Skip to main content
Many websites use Cloudflare’s Web Bot Auth protocol to distinguish between legitimate automated services and unwanted bots. Notte is registered as a verified bot in Cloudflare’s registry, which means sessions can cryptographically prove their identity and gain access to otherwise restricted content.

How It Works

Cloudflare’s Web Bot Auth relies on HTTP Message Signatures (RFC 9421) to verify the origin of requests. When enabled, Notte transparently signs every outgoing HTTP request in the session with our registered cryptographic identity. Cloudflare then checks these signatures against its verified bots list and grants access accordingly. In practice, this means:
  1. You create a session with web_bot_auth=True
  2. Every HTTP request leaving the browser is signed with Notte’s credentials
  3. Cloudflare verifies the signature and recognizes Notte as a trusted bot
  4. The request passes through without triggering bot challenges
No extra code or configuration is needed on your side beyond flipping the flag.

Quick Start

Pass web_bot_auth=True when creating a session:
quick_start.py
from notte_sdk import NotteClient

client = NotteClient()

with client.Session(web_bot_auth=True) as session:
    page = session.page
    page.goto("https://example.com")
    # All requests are automatically signed

Complete Example

Web bot auth pairs well with other session features. Here’s an example combining it with residential proxies and the live viewer:
complete_example.py
from notte_sdk import NotteClient

client = NotteClient()

with client.Session(
    web_bot_auth=True,
    proxies=True,  # Use residential proxies
    open_viewer=True,
) as session:
    page = session.page

    # Navigate to a Cloudflare-protected site
    page.goto("https://example.com")

    # Interact with the page normally
    page.click("a[href='/dashboard']")
    page.wait_for_load_state("networkidle")

    print("Successfully accessed protected content!")

Using with Agents

Agents automatically inherit web bot auth from the underlying session:
agent_example.py
from notte_sdk import NotteClient

client = NotteClient()

with client.Session(web_bot_auth=True) as session:
    agent = client.Agent(session=session)
    response = agent.run(task="Go to example.com and extract the main content")
    print(response.answer)

Verifying Your Setup

The webbotauth.io/test page is a handy diagnostic tool that shows whether incoming requests carry valid signatures. Point a web bot auth session at it to confirm everything is working:
testing.py
from notte_sdk import NotteClient

client = NotteClient()

with client.Session(
    web_bot_auth=True,
    open_viewer=True,
) as session:
    page = session.page
    page.goto("https://webbotauth.io/test")
    page.screenshot(path="web_bot_auth_test.png")
    print("Check the screenshot to verify authentication status")

Use Cases

  • Scraping Cloudflare-protected sites — bypass bot challenges on sites that recognize verified bots
  • Reliable agent workflows — prevent agents from getting stuck on Cloudflare interstitial pages
  • Data pipelines — collect data from protected endpoints without manual intervention
Web bot auth proves your identity cryptographically, which is fundamentally different from stealth mode (which hides your identity) or proxies (which mask your IP). These approaches are complementary — combining them gives you the broadest coverage.

Limitations

  • Only effective on sites that participate in Cloudflare’s verified bots program
  • Requests are identified as coming from Notte — the target site must trust Notte as a verified bot
  • Does not replace other anti-detection techniques for sites that don’t use Cloudflare Web Bot Auth

Further Reading

Next Steps

Stealth Mode

Combine with anti-detection features

Proxies

Route traffic through residential proxies

CAPTCHA Solving

Automatically solve captchas

Session Configuration

Explore all session options