Features Demo How it works Plans Docs Help
Start free Log in

Privacy-first abuse protection for modern forms

Know when to trust, challenge, or block traffic.

HumanProof combines a fast proof-of-work CAPTCHA with automatic widget context, server-side risk scoring, observe/enforce modes, and clear allow, challenge, or block decisions.

Create free account Try the demo View integration guide
Free tier
100
protected attempts
Setup
5 min
to first widget
Decisions
A/C/B
allow, challenge, block

Decision console

Risk score

Decision

Allow
Challenge
Block
Observe

Built for teams protecting forms, signups, and product flows

Alpina
Koqoon
Metabion
Moxa
MSG
Tuleap
Zicero
Alpina
Koqoon
Metabion
Moxa
MSG
Tuleap
Zicero

Capability stack

One integration, multiple protection layers.

Start by stopping spam on the forms that hurt today. As traffic grows, HumanProof adds risk signals, policy controls, APIs, and dashboard evidence around the same integration.

Challenge service

Show users a calm verification state when it helps conversion.

The default widget makes protection understandable: ready, verifying, verified, or blocked. It fits contact forms, account creation, and flows where visible reassurance helps visitors continue.

Visible status
Server token
Brandable UI
Plan-aware usage
Verify you are human Calculating proof Verified Bot traffic blocked

Low-friction challenge modes

Move verification into the background when the flow needs less UI.

Compact mode shows a small trust badge. Invisible mode keeps verification out of sight until your policy needs stronger proof.

Compact

Protected HumanProof
Verifying HumanProof
Verified HumanProof
Blocked HumanProof

Small enough for dense forms, visible enough for user trust.

Invisible

const token = await humanProof.solve({
mode: 'invisible'
});

Useful for trusted flows that should only escalate when signals change.

Risk intelligence

Explain why an attempt looks human, risky, or abusive.

The long-term value is not another checkbox. It is a signal layer that combines reputation, network context, browser behavior, interaction quality, and repeat patterns.

Signal profile

score 72
Email reputation new disposable pattern
Network context hosting ASN + VPN signal
Interaction quality fast completion
Repeat pattern similar attempts on this domain

Decision engine

Apply the right amount of friction per project, not one global CAPTCHA rule.

Allow

Trusted attempts pass.

Challenge

Uncertain attempts solve proof-of-work.

Block

Known abuse stops early.

Observe

Measure first, enforce later.

Project preset
Observe Balanced Strict

Developer APIs

Use HumanProof where decisions happen, not only where widgets render.

Start with token verification. Add scores, reason codes, and event data when your backend needs more context for sensitive actions.

POST /api/verify
POST /api/score
POST /api/email-reputation
POST /api/events
POST /api/decision
response.decision challenge
response.reasons 3 signals

Decision dashboard

Give operators evidence, not mystery scores.

The dashboard should show decisions by project, score distribution, signal reasons, threshold presets, usage, and audit history so teams can tune without guessing.

Allowed

1,842

30 days

Challenged

418

30 days

Blocked

96

30 days
Recent decision Lead form
Reasonhosting ASN + disposable email
OutcomeChallenge

Beyond another CAPTCHA

HumanProof is the decision layer behind your forms.

The widget is only the visible control. Behind it, HumanProof is designed to combine challenge verification, email and network reputation, browser signals, abuse patterns, and project-level policy decisions.

Proof-of-work verification

Replace image puzzles with a lightweight proof-of-work check that keeps normal visitors moving.

Risk intelligence

Score email reputation, IP and ASN context, hosting and VPN signals, browser behavior, interaction quality, and repeat abuse patterns.

Decision engine

Route each attempt through allow, challenge, block, or observe-only decisions with per-project threshold presets.

Developer APIs

Verify tokens first. Add score, email reputation, events, and decision endpoints when your backend needs more context.

Project-level controls

Manage site keys, backend secrets, allowed domains, usage limits, risk modes, and enforcement state per project.

Dashboard visibility

See what is being challenged, blocked, allowed, and observed so operators can tune protection without guessing.

Security and privacy

Trust controls teams can explain.

HumanProof is built around domain-bound projects, server-side verification, and operational visibility instead of opaque user tracking.

EU-hosted control plane

Account, project, and billing operations stay in the European application environment.

No ad tracking

The challenge layer is not designed around advertising profiles or cross-site marketing identity.

Domain-bound keys

Challenge requests are checked against configured production and testing origins.

Server-side verification

Forms should only be accepted after your backend validates the HumanProof token.

