diff --git a/lib/PostText/Controller/Thread.pm b/lib/PostText/Controller/Thread.pm
index 2f0e9a2..780a5b7 100644
--- a/lib/PostText/Controller/Thread.pm
+++ b/lib/PostText/Controller/Thread.pm
@@ -150,15 +150,29 @@ sub bump($self) {
 }
 
 sub flag($self) {
-    my $thread_id    = $self->param('thread_id');
-    my $redirect_url = $self->url_for('threads_list')->fragment('info')->to_abs;
+    my $thread_id = $self->param('thread_id');
+    my $v         = $self->validation;
 
-    $self->thread->flag($thread_id);
-    $self->flash(
-        info => "Thread #$thread_id has been flagged for moderator. 🚩"
-        );
+    $v->optional(captcha => 'trim')->size(4, 4)->like(qr/flag/i);
 
-    $self->redirect_to($redirect_url);
+    if ($v->is_valid) {
+        my $redirect_url =
+            $self->url_for('threads_list')->fragment('info')->to_abs;
+
+        $self->thread->flag($thread_id);
+        $self->flash(
+            info => "Thread #$thread_id has been flagged for moderator. 🚩"
+          );
+
+        return $self->redirect_to($redirect_url);
+    }
+    elsif ($v->has_error) {
+        $self->stash(status => 400)
+    }
+
+    $self->stash(thread_id => $thread_id);
+
+    return $self->render;
 }
 
 1;
diff --git a/t/thread.t b/t/thread.t
index da9e6ff..843ce41 100644
--- a/t/thread.t
+++ b/t/thread.t
@@ -98,9 +98,8 @@ subtest 'Flagging thread', sub {
         ->element_exists('a[href*="flag"]')
         ->text_like(h2 => qr/Thread #1/);
 
-    $t->get_ok('/thread/flag/1')->status_is(200)
-        ->element_exists('p[class="stash-with-info"]')
-        ->text_like(p => qr/Thread #1 has been flagged/);
+    $t->get_ok('/thread/flag/1'    )->status_is(200);
+    $t->get_ok('/thread/flag/65536')->status_is(404);
 };
 
 done_testing;
diff --git a/templates/thread/flag.html.ep b/templates/thread/flag.html.ep
new file mode 100644
index 0000000..8c84e3a
--- /dev/null
+++ b/templates/thread/flag.html.ep
@@ -0,0 +1,17 @@
+% layout 'default';
+% title $thread_id ? "Flag Thread #$thread_id" : '?';
+<h2 class="page-title"><%= title %></h2>
+<% if ($thread_id) { =%>
+<form class="form-body">
+  <div class="form-field">
+    <% if (my $error = validation->error('captcha')) { =%>
+    <p class="field-with-error">Must be between <%= $error->[2] %>
+      and <%= $error->[3] %> characters.</p>
+    <% } =%>
+    <%= label_for captcha => "Enter the word 'flag' to confirm:" %>
+    <%= text_field captcha => id => 'captcha' %>
+  </div>
+  <button type="submit" class="form-button">Flag</button>
+  </fieldset>
+</form>
+<% } =%>