diff --git a/.env.example b/.env.example
index 04b120c..0037729 100644
--- a/.env.example
+++ b/.env.example
@@ -20,8 +20,9 @@ PTERO_API_KEY=change_me
 # Encryption key for sensitive data — Generate with: openssl rand -hex 32
 ENCRYPTION_KEY=change_me_to_a_random_hex_string
 
-# Cloudflare Turnstile
-TURNSTILE_SECRET=change_me
+# Cap CAPTCHA (self-hosted alternative to Turnstile)
+CAP_ENDPOINT=https://cap.zero-host.org/f6c8171b08/
+CAP_SECRET=change_me
 
 # Session & Cookie
 COOKIE_SECRET=change_me_to_a_random_string
diff --git a/config/cap.js b/config/cap.js
new file mode 100644
index 0000000..cb79d0f
--- /dev/null
+++ b/config/cap.js
@@ -0,0 +1,35 @@
+const CAP_SECRET = process.env.CAP_SECRET;
+const CAP_ENDPOINT = process.env.CAP_ENDPOINT;
+
+if (!CAP_SECRET) {
+  console.error('Missing CAP_SECRET environment variable');
+}
+
+if (!CAP_ENDPOINT) {
+  console.error('Missing CAP_ENDPOINT environment variable');
+}
+
+async function fetchWithTimeout(url, options = {}, timeout = 10000) {
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeout);
+  try {
+    return await fetch(url, { ...options, signal: controller.signal });
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+export async function verifyCap(token) {
+  if (!token) return false;
+  try {
+    const res = await fetchWithTimeout(`${CAP_ENDPOINT}siteverify`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ secret: CAP_SECRET, response: token }),
+    });
+    const data = await res.json();
+    return data.success === true;
+  } catch {
+    return false;
+  }
+}
diff --git a/config/turnstile.js b/config/turnstile.js
deleted file mode 100644
index e470372..0000000
--- a/config/turnstile.js
+++ /dev/null
@@ -1,30 +0,0 @@
-const TURNSTILE_SECRET = process.env.TURNSTILE_SECRET;
-
-if (!TURNSTILE_SECRET) {
-  console.error('Missing TURNSTILE_SECRET environment variable');
-}
-
-async function fetchWithTimeout(url, options = {}, timeout = 10000) {
-  const controller = new AbortController();
-  const timer = setTimeout(() => controller.abort(), timeout);
-  try {
-    return await fetch(url, { ...options, signal: controller.signal });
-  } finally {
-    clearTimeout(timer);
-  }
-}
-
-export async function verifyTurnstile(token) {
-  if (!token) return false;
-  try {
-    const res = await fetchWithTimeout('https://challenges.cloudflare.com/turnstile/v0/siteverify', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-      body: new URLSearchParams({ secret: TURNSTILE_SECRET, response: token }),
-    });
-    const data = await res.json();
-    return data.success === true;
-  } catch {
-    return false;
-  }
-}
diff --git a/package.json b/package.json
index d8631e5..7b80abf 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "zerohost-dashboard",
-  "version": "1.0.0",
+  "version": "0.9.7",
   "private": true,
   "type": "module",
   "scripts": {
diff --git a/public/css/style.css b/public/css/style.css
index ea0d304..f0f148c 100644
--- a/public/css/style.css
+++ b/public/css/style.css
@@ -5,24 +5,24 @@
 }
 
 :root {
-  --bg-primary: #060911;
-  --bg-secondary: #0d1117;
-  --bg-card: #0f1623;
-  --bg-card-hover: #141d2e;
-  --bg-sidebar: #0a0e1a;
-  --border: rgba(99, 102, 241, 0.15);
-  --border-hover: rgba(99, 102, 241, 0.4);
-  --accent-1: #6366f1;
-  --accent-2: #8b5cf6;
-  --accent-3: #a78bfa;
-  --accent-cyan: #22d3ee;
-  --accent-green: #10b981;
+  --bg-primary: #000;
+  --bg-secondary: #1c1917;
+  --bg-card: #1c1917;
+  --bg-card-hover: #292524;
+  --bg-sidebar: #0d0d0d;
+  --border: rgba(238, 129, 50, 0.15);
+  --border-hover: rgba(238, 129, 50, 0.3);
+  --accent-1: #ee8132;
+  --accent-2: #ee8132;
+  --accent-3: #ee8132;
+  --accent-cyan: #06b6d4;
+  --accent-green: #059669;
   --accent-red: #ef4444;
   --accent-orange: #f59e0b;
-  --text-primary: #f1f5f9;
-  --text-secondary: #94a3b8;
-  --text-muted: #475569;
-  --glow-primary: rgba(99, 102, 241, 0.35);
+  --text-primary: #f5f5f4;
+  --text-secondary: #a8a29e;
+  --text-muted: #78716c;
+  --glow-primary: rgba(238, 129, 50, 0.15);
   --radius-sm: 8px;
   --radius-md: 14px;
   --radius-lg: 20px;
@@ -31,9 +31,15 @@
   --sidebar-w: 260px;
 }
 
