That is not true. It does a whole bunch of checks, like fingerprinting your GPU, environment, etc. The checks are even run in a custom VM, and are heavily protected. The gathered data is then sent back to cloudflare, and you either get an access cookie (cf_clearance) back, or not.