This page will call the /block-captcha-test API endpoint which is configured to ALWAYS show a CAPTCHA.
Expected Behavior:
WAF should return HTTP 405 (Method Not Allowed) indicating CAPTCHA is required
The AWS WAF CAPTCHA widget should be rendered by the SDK
After completing CAPTCHA, a valid token is obtained
Subsequent requests with the token should succeed (within immunity time: 5 min)
💡 Note: If you already have a valid token from the home page, the CAPTCHA won't appear.
Use the "Clear Token & Test CAPTCHA" button to force CAPTCHA rendering.