-html, body {
+html { height: 100%; }
+
+body, body * {
+  font-family: 'Schibsted Grotesk', system-ui, sans-serif;
+  font-weight: 400;
+}
+
+body {
   height: 100%;
-  font-family: 'Inter', system-ui, sans-serif;
   background: var(--bg-primary);
   color: var(--text-primary);
   line-height: 1.6;
@@ -53,19 +59,34 @@ a:hover { color: var(--accent-1); }
   display: flex;
   align-items: center;
   justify-content: center;
-  background: var(--bg-primary);
+  background: #000;
   position: relative;
   padding: 24px;
 }
 
 .auth-page::before {
   content: '';
-  position: absolute;
+  position: fixed;
   inset: 0;
-  background:
-    radial-gradient(ellipse 70% 55% at 50% -5%, rgba(99, 102, 241, 0.12) 0%, transparent 65%),
-    linear-gradient(180deg, transparent 40%, var(--bg-primary) 100%);
   pointer-events: none;
+  z-index: 0;
+  background-image:
+    linear-gradient(rgba(238, 129, 50, 0.05) 1px, transparent 1px),
+    linear-gradient(90deg, rgba(238, 129, 50, 0.05) 1px, transparent 1px);
+  background-size: 24px 24px;
+  mask-image: radial-gradient(ellipse 90% 80% at 50% 30%, black 30%, transparent 80%);
+  -webkit-mask-image: radial-gradient(ellipse 90% 80% at 50% 30%, black 30%, transparent 80%);
+}
+
+.auth-page::after {
+  content: '';
+  position: fixed;
+  inset: 0;
+  z-index: 0;
+  pointer-events: none;
+  background-image: url("data:image/svg+xml,%3Csvg viewBox='0 0 512 512' xmlns='http://www.w3.org/2000/svg'%3E%3Cfilter id='n'%3E%3CfeTurbulence type='fractalNoise' baseFrequency='0.75' numOctaves='4' stitchTiles='stitch'/%3E%3C/filter%3E%3Crect width='100%25' height='100%25' filter='url(%23n)' opacity='0.08'/%3E%3C/svg%3E");
+  background-repeat: repeat;
+  background-size: 512px 512px;
 }
 
 .auth-card {
@@ -134,7 +155,7 @@ a:hover { color: var(--accent-1); }
   border: 1px solid var(--border);
   border-radius: var(--radius-sm);
   color: var(--text-primary);
-  font-family: 'Inter', sans-serif;
+  font-family: 'Schibsted Grotesk', sans-serif;
   font-size: 0.95rem;
   transition: all var(--transition);
   outline: none;
@@ -142,7 +163,7 @@ a:hover { color: var(--accent-1); }
 
 .form-group input:focus, .form-group select:focus {
   border-color: var(--accent-1);
-  box-shadow: 0 0 0 3px rgba(99, 102, 241, 0.15);
+  box-shadow: 0 0 0 3px rgba(238, 129, 50, 0.15);
 }
 
 .form-group input::placeholder {
@@ -170,7 +191,7 @@ a:hover { color: var(--accent-1); }
   border: 1px solid var(--border);
   border-radius: var(--radius-sm);
   color: var(--text-primary);
-  font-family: 'Inter', sans-serif;
+  font-family: 'Schibsted Grotesk', sans-serif;
   font-size: 0.95rem;
   cursor: pointer;
   display: flex;
@@ -189,7 +210,7 @@ a:hover { color: var(--accent-1); }
 .custom-select-trigger:focus,
 .custom-select.open .custom-select-trigger {
   border-color: var(--accent-1);
-  box-shadow: 0 0 0 3px rgba(99, 102, 241, 0.15);
+  box-shadow: 0 0 0 3px rgba(238, 129, 50, 0.15);
 }
 
 .custom-select-arrow {
@@ -222,16 +243,18 @@ a:hover { color: var(--accent-1); }
 }
 
