# Time trap Form Plume's time trap gives each form a short-lived signed token, then blocks bot submissions that arrive too fast or reuse an expired token. A person needs time to read and complete a form. A bot can submit it almost immediately. The time trap gives your form a short-lived, signed token. Form Plume checks when it was created, whether it belongs to this form, and whether it has already expired. ## Use a fresh token Fetch the token when the form loads, then include it with the submission. Do not paste one permanent token into static HTML. It will expire and should not be reused. Plain HTML forms can continue with the [Honeypot](/docs/spam-protection/honeypot) when they do not have JavaScript available. The time trap is invisible to visitors. It adds evidence to spam scoring without making a person solve a challenge.