If you're referring to Cloudflare, the "security check" is not a default setting. For some reason administrators love to use Under attack mode as a band-aid measure to reduce load on the host.
Nginx has a built in recaptcha page based on rules? News to me.
Even if it does, the point of Cloudflare's WAF is to avoid the traffic touching the origin if the security check doesn't succeed, so any nginx solution isn't really providing the same value.