 .custom-select-option {
-  padding: 10px 16px;
+  padding: 10px 16px 10px 20px;
   font-size: 0.9rem;
   color: var(--text-secondary);
   cursor: pointer;
   transition: all var(--transition);
+  border-left: 2px solid transparent;
 }
 
 .custom-select-option:hover {
-  background: rgba(99, 102, 241, 0.08);
+  background: rgba(238, 129, 50, 0.08);
   color: var(--text-primary);
+  border-left-color: var(--accent-1);
 }
 
 .custom-select-option:first-child {
@@ -243,16 +266,20 @@ a:hover { color: var(--accent-1); }
 }
 
 .custom-select-category {
-  padding: 8px 16px 4px;
-  font-size: 0.7rem;
-  font-weight: 700;
+  padding: 14px 16px 6px;
+  font-size: 0.65rem;
+  font-weight: 800;
   text-transform: uppercase;
-  letter-spacing: 0.08em;
-  color: var(--text-muted);
+  letter-spacing: 0.12em;
+  color: var(--accent-1);
   cursor: default;
+  border-top: 1px solid rgba(238, 129, 50, 0.12);
+  margin-top: 6px;
 }
 
 .custom-select-category:first-child {
+  border-top: none;
+  margin-top: 0;
   padding-top: 12px;
 }
 
@@ -261,6 +288,21 @@ a:hover { color: var(--accent-1); }
   gap: 12px;
 }
 
+cap-widget {
+  display: block !important;
+  width: 100% !important;
+  min-width: 100% !important;
+  --cap-background: #1c1917;
+  --cap-color: #f5f5f4;
+  --cap-border-color: rgba(238, 129, 50, 0.15);
+  --cap-checkbox-border-radius: 8px;
+  --cap-border-radius: 8px;
+  --cap-checkbox-background: transparent;
+  --cap-spinner-color: #ee8132;
+  --cap-spinner-background-color: rgba(238, 129, 50, 0.1);
+  --cap-widget-width: 100%;
+}
+
 .form-row .form-group {
   flex: 1;
 }
@@ -270,7 +312,7 @@ a:hover { color: var(--accent-1); }
   align-items: center;
   justify-content: center;
   gap: 8px;
-  font-family: 'Inter', sans-serif;
+  font-family: 'Schibsted Grotesk', sans-serif;
   font-size: 0.9rem;
   font-weight: 600;
   border-radius: var(--radius-md);
@@ -283,15 +325,15 @@ a:hover { color: var(--accent-1); }
 }
 
 .btn-primary {
-  background: linear-gradient(135deg, var(--accent-1), var(--accent-2));
+  background: linear-gradient(180deg, #433b32 0%, #29241f 100%);
   color: #fff;
-  box-shadow: 0 4px 20px rgba(99, 102, 241, 0.4);
+  border: 1px solid rgba(255, 237, 217, 0.2);
 }
 
 .btn-primary:hover {
   color: #fff;
   transform: translateY(-2px);
-  box-shadow: 0 8px 32px rgba(99, 102, 241, 0.55);
+  border-color: rgba(238, 129, 50, 0.4);
 }
 
 .btn-primary:disabled {
@@ -309,7 +351,7 @@ a:hover { color: var(--accent-1); }
 .btn-ghost:hover {
   color: var(--text-primary);
   border-color: var(--border-hover);
-  background: rgba(99, 102, 241, 0.06);
+  background: rgba(238, 129, 50, 0.06);
 }
 
 .btn-danger {
@@ -377,6 +419,32 @@ a:hover { color: var(--accent-1); }
 .dashboard-layout {
   display: flex;
   min-height: 100vh;
+  position: relative;
+}
+
+.dashboard-layout::before {
+  content: '';
+  position: fixed;
+  inset: 0;
+  z-index: 0;
+  pointer-events: none;
+  background-image:
+    linear-gradient(rgba(238, 129, 50, 0.05) 1px, transparent 1px),
+    linear-gradient(90deg, rgba(238, 129, 50, 0.05) 1px, transparent 1px);
+  background-size: 24px 24px;
+  mask-image: radial-gradient(ellipse 90% 80% at 50% 30%, black 30%, transparent 80%);
+  -webkit-mask-image: radial-gradient(ellipse 90% 80% at 50% 30%, black 30%, transparent 80%);
+}
+
+.dashboard-layout::after {
+  content: '';
+  position: fixed;
+  inset: 0;
+  z-index: 0;
+  pointer-events: none;
+  background-image: url("data:image/svg+xml,%3Csvg viewBox='0 0 512 512' xmlns='http://www.w3.org/2000/svg'%3E%3Cfilter id='n'%3E%3CfeTurbulence type='fractalNoise' baseFrequency='0.75' numOctaves='4' stitchTiles='stitch'/%3E%3C/filter%3E%3Crect width='100%25' height='100%25' filter='url(%23n)' opacity='0.08'/%3E%3C/svg%3E");
+  background-repeat: repeat;
+  background-size: 512px 512px;
 }
 
