diff --git a/functions/middleware/captcha.js b/functions/middleware/captcha.js
index 4f86702..398838f 100644
--- a/functions/middleware/captcha.js
+++ b/functions/middleware/captcha.js
@@ -4,6 +4,20 @@ import hCaptchaPlugin from "@cloudflare/pages-plugin-hcaptcha";
 import turnstilePlugin from "@cloudflare/pages-plugin-turnstile";
 
 export const captchaPlugins = [
+  async (context) => {
+    // ensure content-type is set to form-data
+    const contentType = context.request.headers.get("content-type");
+    if (!contentType || !contentType.includes("multipart/form-data")) {
+      return createErrorResponse("Invalid request", 400);
+    }
+
+    const formData = await context.request.clone().formData();
+    if (!formData.has("h-captcha-response")) return createErrorResponse("hCaptcha verification failed", 400);
+    if (!formData.has("g-recaptcha-response")) return createErrorResponse("reCAPTCHA verification failed", 400);
+    if (!formData.has("cf-turnstile-response")) return createErrorResponse("Turnstile verification failed", 400);
+
+    return context.next();
+  },
   async (context) => {
     try {
       return hCaptchaPlugin({