Skip to content

Stop bots. No puzzles. No tracking.

stopbot protects your forms with invisible cryptographic proof-of-work. Visitors never click a traffic light or solve a CAPTCHA — and you never ship a tracker, cookie, or privacy headache.

GDPR-friendly
No cookies
One script tag

Drops into any stack — one script tag, one verify call

HTML React Vue Svelte Laravel Next.js WordPress
How it works

Proof-of-work, end to end

Four steps run automatically between page load and form submit. Your users see nothing — that’s the point.

  1. 01

    Challenge issued

    When your form loads, stopbot hands the browser a unique challenge and a difficulty target — no interaction required.

  2. 02

    Browser solves it

    The visitor’s device quietly hashes until it finds a valid nonce. Costs a human milliseconds; costs a bot farm real money at scale.

  3. 03

    Token returned

    A signed proof-of-work token is attached to your form submission automatically — invisible to the user.

  4. 04

    Server verifies

    Your backend confirms the token with a single hash check via the stopbot API. Valid proof, real visitor. No proof, no submission.

Why stopbot

Bot protection that respects everyone

Built for the people who ship the form and the people who fill it out.

Invisible by default

No image grids, no “select all the buses”. Most visitors are verified before they finish typing.

Privacy-first

No cookies, no fingerprinting, no behavioral tracking. Nothing about your users is sold or stored.

Accessible

Works for screen readers and keyboard-only users. No visual puzzles means no accessibility barrier.

Featherweight

A sub-6 KB async script that never blocks render. No third-party iframe, no layout shift.

Framework-agnostic

Drop a script tag into plain HTML, or use first-class helpers for React, Vue, Svelte and Laravel.

The difference

Silent proof-of-work vs. the old way

Traditional CAPTCHAs

  • Image puzzles that waste 30+ seconds
  • Tracks users across the web
  • Third-party cookies & fingerprinting
  • Frustrating for assistive tech
  • Heavy iframe, slow to load

stopbot

  • Invisible — solved in the background
  • Nothing about the user is collected
  • Zero cookies, zero fingerprinting
  • Fully accessible, no visual challenge
  • Sub-6 KB async script
FAQ

Questions, answered

A CAPTCHA asks the human to prove themselves by solving a puzzle. Proof-of-work asks the device to prove itself by spending a small, measurable amount of CPU. It’s invisible to the visitor and expensive for an attacker to repeat thousands of times.

It makes mass automation costly. A single legitimate submission costs a few milliseconds; submitting a form 100,000 times costs an attacker real compute time and money. Combined with rate limits and server-side verification, it removes the economic incentive for spam and credential stuffing.

No. The work runs in the background while the visitor fills out the form, and the difficulty is tuned so it completes in well under a second on a typical device. Most users are verified before they reach the submit button.

Yes. stopbot does not set cookies, fingerprint devices, or send personal data to third parties. The challenge and proof are anonymous tokens, so there is nothing to consent to and nothing to leak.

Because there is no visual or audio puzzle, there is no accessibility barrier. The widget is keyboard-operable and screen-reader friendly, and the verification happens without any required user action.

Add one script tag to your page, drop in the widget, and verify the returned token with a single API call on your server. We provide copy-paste examples for HTML, React, Vue and Laravel in the docs.

Ship bot protection your users never notice

We're in private beta. Request an invite and be among the first to add one script tag and start blocking automated submissions.

No credit card required · Free tier forever