 .sidebar {
@@ -393,6 +461,11 @@ a:hover { color: var(--accent-1); }
   transition: transform var(--transition);
 }
 
+.main-content {
+  position: relative;
+  z-index: 1;
+}
+
 .sidebar-header {
   padding: 20px 20px 16px;
   border-bottom: 1px solid var(--border);
@@ -453,12 +526,12 @@ a:hover { color: var(--accent-1); }
 
 .nav-item:hover {
   color: var(--text-primary);
-  background: rgba(99, 102, 241, 0.08);
+  background: rgba(238, 129, 50, 0.08);
 }
 
 .nav-item.active {
   color: var(--accent-1);
-  background: rgba(99, 102, 241, 0.12);
+  background: rgba(238, 129, 50, 0.12);
 }
 
 .nav-item svg {
@@ -483,7 +556,7 @@ a:hover { color: var(--accent-1); }
   width: 32px;
   height: 32px;
   border-radius: 50%;
-  background: linear-gradient(135deg, var(--accent-1), var(--accent-2));
+  background: var(--accent-1);
   display: flex;
   align-items: center;
   justify-content: center;
@@ -597,7 +670,7 @@ a:hover { color: var(--accent-1); }
   justify-content: center;
   margin-bottom: 16px;
   color: var(--accent-1);
-  background: rgba(99, 102, 241, 0.12);
+  background: rgba(238, 129, 50, 0.12);
 }
 
 .stat-value {
@@ -733,7 +806,7 @@ tbody tr:last-child td {
 }
 
 tbody tr:hover {
-  background: rgba(99, 102, 241, 0.04);
+  background: rgba(238, 129, 50, 0.04);
 }
 
 /* ===== TABS ===== */
@@ -866,7 +939,7 @@ tbody tr:hover {
   width: 56px;
   height: 56px;
   border-radius: 50%;
-  background: rgba(99, 102, 241, 0.1);
+  background: rgba(238, 129, 50, 0.1);
   display: flex;
   align-items: center;
   justify-content: center;
@@ -1254,13 +1327,57 @@ tbody tr:hover {
   gap: 10px;
 }
 
-.consent-group input[type="checkbox"] {
-  width: 18px;
-  height: 18px;
-  margin-top: 2px;
-  accent-color: var(--accent-1);
+.custom-checkbox {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  position: relative;
   cursor: pointer;
   flex-shrink: 0;
+  margin-top: 2px;
+}
+
+.custom-checkbox input[type="checkbox"] {
+  position: absolute;
+  opacity: 0;
+  width: 0;
+  height: 0;
+  pointer-events: none;
+}
+
+.custom-checkbox .checkmark {
+  width: 20px;
+  height: 20px;
+  border: 2px solid var(--text-secondary);
+  border-radius: 4px;
+  background: transparent;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  transition: all 0.2s ease;
+  flex-shrink: 0;
+  box-sizing: border-box;
+}
+
+.custom-checkbox input[type="checkbox"]:checked ~ .checkmark {
+  background: var(--accent-1);
+  border-color: var(--accent-1);
+}
+
+.custom-checkbox input[type="checkbox"]:checked ~ .checkmark::after {
+  content: '';
+  display: block;
+  width: 5px;
+  height: 9px;
+  border: solid #fff;
+  border-width: 0 2px 2px 0;
+  transform: rotate(45deg);
+  margin-top: -1px;
+}
+
+.custom-checkbox input[type="checkbox"]:focus-visible ~ .checkmark {
+  outline: 2px solid var(--accent-1);
+  outline-offset: 2px;
 }
 
 .consent-group label {
@@ -1275,4 +1392,60 @@ tbody tr:hover {
   text-decoration: underline;
 }
 
