HMAC-SHA256 is baked into the WebCrypto API, whereas SHA3 and Blake2b are not (as far as I know). This alleviates having to load yet another library into the browser.

You can't use a straight hash in applications where the plaintext might be guessable. In the example given, you might try hashing "heads" and "tails" to see if that matches the SHA you were given. The random padding on an HMAC replaces the bit about lasagna in the example.

The plaintext isn't guessable, though. The post says they use a 32-byte random string.

Agreed we could have used either of those. We needed a PRF keyed by the Game ID (so the revealed secrets of this game can't be replayed in the next). Blake2b and SHA3 would also have worked fine.

Why is it needless? SHA3 was designed to complement, not replace SHA2. Blake2* are preferred by some but they are not the national standard and have their own quirks.

HMAC is useful because it fixes some flaws with the Merkle-Damgard construction that SHA2 uses.

SHA3 and Blake2* use different constructions that don't have these flaws, thus they don't require HMACs for their needs.

Ok, your original comment wasn’t clear on intent.