diff --git a/app/pages/overview.py b/app/pages/overview.py
index 7b3e0fb..48e0f61 100644
--- a/app/pages/overview.py
+++ b/app/pages/overview.py
@@ -116,16 +116,16 @@ def welcome_page(request: Request):
                 )
             with ui.row().classes("items-center gap-4 pt-4"):
                 turnstile = load_turnstile_settings()
-                ui.add_body_html(
-                    '<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>'
-                )
-                hidden_token = (
-                    '<input type="hidden" name="cf-turnstile-response" value="test-token" />'
-                    if turnstile.uses_test_keys
-                    else ""
-                )
-                ui.html(f"""<form method="post" action="/workspaces/bootstrap" class="flex items-center gap-4">
-                        {hidden_token}
+                if turnstile.uses_test_keys:
+                    ui.html("""<form method="post" action="/workspaces/bootstrap" class="flex items-center gap-4">
+                        <input type="hidden" name="cf-turnstile-response" value="test-token" />
+                        <button type="submit" class="rounded-lg bg-slate-900 px-5 py-3 text-sm font-semibold text-white no-underline dark:bg-slate-100 dark:text-slate-900">Get started</button>
+                    </form>""")
+                else:
+                    ui.add_body_html(
+                        '<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>'
+                    )
+                    ui.html(f"""<form method="post" action="/workspaces/bootstrap" class="flex items-center gap-4">
                         <div class="cf-turnstile" data-sitekey="{turnstile.site_key}"></div>
                         <button type="submit" class="rounded-lg bg-slate-900 px-5 py-3 text-sm font-semibold text-white no-underline dark:bg-slate-100 dark:text-slate-900">Get started</button>
                     </form>""")
diff --git a/tests/test_turnstile.py b/tests/test_turnstile.py
index e399ef2..f624da2 100644
--- a/tests/test_turnstile.py
+++ b/tests/test_turnstile.py
@@ -162,6 +162,25 @@ def test_turnstile_settings_support_always_fail_test_keys(monkeypatch) -> None:
     assert settings.uses_test_keys is False
 
 
+def test_welcome_page_uses_hidden_test_token_without_turnstile_widget_in_test_env(monkeypatch, tmp_path) -> None:
+    from app.models import workspace as workspace_module
+    from app.models.workspace import WorkspaceRepository
+
+    repo = WorkspaceRepository(base_path=tmp_path / "workspaces")
+    monkeypatch.setattr(workspace_module, "_workspace_repo", repo)
+    monkeypatch.setenv("APP_ENV", "test")
+    monkeypatch.delenv("TURNSTILE_SITE_KEY", raising=False)
+    monkeypatch.delenv("TURNSTILE_SECRET_KEY", raising=False)
+
+    with TestClient(app) as client:
+        response = client.get("/")
+
+    assert response.status_code == 200
+    assert "test-token" in response.text
+    assert "data-sitekey=" not in response.text
+    assert "challenges.cloudflare.com/turnstile/v0/api.js" not in response.text
+
+
 def test_bootstrap_stays_blocked_under_always_fail_turnstile_test_keys(monkeypatch, tmp_path) -> None:
     from app.models import workspace as workspace_module
     from app.models.workspace import WorkspaceRepository