+.cap-modal-overlay {
+  position: fixed;
+  inset: 0;
+  z-index: 9999;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  backdrop-filter: blur(8px);
+  -webkit-backdrop-filter: blur(8px);
+  background: rgba(0, 0, 0, 0.5);
+  animation: capFadeIn 0.2s ease;
+}
+
+.cap-modal-overlay.cap-modal-fadeout {
+  animation: capFadeOut 0.3s ease forwards;
+}
+
+.cap-modal {
+  background: var(--bg-card);
+  border: 1px solid var(--border);
+  border-radius: 12px;
+  padding: 24px;
+  box-shadow: 0 20px 60px rgba(0, 0, 0, 0.5);
+  animation: capScaleIn 0.2s ease;
+}
+
+.cap-modal cap-widget {
+  display: block !important;
+  width: 300px !important;
+  min-width: unset !important;
+}
+
+.cap-modal-overlay.cap-modal-fadeout .cap-modal {
+  animation: capScaleOut 0.3s ease forwards;
+}
+
+@keyframes capFadeIn {
+  from { opacity: 0; }
+  to { opacity: 1; }
+}
+
+@keyframes capFadeOut {
+  from { opacity: 1; }
+  to { opacity: 0; }
+}
+
+@keyframes capScaleIn {
+  from { transform: scale(0.9); opacity: 0; }
+  to { transform: scale(1); opacity: 1; }
+}
+
+@keyframes capScaleOut {
+  from { transform: scale(1); opacity: 1; }
+  to { transform: scale(0.9); opacity: 0; }
+}
+
 
diff --git a/public/index.html b/public/index.html
index 7c1c6d6..251a4d3 100644
--- a/public/index.html
+++ b/public/index.html
@@ -7,9 +7,9 @@
   <link rel="icon" href="https://status.zero-host.org/upload/logo1.png?t=1781280015614" />
   <link rel="preconnect" href="https://fonts.googleapis.com" />
   <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
-  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800;900&family=JetBrains+Mono:wght@400;500;600&display=swap" rel="stylesheet" />
+  <link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:ital,wght@0,100..800;1,100..800&family=Schibsted+Grotesk:ital,wght@0,400..900;1,400..900&display=swap" rel="stylesheet" />
   <link rel="stylesheet" href="/css/style.css" />
-  <script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
+  <script src="https://cdn.jsdelivr.net/npm/cap-widget@latest"></script>
   <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3435983595130644" crossorigin="anonymous"></script>
 </head>
 <body>
diff --git a/public/js/app.js b/public/js/app.js
index d11f187..0e87ff3 100644
--- a/public/js/app.js
+++ b/public/js/app.js
@@ -24,7 +24,7 @@ function renderCookieBanner() {
   banner.innerHTML = `
     <div class="cookie-banner-text">
       <p>
-        We use cookies for authentication and security (Cloudflare Turnstile). No tracking or advertising cookies are used.
+        We use cookies for authentication and security (Cap). No tracking or advertising cookies are used.
         For more information, read our privacy policy.
       </p>
     </div>
@@ -150,28 +150,46 @@ function hideError(form) {
   if (errorEl) errorEl.classList.remove('show');
 }
 
-const turnstileWidgets = {};
-
-function initTurnstile(selector) {
-  const el = typeof selector === 'string' ? document.querySelector(selector) : selector;
-  if (!el) return;
-  const tryRender = () => {
-    if (typeof turnstile !== 'undefined') {
-      if (el.querySelector('iframe')) return;
-      const widgetId = turnstile.render(el, { sitekey: '0x4AAAAAADjivxHTaDDdYR8W', theme: 'dark' });
-      turnstileWidgets[selector] = widgetId;
-    } else {
-      setTimeout(tryRender, 200);
+
+
+function showCapModal() {
+  return new Promise((resolve) => {
+    if (!customElements.get('cap-widget')) {
+      resolve('');
+      return;
     }
-  };
-  tryRender();
-}
 
-function resetTurnstile(selector) {
-  const id = turnstileWidgets[selector];
-  if (typeof turnstile !== 'undefined' && id !== undefined) {
-    turnstile.reset(id);
-  }
+    const capApiEndpoint = 'https://cap.zero-host.org/f6c8171b08/';
+
+    const overlay = document.createElement('div');
+    overlay.className = 'cap-modal-overlay';
+
+    const modal = document.createElement('div');
+    modal.className = 'cap-modal';
+
+    const widget = document.createElement('cap-widget');
+    widget.setAttribute('data-cap-api-endpoint', capApiEndpoint);
+    widget.setAttribute('theme', 'dark');
+
+    modal.appendChild(widget);
+    overlay.appendChild(modal);
+    document.body.appendChild(overlay);
+
+    setTimeout(() => {
+      const check = setInterval(() => {
+        const hiddenInput = widget.querySelector('[name="cap-token"]');
+        const token = widget.token || (hiddenInput && hiddenInput.value) || '';
+        if (token) {
+          clearInterval(check);
+          overlay.classList.add('cap-modal-fadeout');
+          setTimeout(() => {
+            overlay.remove();
+            resolve(token);
+          }, 300);
+        }
+      }, 200);
+    }, 100);
+  });
 }
 
