On both laptop and phone, with two different browsers, my experience is currently:
~20% of pages just load as normal;
~30% I get a "checking you're human" page that resolves and goes the page I want;
~35% I have to click the checkbox to show I'm human and it goes to the page I want;
~15% it says it's verified me (with or without checking the box) but then says a security token is missing and refuses access.

The odd things are:
- after I've just gone through the verification to get to a forum page (eg OMNI /PR), I have to do it again to open the threads from that page;
- if it dumps me after saying "no security token" I can open a new tab and load the same page with no check.

I'm not convinced it's "random to confuse the bad guys" as much as "random because our software sucks."

That is your device. Device software last updated?

Laptop - Firefox updated 7 April 2026. (latest version)
Android Phone - Whale browser updated 14 April 2026 (latest version)

I don't think it's me.

What I have.And get cloudflare messages on screen, but not a "no security token" message.

I had the same thing in 2023 (and so did others - in fact, you can browse the whole thread to see multiple people on multiple devices in multiple countries were affected) and then it went away without my updating my browsers. I'm pretty sure it's not me.

Pretty bad from HK again - have to connect thru UK VPN to post this

For the past 10 or so days, I've been getting the Cloudfare check 90% of the time when accessing FlyerTalk, either on Android or Windows desktop. The 10% of the time I don't get the check is because I go to a different FlyerTalk thread with a couple of minutes of performing the check. Two days ago, I couldn't go beyond the check. I'd tick the box and the check would reload, over and over.

What's random about it?

It doesn’t seem to be random, it seems to be configured entirely based on the country of your internet connection.

When I’m in the UK, on mobile, home wifi, any free wifi or even a VPN set to the UK, there’s no Cloudfare challenge.

If I use my Australian mobile on roaming data in the UK (or anywhere) I get the verify you’re a human Cloudflare challenge. If I switch back to UK-based wifi or turn on my UK VPN, I’m no longer interrupted by Cloudflare.

When I’m travelling and using my UK mobile data on roaming, there’s no Cloudflare challenge. As soon as I connect to a local wifi outside the UK I get the verify you’re a human challenge. If I use my Australian VPN in the UK I get the Cloudflare challenge.

It's getting worse with captcha trying to solve itself multiple times now before succeeding. Makes no sense to spend half a minute watching stupid security shenanigans to be able to open the forum and repeat the same process 15 minutes later once session times out.

Edit: computer cannot pass the verification anymore. What a joke.

Makes more sense than having the forum succumb to botnet attacks.

Malaysian IPs getting flagged as well (connecting thru the hotel’s WiFi so pretty sure it’s not my prepaid roaming SIM card)

So all other countries than USA and UK are botnets?

What makes no sense is that someone decided to allow all access from a US or UK internet connection without ever challenging it, and decided that any attempt to visit the site from the rest of the world is a possible botnet attack that needs challenging.

Can someone from FlyerTalk please explain to Cloudflare that Guam and the CNMI are part of the United States?