diff --git a/docker-compose.yml b/docker-compose.yml
index b517855..890b369 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -24,8 +24,11 @@ services:
       - ./haproxy/js/:/var/www/js/
       - ./haproxy/html/maintenance.html:/var/www/html/maintenance.html
     environment:
-      - RECAPTCHA_SECRET=6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
-      - RECAPTCHA_SITEKEY=6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
+      # These are the hcaptcha and recaptcha test keys, not leaking any dont worry :^)
+      - HCAPTCHA_SITEKEY=20000000-ffff-ffff-ffff-000000000002
+      - HCAPTCHA_SECRET=0x0000000000000000000000000000000000000000
+      #- RECAPTCHA_SECRET=6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
+      #- RECAPTCHA_SITEKEY=6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
       - CAPTCHA_COOKIE_SECRET=changeme
       - POW_COOKIE_SECRET=changeme
       - HMAC_COOKIE_SECRET=changeme
diff --git a/haproxy/js/challenge.js b/haproxy/js/challenge.js
index 954c26e..651d257 100644
--- a/haproxy/js/challenge.js
+++ b/haproxy/js/challenge.js
@@ -1,51 +1,83 @@
+function finishRedirect() {
+	window.location=location.search.slice(1)+location.hash || "/";
+}
+
 function finishPow(combined, answer) {
 	document.cookie='z_ddos_pow='+combined+'#'+answer+';expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; SameSite=Strict; '+(location.protocol==='https:'?'Secure=true; ':'');
-	const submitButton = document.querySelector('input[type=submit]')
-	if (submitButton) {
-		//button is shown only if captcha is enabled
-		submitButton.disabled = false;
-		submitButton.value = 'Submit';
-	} else {
-		window.location=location.search.slice(1)+location.hash || "/";
+	const hasCaptchaForm = document.querySelector('form');
+	if (!hasCaptchaForm) {
+		finishRedirect();
 	}
 }
 
-const combined = document.querySelector('[data-pow]').dataset.pow;
-const [_userkey, challenge, _signature] = combined.split("#");
-const start = Date.now();
-if (window.Worker && crypto.subtle) {
-	const threads = Math.min(4,Math.ceil(window.navigator.hardwareConcurrency/2));
-	let finished = false;
-	const messageHandler = (e) => {
-		if (finished) { return; }
-		finished = true;
-		workers.forEach(w => w.terminate());
-		const [workerId, answer] = e.data;
-		console.log('Worker', workerId, 'returned answer', answer, 'in', Date.now()-start+'ms');
-		const dummyTime = 5000 - (Date.now()-start);
-		window.setTimeout(() => finishPow(combined, answer), dummyTime);
-	}
-	const workers = [];
-	for (let i = 0; i < threads; i++) {
-		const shaWorker = new Worker('/js/worker.js');
-		shaWorker.onmessage = messageHandler;
-		workers.push(shaWorker);
-	}
-	workers.forEach((w, i) => w.postMessage([challenge, i, threads]));
-} else {
-	console.warn('No webworker or crypto.subtle support, using legacy method in main/UI thread!');
