I built Anubis-inspired PoW bot protection for static sites — no server needed

Anubis is great. If you haven't heard of it, it's a Proof-of-Work bot protection tool that forces every client — including headless browsers — to solve a CPU challenge before accessing your site. It's been blowing up lately, with major projects like GNOME and FFmpeg adopting it to fight AI scrapers. There's just one problem: Anubis requires a reverse proxy . That means if your site is on Cloudflare Pages, Netlify, Vercel, or GitHub Pages, you simply can't use it. I ran into this exact problem with my own blog. I wanted PoW protection, but I'm on Cloudflare Pages — no server, no reverse proxy, nothing. So I built Albireo . How it works Instead of a reverse proxy, Albireo runs entirely on edge functions : Cloudflare Pages → Pages Functions ( _middleware.ts ) Netlify → Netlify Edge Functions Vercel → Next.js Middleware ( middleware.ts ) When a request comes in, the edge function intercepts it and checks for a valid PoW token in the cookie. If there's no valid token, it serves a challenge