FCaptcha Demo - WebDecoy

Checkbox Mode Interactive

Classic "I'm not a robot" checkbox that analyzes mouse movements, click behavior, and environmental signals. Just like Cloudflare Turnstile or reCAPTCHA v2.

        // HTML
<div id="captcha"></div>

// JavaScript
const widgetId = FCaptcha.render('captcha', {
  siteKey: 'your-site-key',
  theme: 'dark',
  callback: (token) => {
    console.log('Verified!', token);
  }
});
      

Invisible Mode Zero-Click

Like reCAPTCHA v3 - runs silently in the background, scoring user behavior without any visible widget. Perfect for frictionless protection.

        // Initialize invisible protection on page load
const session = FCaptcha.invisible({
  siteKey: 'your-site-key',
  autoScore: true  // Auto-protect all forms
});

// Or manually execute for specific actions
const result = await FCaptcha.execute('your-site-key', {
  action: 'login'
});

if (result.score < 0.5) {
  // Likely human, proceed
}
      

Server-Side Verification

Always verify tokens on your backend. Never trust client-side scores alone.

          import "net/http"

func verifyHandler(w http.ResponseWriter, r *http.Request) {
    token := r.FormValue("fcaptcha_token")

    resp, _ := http.Post(
        "https://your-server/api/token/verify",
        "application/json",
        strings.NewReader(fmt.Sprintf(
            `{"token": "%s", "secret": "%s"}`,
            token, os.Getenv("FCAPTCHA_SECRET"),
        )),
    )

    var result map[string]interface{}
    json.NewDecoder(resp.Body).Decode(&result)

    if result["valid"].(bool) && result["score"].(float64) < 0.5 {
        // Request is valid
    }
}
        

          const verifyToken = async (token) => {
  const response = await fetch('https://your-server/api/token/verify', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      token: token,
      secret: process.env.FCAPTCHA_SECRET
    })
  });

  const result = await response.json();

  if (result.valid && result.score < 0.5) {
    // Request is valid
  }
};
        

          import requests
import os

def verify_token(token):
    response = requests.post(
        'https://your-server/api/token/verify',
        json={
            'token': token,
            'secret': os.environ['FCAPTCHA_SECRET']
        }
    )

    result = response.json()

    if result['valid'] and result['score'] < 0.5:
        # Request is valid
        return True
        

          curl -X POST https://captcha.edvanz.de/api/token/verify \
  -H "Content-Type: application/json" \
  -d '{"token": "TOKEN_HERE", "secret": "YOUR_SECRET"}'
        

What It Detects

FCaptcha analyzes 40+ signals across multiple categories:

Vision AI Agents

GPT-4V, Claude, and other screenshot-based automation

Headless Browsers

Puppeteer, Playwright, Selenium, PhantomJS

Automation Frameworks

WebDriver, Cypress, Nightmare, custom bots

CAPTCHA Farms

Unusual timing patterns from human solving services

Behavioral Anomalies

Scripted movements, inhuman timing, no micro-tremor

Fingerprint Abuse

Same fingerprint from many IPs, or many fingerprints from one IP

F***Captcha

Checkbox Mode Interactive

Invisible Mode Zero-Click

Server-Side Verification

What It Detects