Usage limits

Plans include protected attempt limits, billing state checks, and upgrade paths before abuse pressure surprises teams.

Audit-friendly activity

Project actions, setup state, and protection changes are visible for operators and support teams.

Production forms

Fits the flows that usually attract abuse.

Protect simple forms with visible proof-of-work, then move high-value flows toward background checks, risk presets, and backend decisions.

Contact forms

Reduce automated spam without sending visitors through puzzle-heavy flows.

Signup and waitlists

Challenge suspicious account creation while keeping normal users moving.

Lead-gen pages

Protect paid traffic and agency landing pages from low-quality automated submissions.

Checkout and trials

Add friction when behavior, velocity, or reputation suggests abuse risk.

Account recovery

Place extra proof in front of flows attackers repeatedly test.

Client project portfolios

Agencies can separate domains, keys, usage, and reporting by protected project.

How it works

Protect the first form in three concrete steps.

Keep your existing form. Add the widget with explicit data attributes, verify the submitted token on your backend, and use the dashboard only for keys, domains, limits, and decision tuning.

1

Create a protected site

Add the production domain. HumanProof gives you a public site key for the browser and a backend secret for your server.

2

Paste the widget into the form

Use data-api-endpoint, data-variant, and data-trigger in the markup so the integration is readable at a glance.

3

Verify before your action runs

Read humanproof-token on the server, call siteverify with the backend secret, and continue only on success.

The implementation shape

HumanProof is a browser widget plus a server-side gate. The widget state never replaces backend verification.

Server verified
01

Browser form

Contains human-proof

02

Widget challenge

Writes humanproof-token

03

Your backend

Calls siteverify

04

Protected action

Runs only after success

Start simple

The first release only needs the hosted widget, a visible trigger, and one backend verification call.

Add later when you need more control

Compact or invisible variants, interaction triggers, stricter presets, agency allocation, and decision history all build on the same site key.

Decision dashboard

See the decision, the evidence, and the next action.

The dashboard turns verification activity into a clear operating view: project health, risk evidence, team controls, and developer handoff all stay connected.

Live preview

Workspace overview

Project posture

Review domains, keys, status, usage, challenge health, and decision mode from one project workspace.

Healthy

Verified

98.7%

Current

Protected attempts

6,384

Current

Usage remaining

74%

Current

Project readiness

4/4

Production domain
Site key issued
Backend secret stored
Widget installed

Domain posture

Production domain

Active

example.com

Decision mode

Learning

Observe first

Monthly usage

26%

6,384 / 25,000

Live preview

Evidence trail

Risk and decision history

Trace recent attempts by score, reason, outcome, domain, email signal, IP context, and enforcement mode.

Challenge

Active investigation

72

Risk score

hosting ASN VPN signal Disposable email Fast submit

Recent attempts

Challenge
Lead form 72 Challenge
Signup 18 Allow
Password reset 94 Block
Newsletter 46 Observe
Live preview

Operations

Team controls

Manage members, projects, audit events, usage, billing state, and support diagnostics without leaking operator tools.

Controlled

Members and roles

Security team

Full access

Owner

Engineering

Keys and logs

Developer

Support

Read only

Viewer

Audit trail

Domain updated

2m ago

Secret rotated

2m ago

Plan changed

2m ago

Billing state

Starter yearly

Traffic continues for 18 more days.

Live preview

Integration assets

Developer handoff

Copy sitekeys, widget snippets, verification examples, event reporting examples, and decision endpoint docs from the project view.

Ready

Integration snippets

Ready

<human-proof

data-api-endpoint="/api/captcha/site_..."

data-trigger="interaction"

></human-proof>

// Verify before accepting

POST /siteverify token=hp_...

Widget snippet

Copy from the project view

Copy

Backend verify

Use the secret on your server

Copy

Event reporting

Attach context after submit

Copy

Comparison

One decision layer across the signals teams already need.

CAPTCHA, widget behavior, form context, request headers, email signals, and recent project history each solve a piece of abuse protection. HumanProof connects them into one explainable decision flow.

Comparison focus

Signal coverage

Combine browser, network, email, and traffic patterns.

Friction control

Use CAPTCHA only when policy needs more proof.

Decision orchestration

Route attempts through allow, challenge, block, or observe.

HumanProof

One place to decide what each attempt deserves.

Decision layer

Instead of wiring separate security products into every form, HumanProof brings signals, policy, and evidence into one decision layer for each protected project.

