Borrowed from cryptocurrency, proof-of-work (PoW) in web security asks the client's browser to find a value that, when hashed with a server-provided nonce, produces a hash below a target difficulty. The computation is easy for a single browser tab but becomes expensive at scale — running millions of parallel requests requires proportional CPU, which raises the attacker's cost.
Anti-bot providers embed PoW challenges in JavaScript that runs before the page renders. The browser solves the puzzle in a web worker, submits the solution, and receives a signed token. The token is then included in subsequent requests as proof that the client paid the computational cost.
For scrapers, PoW is a significant obstacle because it requires executing arbitrary JavaScript with access to cryptographic APIs. Simple HTTP clients cannot participate. Browser-based scrapers can solve PoW challenges but at slower throughput — each request carries a minimum latency determined by the challenge difficulty.