Traces hCaptcha end to end: the sitekey and api.js widget, the getcaptcha challenge fetch, the hsw proof-of-work stamp, the h-captcha-response passcode redeemed at siteverify, and the Privacy Pass token path.
Traces proof-of-work as an anti-bot primitive: the asymmetric-cost idea from Hashcash, how Kasada, hCaptcha, Anubis, and mCaptcha apply it, the economics of the tax, and where native solvers break it.
Traces how Anubis gates HTTP requests behind a browser-solved SHA-256 proof-of-work puzzle: the challenge construction, the JWT cookie, the Mozilla heuristic, the FOSS adoption wave, and why native solvers undercut it.