How to Handle CAPTCHAs When Scraping in 2026
By Marcus Reiner · 2026-04-24 · 10 min read · Engineering
reCAPTCHA v3, hCaptcha, Cloudflare Turnstile and DataDome challenges — what works, what doesn't, what costs.
Best CAPTCHA is no CAPTCHA
Most CAPTCHAs only fire on suspicious traffic. Clean residential IP + real TLS fingerprint + warmed session = no CAPTCHA in the first place. Solve the root cause before paying a solver.
Solver services compared
2Captcha — $0.50–$3 per 1k, human-based, slow (15-45s) but works on everything
CapSolver — $0.20–$1 per 1k, AI-based, fast (3-10s), best for reCAPTCHA v2/v3 and Turnstile
Anti-Captcha — similar to 2Captcha, slightly more expensive
Integration pattern (reCAPTCHA v2)
1. Detect challenge on page (`#g-recaptcha` element)
2. Extract sitekey and pageurl
3. POST to solver API with proxy info (helps token validation)
4. Poll for solution token (~10-30s)
5. Inject token into form/hidden field, submit
Or — outsource the whole thing
Bright Data Web Unlocker and Oxylabs Web Unlocker handle CAPTCHA + IP + fingerprint in one request. ~$2–$5 per 1k requests, but you write zero CAPTCHA-solving code.
Cloudflare Turnstile
Turnstile is mostly invisible — it scores the session. Solver services (2Captcha, CapSolver) can produce tokens, but the cleanest fix is a real browser + clean IP. Turnstile rarely triggers on properly fingerprinted residential traffic.
FAQ
Can I train my own CAPTCHA solver?
Technically yes for image CAPTCHAs; not worth it economically — solvers are cheap and reCAPTCHA evolves faster than you can retrain.