Privacy-first CAPTCHA.
Zero friction for real humans.
Stop bots without feeding Google. Proof-of-work verification runs silently in the browser — no image puzzles, no cookies, no data shared with third parties.
Contact Us
requestguard.com
Why switch
Everything reCAPTCHA does wrong. Fixed.
No Google, no ads
reCAPTCHA feeds your users' behavior into Google's ad targeting. RequestGuard CAPTCHA sends zero data to Google or any third-party ad network.
No image puzzles
Selecting fire hydrants is friction for real users and solvable by modern AI. Proof-of-work is invisible to humans and genuinely hard for bots.
GDPR & privacy-compliant
No cookies, no fingerprinting, no personal data processed. The CAPTCHA challenge is cryptographic — it does not identify or track individual users.
One line of code
Drop in the SDK and add one function call. No dashboard registration, no domain allowlist, no API key. It just works from the first request.
How it works
Proof-of-work. Solved in milliseconds.
Browser receives a challenge
When the user loads your form, the widget fetches a cryptographic challenge from RequestGuard — a set of mathematical puzzles tuned to take only a few milliseconds.
JS solves it silently
The browser's JS engine runs the proof-of-work in a background thread. Real users never see a puzzle. Bots incur CPU cost that makes mass-submission economically infeasible.
A short-lived token is returned
Solutions are exchanged for a signed, single-use verification token. Your form submits the token, and you can optionally verify it server-side in one API call.
Integration
Drop in. Done.
Install the SDK or paste a script tag. The CAPTCHA widget handles the challenge, verification, and token lifecycle automatically. No configuration, no dashboard.
// bun add @requestguard/js
import RequestGuard from "@requestguard/js";
RequestGuard.captcha({
el: ".rg-captcha",
onVerify: (result) => {
submitBtn.disabled = !result.success;
}
});<script src="https://requestguard.com/js/captcha.js"></script>
<div class="rg-captcha"></div>
<script>
RequestGuard.captcha({
el: ".rg-captcha",
onVerify: (r) => {
btn.disabled = !r.success;
}
});
</script>POST /api/captcha/siteverify
{ "response": "<token-from-client>" }
// Response:
{ "success": true, "challenge_ts": "2026-05-18T..." }Capabilities
Everything you need. Nothing you don't.
Invisible mode
Run verification silently in the background without showing any widget. Ideal for forms where you want zero visual change — protection is completely transparent to the user.
Dark & light themes
The widget auto-detects the OS color scheme and applies the right theme. Override to force light or dark, or listen for system preference changes in real time.
Server-side token verification
Receive a short-lived, single-use token on the client. Optionally POST it to /api/captcha/siteverify on your backend to guarantee the token is valid before processing the form.
Zero-config setup
No dashboard, no domain registration, no API key. Sites are automatically tracked by origin. Rate limiting is applied per IP per site automatically.
Single-use, expiring tokens
Tokens expire in ~20 minutes and are consumed on first use. Replay attacks and token sharing are blocked by design — no extra configuration needed.
Built-in rate limiting
Each site gets a rate limit window (60 requests / 60 seconds per IP by default). Abusive clients are rejected before a challenge is even issued.
Stop bots. Protect users. Keep your data yours.
No credit card. No Google. No image puzzles. Get up and running in under five minutes.