Fingerprinting and behavior signals
IP, velocity, and rate controls
Email reputation and CAPTCHA
Dashboard evidence and audit logs
Try the decision demo Read abuse decision docs

CAPTCHA

Useful when more proof is needed, but too blunt as the only decision point.

Fingerprinting and behavioral analysis

Powerful signals, but they need policy, consent awareness, and operator context.

IP, velocity, email, and rate controls

Strong backend controls, but usually scattered across rules, queues, and security tools.

Browser and behavior

Fingerprinting and behavioral analysis can help distinguish normal users, automation, repeat abuse, and suspicious interaction patterns.

Standalone tools often expose signals but leave policy and enforcement wiring to the product team.
Network and velocity

IP intelligence, ASN context, rate limiting, and velocity checks can identify bursts, hosting traffic, proxy patterns, and repeated attempts.

These controls are commonly split between infrastructure rules, backend code, and security dashboards.
Identity and proof

Email reputation and CAPTCHA can add friction only when the risk context suggests that more proof is needed.

CAPTCHA alone cannot explain whether an address, network, or traffic pattern should be trusted.
Policy and operations

HumanProof turns those signals into allow, challenge, block, or observe decisions with project-level evidence and audit history.

Without a decision layer, teams end up maintaining separate thresholds, logs, and exception paths.

FAQ

Questions teams ask before adding HumanProof.

Short answers for product, engineering, and operations teams evaluating HumanProof as a verification and abuse decision layer.

Open full FAQ

What does HumanProof do today?

HumanProof provides a managed proof-of-work CAPTCHA with project keys, domain controls, widget variants by plan, backend verification, abuse decision history, and dashboard usage visibility.

How do abuse decisions work?

The widget collects behavior and form context, the backend adds request and project-history signals, then HumanProof records allow, challenge, block, or observe recommendations.

Can I test before blocking traffic?

Yes. Observe mode records scores, reasons, and would-block decisions without enforcement. Enforce mode can block attempts that exceed the preset threshold.

Which developer APIs are planned?

Token verification is available now. Scores, reason codes, event reporting, and decision endpoints are the next layer for teams that want HumanProof inside backend risk flows.

Plans

Choose the protection level that fits your stage.

Use Free for demos and internal forms. Growth is the strongest production starting point, while Agency adds client management for teams protecting many customer sites.

Prices exclude VAT. Taxes may apply.

Free forever

Free

For demos, internal forms, and first integrations with the branded default widget.

1,000 protected attempts / month

1 project
Default visible variant only
HumanProof branded widget
1,000 protected attempts / month
No usage metrics
Community support
Start free

Starter

€9 / month

Billed yearly at €108 / year.

5,000 protected attempts / month

For low-traffic production sites that need unbranded widgets and compact form protection.

  • 2 projects
  • 5,000 protected attempts / month
  • 1 organization member
  • Basic usage metrics, 7-day history
  • Unbranded widget
  • Default and compact variants
Start Starter

Growth

Best value
€29 / month

Billed yearly at €348 / year.

15,000 protected attempts / month

Best value for growing businesses that need invisible CAPTCHA, risk signals, and protection presets.

  • 5 projects
  • 15,000 protected attempts / month
  • 5 organization members
  • Basic usage metrics, 14-day history
  • All widget variants
  • Risk signals
  • Protection presets
Start Growth

Business

€69 / month

Billed yearly at €828 / year.

100,000 protected attempts / month

For larger internal teams that need higher volume, longer history, and export-ready reporting.

  • 10 projects
  • 100,000 protected attempts / month
  • 10 organization members
  • Extended usage metrics, 30-day history
  • Export-ready reporting foundation
  • All widget variants
  • Risk signals
  • Protection presets
Start Business

Agency

For client management
€229 / month

Billed yearly at €2.748 / year.

250,000 protected attempts / month

For agencies, freelancers, and studios managing bot protection across multiple client websites.

  • 30 projects
  • Client accounts with attempt allocation
  • Client-ready reporting
  • 250,000 protected attempts / month
  • 20 organization members
  • Extended usage metrics, 60-day history
  • All widget variants
  • Risk signals
  • Protection presets
  • Agency onboarding support
Start Agency

Enterprise

Need custom volume, contracts, or support?

For high-volume teams, custom requirements, and individual commercial agreements.

  • Custom protected attempt volume
  • Custom project volume
  • Custom organization members
  • Extended metrics and exports
  • All widget variants
  • Risk signals
Contact sales

Protect your next form, then learn from every attempt.

Create a project, copy the snippet, verify server-side, and keep the path open for score, reputation, event, and decision APIs.

Create free account
Start free