 // ===== AUTH PAGES =====
@@ -196,7 +214,6 @@ function renderLoginPage() {
             <label for="login-password">Password</label>
             <input type="password" id="login-password" placeholder="••••••••" required autocomplete="current-password" />
           </div>
-          <div id="login-turnstile" style="margin-bottom:20px"></div>
           <button type="submit" class="btn btn-primary btn-full" id="login-btn">
             Sign In
           </button>
@@ -210,7 +227,6 @@ function renderLoginPage() {
   `;
 
   $('#login-form').addEventListener('submit', handleLogin);
-  initTurnstile('#login-turnstile');
   $('#go-register').addEventListener('click', (e) => {
     e.preventDefault();
     renderRegisterPage();
@@ -243,12 +259,14 @@ function renderRegisterPage() {
             <input type="password" id="reg-password" placeholder="At least 8 characters" required autocomplete="new-password" />
           </div>
           <div class="consent-group">
-            <input type="checkbox" id="reg-rgpd-consent" required />
+            <label class="custom-checkbox">
+              <input type="checkbox" id="reg-rgpd-consent" required />
+              <span class="checkmark"></span>
+            </label>
             <label for="reg-rgpd-consent">
               I agree to the privacy policy and consent to the processing of my personal data (email, username, IP address) for account management purposes. <span style="color:var(--accent-red)">*</span>
             </label>
           </div>
-          <div id="register-turnstile" style="margin-bottom:20px"></div>
           <button type="submit" class="btn btn-primary btn-full" id="register-btn">
             Create Account
           </button>
@@ -262,7 +280,6 @@ function renderRegisterPage() {
   `;
 
   $('#register-form').addEventListener('submit', handleRegister);
-  initTurnstile('#register-turnstile');
   $('#go-login').addEventListener('click', (e) => {
     e.preventDefault();
     renderLoginPage();
@@ -277,13 +294,13 @@ async function handleLogin(e) {
   btn.innerHTML = '<span class="spinner"></span> Signing in...';
 
   try {
-    const turnstileToken = document.querySelector('#login-turnstile')?.querySelector('[name="cf-turnstile-response"]')?.value || '';
+    const capToken = await showCapModal();
     const data = await api('/auth/login', {
       method: 'POST',
       body: JSON.stringify({
         email: $('#login-email').value,
         password: $('#login-password').value,
-        cfTurnstile: turnstileToken,
+        capToken,
       }),
     });
     state.token = data.token;
@@ -293,7 +310,6 @@ async function handleLogin(e) {
     renderDashboard();
   } catch (err) {
     showError(e.target, err.message);
-    resetTurnstile('#login-turnstile');
   } finally {
     btn.disabled = false;
     btn.innerHTML = 'Sign In';
@@ -315,14 +331,14 @@ async function handleRegister(e) {
   btn.innerHTML = '<span class="spinner"></span> Creating...';
 
   try {
-    const turnstileToken = document.querySelector('#register-turnstile')?.querySelector('[name="cf-turnstile-response"]')?.value || '';
+    const capToken = await showCapModal();
     const data = await api('/auth/register', {
       method: 'POST',
       body: JSON.stringify({
         email: $('#reg-email').value,
         username: $('#reg-username').value,
         password: $('#reg-password').value,
-        cfTurnstile: turnstileToken,
+        capToken,
         rgpdConsent: true,
       }),
     });
@@ -333,7 +349,6 @@ async function handleRegister(e) {
     renderDashboard();
   } catch (err) {
     showError(e.target, err.message);
-    resetTurnstile('#register-turnstile');
   } finally {
     btn.disabled = false;
     btn.innerHTML = 'Create Account';
@@ -398,7 +413,7 @@ async function renderDashboard() {
           <div style="padding:8px 12px 0;display:flex;gap:16px;justify-content:center;flex-wrap:wrap">
 
           </div>
-          <div style="padding:4px 0 8px;text-align:center;font-size:0.7rem;color:var(--text-muted);letter-spacing:0.05em">v0.9.6 BETA</div>
+          <div style="padding:4px 0 8px;text-align:center;font-size:0.7rem;color:var(--text-muted);letter-spacing:0.05em">v0.9.7 BETA</div>
         </div>
       </aside>
 
