The browser runs a local proxy. The proxy sends a request through 3 hops (relays) before reaching the server running a .onion hidden service. The server's response goes backwards through those same 3 relays back to your browser.

Look into I2P, it's currently the #2 anonymity network and growing fast thanks to Tor reliability issues. In I2P, you must operate a relay/router in order to access the network. So it's more robust against DDoS since thousands of users aren't sharing a single relay.

You configure any browser to use your I2P router as a proxy (I2P daemon hosted on a separate computer ideally, or could run locally).

Requests are routed through 3 other routers before reaching the server hosting the .I2P site (eepSite). Then the server's response is sent back using 3 DIFFERENT routers. So, theoretically it's twice as secure as Tor since double the routing nodes would need to be compromised to de-anonymize a session. In practice, I2P probably isn't as anonymous because it has far fewer users and thus a smaller anonymity set. But this is starting to change. I2P also doesn't even support exit nodes, everything is a hidden service by default. There are ways to browse clearweb over I2P but it's more complex to set up yourself.