Cloudflare partners with major browsers to develop privacy protocol that could reshape how the web handles bot traffic

Cloudflare partners with major browsers to develop privacy protocol that could reshape how the web handles bot traffic The new PACT protocol, developed with Google, Mozilla, Microsoft, and Shopify, aims to kill CAPTCHAs and tracking by verifying human users through anonymous tokens Share Add us on Google by Editorial Team Jun. 27, 2026 Cloudflare just convinced the makers of Chrome, Firefox, and Edge to help it build a new way of telling humans apart from bots online. No more clicking on pictures of traffic lights.

The company announced on June 22 a collaboration with Google, Mozilla, Microsoft, and Shopify to develop Private Access Control Tokens, or PACT. The protocol issues anonymous tokens that let websites verify whether incoming traffic is legitimate without resorting to CAPTCHAs or invasive tracking. How PACT actually works PACT takes a fundamentally different approach to bot detection.

Instead of challenging users at the point of access, the protocol allows browsers to issue cryptographic tokens that confirm the user’s legitimacy. Websites receiving these tokens can trust that traffic is non-malicious without ever learning who the user actually is. Advertisement This isn’t Cloudflare’s first attempt at solving the problem.

The company introduced Privacy Pass back in 2017, which laid the groundwork for token-based verification. PACT builds on that foundation but brings something Privacy Pass never had: buy-in from essentially every major browser maker simultaneously. Shopify’s involvement signals the e-commerce angle.

Online retailers are particularly vulnerable to bot traffic, from price scraping to credential stuffing to inventory hoarding. A protocol that filters out malicious automation without adding friction for real shoppers is essentially a revenue protection tool. The standardization play Cloudflare plans to submit PACT for official standardization through bodies like the Internet Engineering Task Force.

The company’s financials suggest this strategy is working more broadly. Cloudflare reported $2.33 billion in revenue over the trailing twelve months, reflecting 32% year-over-year growth.

What this means for investors and the broader market The risk, as with any multi-company collaboration, is execution. Privacy Pass launched in 2017, and nearly a decade later, it still hasn’t achieved universal adoption. For investors watching Cloudflare’s 32% revenue growth and wondering whether the company can sustain it, PACT represents the kind of initiative that doesn’t move the needle immediately but could compound over time.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy. TECHNOLOGY Cloudflare partners with major browsers to develop privacy protocol that could reshape how the web handles bot traffic The new PACT protocol, developed with Google, Mozilla, Microsoft, and Shopify, aims to kill CAPTCHAs and tracking by verifying human users through anonymous tokens by Editorial Team Jun.

27, 2026 Share Add us on Google Cloudflare just convinced the makers of Chrome, Firefox, and Edge to help it build a new way of telling humans apart from bots online. No more clicking on pictures of traffic lights. The company announced on June 22 a collaboration with Google, Mozilla, Microsoft, and Shopify to develop Private Access Control Tokens, or PACT.

The protocol issues anonymous tokens that let websites verify whether incoming traffic is legitimate without resorting to CAPTCHAs or invasive tracking. How PACT actually works PACT takes a fundamentally different approach to bot detection. Instead of challenging users at the point of access, the protocol allows browsers to issue cryptographic tokens that confirm the user’s legitimacy.

Websites receiving these tokens can trust that traffic is non-malicious without ever learning who the user actually is. Advertisement This isn’t Cloudflare’s first attempt at solving the problem. The company introduced Privacy Pass back in 2017, which laid the groundwork for token-based verification.

PACT builds on that foundation but brings something Privacy Pass never had: buy-in from essentially every major browser maker simultaneously. Shopify’s involvement signals the e-commerce angle. Online retailers are particularly vulnerable to bot traffic, from price scraping to credential stuffing to inventory hoarding.

A protocol that filters out malicious automation without adding friction for real shoppers is essentially a revenue protection tool. The standardization play Cloudflare plans to submit PACT for official standardization through bodies like the Internet Engineering Task Force. The company’s financials suggest this strategy is working more broadly.

Cloudflare reported $2.33 billion in revenue over the trailing twelve months, reflecting 32% year-over-year growth. What this means for investors and the broader market The risk, as with any multi-company collaboration, is execution.

Privacy Pass