@@ -755,7 +770,7 @@ async function renderCreateServer() {
           </div>
         </div>
         <div id="egg-variables"></div>
-        <div class="card" style="margin-top:20px;background:var(--bg-secondary)">
+        <div class="card" style="margin-top:20px;margin-bottom:24px;background:var(--bg-secondary)">
           <div style="font-size:0.85rem;color:var(--text-secondary);margin-bottom:8px">Default resources</div>
           <div style="display:flex;gap:16px;flex-wrap:wrap">
             <span class="server-detail-tag">512 MB RAM</span>
@@ -763,7 +778,9 @@ async function renderCreateServer() {
             <span class="server-detail-tag">3 GB Disk</span>
           </div>
         </div>
-        <div id="create-turnstile" style="margin-top:20px"></div>
+        <div style="width:100%">
+          <cap-widget data-cap-api-endpoint="https://cap.zero-host.org/f6c8171b08/" theme="dark"></cap-widget>
+        </div>
         <button type="submit" class="btn btn-primary btn-full" id="create-btn" style="margin-top:16px">
           <svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 5v14M5 12h14"/></svg>
           Create Server
@@ -782,13 +799,12 @@ async function renderCreateServer() {
     }
   });
   $('#create-server-form').addEventListener('submit', handleCreateServer);
-  initTurnstile('#create-turnstile');
 
   try {
     const data = await api('/servers/eggs');
     eggCache = data.eggs;
     const dropdown = $('#custom-egg-dropdown');
-    const nestLabels = { 5: 'Application', 6: 'Code' };
+    const nestLabels = { 5: 'Application', 6: 'Code', 7: 'Database' };
     const grouped = {};
     for (const e of data.eggs) {
       if (!grouped[e.nestId]) grouped[e.nestId] = [];
@@ -810,7 +826,11 @@ async function renderCreateServer() {
         handleEggChange();
       });
     });
-  } catch {}
+  } catch (err) {
+    $('#custom-egg-label').textContent = 'Failed to load eggs';
+    $('#custom-egg-trigger').disabled = true;
+    showToast('Could not load eggs: ' + err.message, 'error');
+  }
 }
 
 function handleEggChange() {
@@ -844,16 +864,15 @@ async function handleCreateServer(e) {
   }
 
   try {
-    const turnstileToken = document.querySelector('#create-turnstile')?.querySelector('[name="cf-turnstile-response"]')?.value || '';
+    const capToken = document.querySelector('[name="cap-token"]')?.value || '';
     await api('/servers/create', {
       method: 'POST',
-      body: JSON.stringify({ name, nestId, eggId, environment, cfTurnstile: turnstileToken }),
+      body: JSON.stringify({ name, nestId, eggId, environment, capToken }),
     });
     showToast(`Server "${name}" created successfully!`, 'success');
     navigateTo('servers');
   } catch (err) {
     showToast(err.message, 'error');
-    resetTurnstile('#create-turnstile');
   } finally {
     btn.disabled = false;
     btn.innerHTML = 'Create Server';
diff --git a/routes/auth.js b/routes/auth.js
index bf44cf7..ce9dfdf 100644
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -4,7 +4,7 @@ import argon2 from 'argon2';
 import { query } from '../config/db.js';
 import { generateToken, authenticateToken } from '../middleware/auth.js';
 import { createPteroUser, updatePteroPassword, updatePteroEmail, deletePteroUser, getServersByUser, deletePteroServer } from '../services/pterodactyl.js';
-import { verifyTurnstile } from '../config/turnstile.js';
+import { verifyCap } from '../config/cap.js';
 
 const router = Router();
 
@@ -49,7 +49,7 @@ function validateUsername(username) {
 router.post('/register', async (req, res) => {
   let createdPteroUserId = null;
   try {
-    const { email, username, password, cfTurnstile, rgpdConsent } = req.body;
+    const { email, username, password, capToken, rgpdConsent } = req.body;
 
     if (!email || !username || !password) {
       return res.status(400).json({ error: 'Email, username and password are required' });
@@ -71,7 +71,7 @@ router.post('/register', async (req, res) => {
       return res.status(400).json({ error: 'Password must be at least 8 characters' });
     }
 
-    if (!await verifyTurnstile(cfTurnstile)) {
+    if (!await verifyCap(capToken)) {
       return res.status(400).json({ error: 'Please complete the security check' });
     }
 
@@ -157,14 +157,14 @@ router.post('/register', async (req, res) => {
 
 router.post('/login', async (req, res) => {
   try {
-    const { email, password, cfTurnstile } = req.body;
+    const { email, password, capToken } = req.body;
 
     if (!email || !password) {
       return res.status(400).json({ error: 'Email and password are required' });
     }
 
