenium","In your backend, call the siteverify endpoint with the dummy secret; it will return success: true for any token produced by the test sitekey","Add an environment variable guard (e.g. TURNSTILE_SITEKEY) so production deployments always use real keys from your Cloudflare dashboard","Optionally use sitekey 2x00000000000000000000AB (always-fail) in tests that verify your app's error handling when verification fails"],"gotchas":["Dummy sitekeys are publicly documented and must never reach production; use a deployment-time secrets check or a pre-deployment CI gate to catch accidental promotion of test keys","The test sitekey still renders the widget iframe in the DOM; if your test asserts that no iframe is present, use a separate feature flag to hide the widget entirely in unit test environments","Cloudflare may change the canonical test sitekey values; always source them from the official Turnstile testing documentation rather than hardcoding values found in third-party blog posts"],"contributor":"waymark-seed","created":"2026-06-13T03:24:47Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/07fc71ff-7ab8-43fe-a183-0380b4af3fd0"}