-	function sha256(ascii){function rightRotate(value,amount){return(value>>>amount)|(value<<(32-amount))};var mathPow=Math.pow;var maxWord=mathPow(2,32);var lengthProperty='length';var i,j;var result='';var words=[];var asciiBitLength=ascii[lengthProperty]*8;var hash=sha256.h=sha256.h||[];var k=sha256.k=sha256.k||[];var primeCounter=k[lengthProperty];var isComposite={};for(var candidate=2;primeCounter<64;candidate+=1){if(!isComposite[candidate]){for(i=0;i<313;i+=candidate){isComposite[i]=candidate}hash[primeCounter]=(mathPow(candidate,.5)*maxWord)|0;k[primeCounter++]=(mathPow(candidate,1/3)*maxWord)|0}}ascii+='\x80';while(ascii[lengthProperty]%64-56){ascii+='\x00';}for(i=0;i<ascii[lengthProperty];i+=1){j=ascii.charCodeAt(i);if(j>>8){return;}words[i>>2]|=j<<((3-i)%4)*8}words[words[lengthProperty]]=((asciiBitLength/maxWord)|0);words[words[lengthProperty]]=(asciiBitLength);for(j=0;j<words[lengthProperty];){var w=words.slice(j,j+=16);var oldHash=hash;hash=hash.slice(0,8);for(i=0;i<64;i+=1){var i2=i+j;var w15=w[i-15],w2=w[i-2];var a=hash[0],e=hash[4];var temp1=hash[7]+(rightRotate(e,6)^rightRotate(e,11)^rightRotate(e,25))+((e&hash[5])^((~e)&hash[6]))+k[i]+(w[i]=(i<16)?w[i]:(w[i-16]+(rightRotate(w15,7)^rightRotate(w15,18)^(w15>>>3))+w[i-7]+(rightRotate(w2,17)^rightRotate(w2,19)^(w2>>>10)))|0);var temp2=(rightRotate(a,2)^rightRotate(a,13)^rightRotate(a,22))+((a&hash[1])^(a&hash[2])^(hash[1]&hash[2]));hash=[(temp1+temp2)|0].concat(hash);hash[4]=(hash[4]+temp1)|0}for(i=0;i<8;i+=1){hash[i]=(hash[i]+oldHash[i])|0}}for(i=0;i<8;i+=1){for(j=3;j+1;j-=1){var b=(hash[i]>>(j*8))&255;result+=((b<16)?0:'')+b.toString(16)}}return result}
-	const challengeIndex = parseInt(challenge[0], 16)*2;
-	let i = 0
-		, result;
-	while(true) {
-		result = sha256(challenge+i);
-		if (result.substring(challengeIndex, challengeIndex+4) === '0041'){
-			console.log('Main thread found solution:', i, result);
-			break;
+const powFinished = new Promise((resolve, reject) => {
+	window.addEventListener('DOMContentLoaded', (event) => {
+		const combined = document.querySelector('[data-pow]').dataset.pow;
+		const [_userkey, challenge, _signature] = combined.split("#");
+		const start = Date.now();
+		if (window.Worker && crypto.subtle) {
+			const threads = Math.min(4,Math.ceil(window.navigator.hardwareConcurrency/2));
+			let finished = false;
+			const messageHandler = (e) => {
+				if (finished) { return; }
+				finished = true;
+				workers.forEach(w => w.terminate());
+				const [workerId, answer] = e.data;
+				console.log('Worker', workerId, 'returned answer', answer, 'in', Date.now()-start+'ms');
+				const dummyTime = 5000 - (Date.now()-start);
+				window.setTimeout(() => {
+					finishPow(combined, answer);
+					resolve();
+				}, dummyTime);
+			}
+			const workers = [];
+			for (let i = 0; i < threads; i++) {
+				const shaWorker = new Worker('/js/worker.js');
+				shaWorker.onmessage = messageHandler;
+				workers.push(shaWorker);
+			}
+			workers.forEach((w, i) => w.postMessage([challenge, i, threads]));
+		} else {
+			console.warn('No webworker or crypto.subtle support, using legacy method in main/UI thread!');
+			function sha256(ascii){function rightRotate(value,amount){return(value>>>amount)|(value<<(32-amount))};var mathPow=Math.pow;var maxWord=mathPow(2,32);var lengthProperty='length';var i,j;var result='';var words=[];var asciiBitLength=ascii[lengthProperty]*8;var hash=sha256.h=sha256.h||[];var k=sha256.k=sha256.k||[];var primeCounter=k[lengthProperty];var isComposite={};for(var