Cloudflare Turnstile, R2, and community security

Use first-party Turnstile verification, optional R2 storage, and standards-based Web Push without exposing provider secrets in builder markup.

Turnstile

Choose login, registration, and password-reset placements, site and secret keys, theme, and size. Saved secrets are never emitted back into public markup. REST verifies each token server-side.

R2 and Web Push

R2 is available for object-storage workflows. Offline Web Push uses site-managed VAPID and standards-based encryption; Firebase is not required.

View BP Builder Addons