> ## Documentation Index
> Fetch the complete documentation index at: https://docs.uncaptcha.io/llms.txt
> Use this file to discover all available pages before exploring further.

# WAF Task

> Solve Cloudflare WAF challenges

### Data

<ParamField body="url" type="string" required>
  The URL of the page where the WAF challenge is located.

  **Example:** `https://mune.rs/`

  <Warning>
    URL must include a path. For example, `https://mune.rs` is invalid—use `https://mune.rs/` instead.
  </Warning>
</ParamField>

<ParamField body="user_agent" type="string">
  The `User-Agent` we must use for the requests.\
  Defaults to: `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36`

  <Info>
    We support:

    * Chrome (Windows, macOS, Linux, iOS & Android)
    * Firefox (Windows, macOS, Linux, iOS & Android)
    * Safari (macOS, iOS) // *Tested only on Safari 26*
  </Info>
</ParamField>

<ParamField body="html" type="string">
  The HTML body of the challenge you've encountered.\
  If this is not sent, API will automatically try to retrieve the challenge from the URL.

  <Info>
    The response you send us must have the header `Cf-Mitigated: challenge`.
  </Info>

  <Warning>
    If you provide this field, you must also provide the same User-Agent used for the request, and the TLS fingerprint must match that User-Agent.\
    Otherwise, you will usually receive a `challenge triggered reload` error.
  </Warning>
</ParamField>

<ParamField body="proxy" type="string" required>
  Proxy to use for solving the challenge.

  **Format:** `<http|socks5>://[username:password@]host[:port]`

  **Example:** `http://user:pass@192.168.1.1:8080`
</ParamField>

### Data Example

```json theme={null}
{
  "url": "https://mune.rs/",
  "html": "<html>...</html>", // optional
  "proxy": "http://user:pass@192.168.1.1:8080"
}
```

***

### Solution Parameters

<ParamField body="clearance" type="string" required>
  The WAF clearance cookie value.

  **Cookie name:** `cf_clearance`
</ParamField>

<ParamField body="cf_bm" type="string">
  An optional Cloudflare bot management cookie value.

  **Cookie name:** `__cf_bm`
</ParamField>

<ParamField body="cf_rt" type="string" required>
  A token that must be appended to the `Referer` header as a query parameter on your first request.

  **Query parameter:** `__cf_chl_tk`

  **Examples:**

  | Original referer       | Modified referer                           |
  | ---------------------- | ------------------------------------------ |
  | `https://mune.rs/`     | `https://mune.rs/?__cf_chl_tk=<cf_rt>`     |
  | `https://mune.rs/?a=b` | `https://mune.rs/?a=b&__cf_chl_tk=<cf_rt>` |

  <Note>
    Not always required, but usually enforced on high-security sites.
  </Note>
</ParamField>

<ParamField body="attributes" type="object" required>
  Key-value pairs that must be submitted (POST request) as the body of your first request.

  **Content-Type:** `application/x-www-form-urlencoded`

  <Note>
    Not always required, but usually enforced on high-security sites.
  </Note>
</ParamField>

<ParamField body="headers" type="object" required>
  HTTP headers used during the solve process. You must use these exact headers for your subsequent requests.

  **Includes:** `user-agent`, `sec-ch-ua`, `sec-ch-ua-mobile`, `sec-ch-ua-platform`
</ParamField>

### Solution Example

```json theme={null}
{
  "clearance": "abc123...",
  "cf_bm": "xyz789...",
  "cf_rt": "token123...",
  "attributes": {
    "a": "value1",
    "b": "value2",
    "c": "value3"
  },
  "headers": {
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36",
    "sec-ch-ua": "\"Google Chrome\";v=\"137\", \"Chromium\";v=\"137\", \"Not/A)Brand\";v=\"24\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\""
  }
}
```

***

<Tip>
  Using a different IP from the one you used to solve will invalidate the clearance.
</Tip>

<Tip>
  Always use the exact headers returned in the solution. Mismatched headers (especially `user-agent`) will invalidate the clearance.
</Tip>
