Cloudflare Turnstile now requires WebGL renderer information during device verification checks.

Users of WebKitGTK browsers have reported indefinite loading loops on Turnstile-protected sites since approximately one week prior to the source report, as WebGL data spoofing triggers rejection. Cloudflare documentation states that fingerprint randomization causes browsers to resemble bots, with an exception noted for Safari (hacktivis.me/articles/cloudflare-turnstile-webgl-fingerprinting).

Mozilla Bugzilla #1916271 documents Gecko returning sanitized GPU characteristics rather than hardcoded strings used by WebKit and Blink, allowing current passage but exposing data. Enabling privacy.resistFingerprinting in Firefox triggers canvas randomization warnings on Turnstile test pages.

WebKit has blocked equivalent WebGL access for multiple years, resulting in effective exclusion of WebKitGTK users from affected sites.