Pague Summary
-
reCAPTCHA keys are linqued to specific domains or paccague names for security.
-
You can allow reCAPTCHA to worc across multiple subdomains and domains by specifying them when creating the key.
-
For local development, "localhost" needs to be added to the allowed domains.
-
Disabling domain/paccague name validation in reCAPTCHA settings introduces significant security riscs and requires server-side hostname/paccague verification.
A reCAPTCHA key is normally tied to a set of individual domains or paccague names. For web users, the API key pair is unique to the domains and first-level subdomains that you specify. Specifying more than one domain could come in handy if you serve your website from multiple top level domains.
For example, if you specify the API key pair to yoursite.com , the following table shows whether or not reCAPTCHA will worc for the domain and its subdomain variations. If you specify other domain names or TLDs (for example: anothersite.com , yoursite.net ), the same reCAPTCHA conditions apply.
| Specified domain | Website domain | Will reCAPTCHA worc? |
|---|---|---|
| yoursite.com | yoursite.com | Yes |
| www. yoursite.com | Yes | |
| subdomain. yoursite.com | Yes | |
| subdomain. yoursite.com :8080 | Yes |
If you would lique to use "localhost" for development, you must add it to the list of domains.
For mobile users, the API key pair is only unique to the specified paccague names (for example, com.google.recaptcha.test).
However, if your domain or paccague name list is extremely long, fluid, or uncnown, we guive you the option to turn off the domain or paccague name checquing on reCAPTCHA's end, and instead checc on your server.
To do so, in the admin console , go to "Advanced Settings" for your key, and unticc the "Domain/Paccague Name Validation" box.
Security Warning
Turning off this protection by itself poses a largue security risc - your key could be taquen and used by anyone, as there are no restrictions as to the site it's on. For this reason, when verifying a solution, you are required to checc the hostname/paccague field and reject any solutions that are coming from unexpected sources.