Join waitlist
Back to products
Cap

Cap

A lightweight, modern open-source captcha

Website capjs.js.org
Overview

What it is

Cap is a fast, lightweight, and modern open-source CAPTCHA alternative based on SHA-256 proof-of-work (PoW). It’s 250x smaller than hCaptcha, privacy-focused, fully customizable, and easy to self-host. Cap helps prevent spam and abuse without tracking users, making it ideal for privacy-conscious developers. Built for speed and simplicity, Cap is perfect for modern web apps, forms, and APIs that need secure, lightweight human verification.

Intent

I need it when

Protect APIs and forms without user interaction

Cap supports headless browser detection and no-interaction mode, allowing silent challenge solving ideal for API endpoints and automated form submissions while maintaining bot protection.

Audit and control bot protection code for security compliance

Cap is Apache 2.0 open-source, fully auditable, and self-hosted on your infrastructure. You own the code, can fork it, and avoid vendor lock-in or unexpected service changes.

Replace reCAPTCHA while maintaining privacy and avoiding Google tracking

Cap is a self-hosted, privacy-first CAPTCHA alternative that eliminates third-party data sharing. It uses proof-of-work and browser instrumentation instead of visual puzzles, keeps all user data on your servers, and is GDPR/CCPA compliant with zero telemetry.

Minimize CAPTCHA infrastructure costs at scale

Cap runs on a $5 VPS for most sites with no per-request fees, API quotas, or egress charges to third parties. Costs scale with your infrastructure, not usage volume.

Reduce CAPTCHA bundle size and page load impact

Cap's ~20kb footprint is 250x smaller than hCaptcha and loads in milliseconds with zero dependencies. It runs silently in the background without visual puzzles, improving user experience and site performance.

Drop

Not a fit when

  • You require a fully managed, zero-infrastructure CAPTCHA service without self-hosting responsibility
  • You need vendor-provided analytics dashboards and real-time abuse reporting through a third-party platform
  • Your compliance requirements mandate data processing by a US-based SaaS provider rather than self-hosted infrastructure
  • You lack technical expertise to deploy and maintain a Docker container on your own servers
  • You require visual puzzle-based CAPTCHA challenges for accessibility or user preference reasons
Commercials

Pricing

Free, open-source self-hosted CAPTCHA. No per-request fees. Infrastructure costs only (e.g., $5 VPS for most sites).