▸ PHP variant — origin decrypts in PHP (endpoints /wgp-key.php, /api/submit.php)
▸ Node variant — origin decrypts in Node (endpoints /wgp-key.json, /api/submit, proxied)
Both seal the request body in your browser (HPKE). Try GET / HEAD / POST and watch panel 2 — WGP only ever sees ciphertext + metadata.