candidate=2;primeCounter<64;candidate+=1){if(!isComposite[candidate]){for(i=0;i<313;i+=candidate){isComposite[i]=candidate}hash[primeCounter]=(mathPow(candidate,.5)*maxWord)|0;k[primeCounter++]=(mathPow(candidate,1/3)*maxWord)|0}}ascii+='\x80';while(ascii[lengthProperty]%64-56){ascii+='\x00';}for(i=0;i<ascii[lengthProperty];i+=1){j=ascii.charCodeAt(i);if(j>>8){return;}words[i>>2]|=j<<((3-i)%4)*8}words[words[lengthProperty]]=((asciiBitLength/maxWord)|0);words[words[lengthProperty]]=(asciiBitLength);for(j=0;j<words[lengthProperty];){var w=words.slice(j,j+=16);var oldHash=hash;hash=hash.slice(0,8);for(i=0;i<64;i+=1){var i2=i+j;var w15=w[i-15],w2=w[i-2];var a=hash[0],e=hash[4];var temp1=hash[7]+(rightRotate(e,6)^rightRotate(e,11)^rightRotate(e,25))+((e&hash[5])^((~e)&hash[6]))+k[i]+(w[i]=(i<16)?w[i]:(w[i-16]+(rightRotate(w15,7)^rightRotate(w15,18)^(w15>>>3))+w[i-7]+(rightRotate(w2,17)^rightRotate(w2,19)^(w2>>>10)))|0);var temp2=(rightRotate(a,2)^rightRotate(a,13)^rightRotate(a,22))+((a&hash[1])^(a&hash[2])^(hash[1]&hash[2]));hash=[(temp1+temp2)|0].concat(hash);hash[4]=(hash[4]+temp1)|0}for(i=0;i<8;i+=1){hash[i]=(hash[i]+oldHash[i])|0}}for(i=0;i<8;i+=1){for(j=3;j+1;j-=1){var b=(hash[i]>>(j*8))&255;result+=((b<16)?0:'')+b.toString(16)}}return result}
+			const challengeIndex = parseInt(challenge[0], 16)*2;
+			let i = 0
+				, result;
+			while(true) {
+				result = sha256(challenge+i);
+				if (result.substring(challengeIndex, challengeIndex+4) === '0041'){
+					console.log('Main thread found solution:', i, result);
+					break;
+				}
+				++i;
+			}
+			const dummyTime = 5000 - (Date.now()-start);
+			window.setTimeout(() => {
+				finishPow(combined, i);
+				resolve();
+			}, dummyTime);
 		}
-		++i;
-	}
-	const dummyTime = 5000 - (Date.now()-start);
-	window.setTimeout(() => finishPow(combined, i), dummyTime);
+	});
+});
+
+function onCaptchaSubmit(callback) {
+	const captchaElem = document.querySelector('[data-sitekey]');
+	captchaElem.insertAdjacentHTML('afterend', `<div class="lds-ring"><div></div><div></div><div></div><div></div></div>`);
+	captchaElem.remove();
+	powFinished.then(() => {
+		fetch('/bot-check', {
+			method: 'POST',
+			headers: {
+			  'Content-Type': 'application/x-www-form-urlencoded',
+			},
+			body: new URLSearchParams({
+				'h-captcha-response': callback,
+				'g-recaptcha-response': callback,
+			}),
+			redirect: 'manual',
+		}).then(res => {
+			finishRedirect();
+		})
+	});
 }
+
diff --git a/src/scripts/hcaptcha.lua b/src/scripts/hcaptcha.lua
index a465ff2..754a40b 100644
--- a/src/scripts/hcaptcha.lua
+++ b/src/scripts/hcaptcha.lua
@@ -88,6 +88,7 @@ local body_template = [[
 		<noscript>
 			<style>.jsonly{display:none}</style>
 		</noscript>
+		<script src="/js/challenge.js"></script>
 	</head>
 	<body data-pow="%s">
 		%s
@@ -102,7 +103,6 @@ local body_template = [[
 			<p>Security and Performance by <a href="https://gitgud.io/fatchan/haproxy-protection/">haproxy-protection</a></p>
 			<p>Vey ID: <code>%s</code></p>
 		</footer>
-		<script src="/js/challenge.js"></script>
 	</body>
 </html>
 ]]
@@ -146,9 +146,8 @@ local captcha_section_template = [[
 			Please solve the captcha to continue.
 		</h3>
 		<form class="jsonly" method="POST">
-			<div class="%s" data-sitekey="%s"></div>
+			<div class="%s" data-sitekey="%s" data-callback="onCaptchaSubmit"></div>
 			<script src="%s" async defer></script>
-			<input type="submit" value="Calculating proof of work..." disabled>
 		</form>
 ]]