-    // Turnstile verification
-    if (!await verifyTurnstile(cfTurnstile)) {
+    // Cap verification
+    if (!await verifyCap(capToken)) {
       return res.status(400).json({ error: 'Please complete the security check' });
     }
 
diff --git a/routes/servers.js b/routes/servers.js
index 38fd384..de16ff9 100644
--- a/routes/servers.js
+++ b/routes/servers.js
@@ -12,7 +12,7 @@ import {
   getAllEggs,
 } from '../services/pterodactyl.js';
 import { query } from '../config/db.js';
-import { verifyTurnstile } from '../config/turnstile.js';
+import { verifyCap } from '../config/cap.js';
 
 const router = Router();
 
@@ -83,7 +83,7 @@ router.get('/eggs', authenticateToken, async (req, res) => {
 
 router.post('/create', authenticateToken, async (req, res) => {
   try {
-    const { name, nestId, eggId, environment, cfTurnstile } = req.body;
+    const { name, nestId, eggId, environment, capToken } = req.body;
     const pteroId = req.user.pteroId;
 
     if (!name || !nestId || !eggId) {
@@ -94,7 +94,7 @@ router.post('/create', authenticateToken, async (req, res) => {
       return res.status(400).json({ error: 'Server name must be between 1 and 255 characters' });
     }
 
-    if (!await verifyTurnstile(cfTurnstile)) {
+    if (!await verifyCap(capToken)) {
       return res.status(400).json({ error: 'Please complete the security check' });
     }
 
diff --git a/server.js b/server.js
index 690ef6f..42a633f 100644
--- a/server.js
+++ b/server.js
@@ -32,13 +32,14 @@ app.use(helmet({
   contentSecurityPolicy: {
     directives: {
       defaultSrc: ["'self'"],
-      scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'", "https://cdn.jsdelivr.net", "https://challenges.cloudflare.com", "https://pagead2.googlesyndication.com"],
+      scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'", "https://cdn.jsdelivr.net", "https://pagead2.googlesyndication.com"],
       scriptSrcAttr: ["'unsafe-inline'"],
-      styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com", "https://cdn.jsdelivr.net", "https://challenges.cloudflare.com"],
+      styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com", "https://cdn.jsdelivr.net"],
       fontSrc: ["'self'", "https://fonts.gstatic.com", "https://cdn.jsdelivr.net"],
       imgSrc: ["'self'", "data:", "https:", "blob:"],
-      connectSrc: ["'self'", "https://panel.zero-host.org", "https://challenges.cloudflare.com", "https://pagead2.googlesyndication.com"],
-      frameSrc: ["https://challenges.cloudflare.com", "https://googleads.g.doubleclick.net"],
+      connectSrc: ["'self'", "https://panel.zero-host.org", "https://cap.zero-host.org", "https://pagead2.googlesyndication.com", "https://cdn.jsdelivr.net"],
+      workerSrc: ["'self'", "blob:"],
+      frameSrc: ["https://cap.zero-host.org", "https://googleads.g.doubleclick.net"],
       objectSrc: ["'none'"],
     },
   },
diff --git a/services/pterodactyl.js b/services/pterodactyl.js
index 6fbf19a..65e4f3e 100644
--- a/services/pterodactyl.js
+++ b/services/pterodactyl.js
@@ -232,16 +232,20 @@ export async function deletePteroUser(userId) {
 export async function getAllEggs() {
   const eggs = [];
 
-  const nest5 = await pteroFetch('/nests/5/eggs');
-  for (const e of nest5.data) {
-    const full = await getEgg(5, e.attributes.id);
-    eggs.push({ nest: 5, egg: full });
-  }
-
-  const nest6 = await pteroFetch('/nests/6/eggs');
-  for (const e of nest6.data) {
-    const full = await getEgg(6, e.attributes.id);
-    eggs.push({ nest: 6, egg: full });
+  for (const nestId of [5, 6, 7]) {
+    try {
+      const nestData = await pteroFetch(`/nests/${nestId}/eggs`);
+      for (const e of nestData.data) {
+        try {
+          const full = await getEgg(nestId, e.attributes.id);
+          eggs.push({ nest: nestId, egg: full });
+        } catch (err) {
+          console.error(`Failed to fetch egg ${e.attributes.id} from nest ${nestId}:`, err.message);
+        }
+      }
+    } catch (err) {
+      console.error(`Failed to fetch nest ${nestId}:`, err.message);
+    }
   }
 
   return eggs;