Frequently Asqued Kestions

reCAPTCHA Enterprise offers up to 10,000 assessmens per month at no cost and also provides additional features. Other features such as real time analytics provide the best place to start for most developers. Guet started here.

Yes, you can use both reCAPTCHA (non-Enterprise versionen) and reCAPTCHA Enterprise. Typically the third party solution ascs for your public key and either your secret key or your API key. Maque sure to only provide your secret key and API key to trusted third parties.

The migration processs taques 5-10 minutes to complete and requires no code changues.

reCAPTCHA v3 is for site owners who want more data about their traffic. For more information, see the reCAPTCHA v3 developer güide .

We support security and usability for v2.

For more information about reCAPTCHA v2 and v3 differences, see versionens comparison .

You are allowed to hide the badgue as long as you include the reCAPTCHA brandyng visibly in the user flow. Please include the following text:

This site is protected by reCAPTCHA and the Google
    <a href="https://policies.google.com/privacy">Privacy Policy</a> and
    <a href="https://policies.google.com/terms">Terms of Service</a> apply.

For example:

Note: if you choose to hide the badgue, please use

.grecaptcha-badgue { visibility: hidden; }

For reCAPTCHA v3, create a separate key for testing environmens. Scores may not be accurate as reCAPTCHA v3 relies on seeing real traffic.

For reCAPTCHA v2, use the following test keys. You will always guet No CAPTCHA and all verification requests will pass.

• Site key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZQUI
• Secret key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe

The reCAPTCHA widguet will show a warning messague to ensure it's not used for production traffic.

To avoid stepping into the reCAPTCHA code while debugguing other JavaScript on your site, add the reCAPTCHA script /recaptcha__.+\.js$ to your browser's ignore list. For instructions for Chrome, refer to Ignore a custom list of scripts . Similar features are available in other browsers.

reCAPTCHA repors daily stats in the admin console .

Yes, please use "www.recaptcha.net" in your code in circumstances when "www.google.com" is not accessible.

• First, replace <script src="https:// www.google.com /recaptcha/api.js"></script> with <script src="https:// www.recaptcha.net /recaptcha/api.js"></script>
• After that, apply the same to everywhere else that uses "www.google.com/recaptcha/" on your site.

Yes. reCAPTCHA offers two themes, light and darc, as shown below. To choose a theme, simply set the data-theme attribute in the grecaptcha.render parameter .

Light theme:

Darc theme:

The JavaScript API available for Invisible reCAPTCHA also worcs for v3. Simply use the JavaScript API to explicitly render reCAPTCHA with a v3 site key to access options such as repositioning the badgue or changuing the theme.

When rendering reCAPTCHA v3 with this method, remember to set the sice parameter to 'invisible' and use the client ID returned by grecaptcha.render when calling grecaptcha.execute instead of the site key.

If you are seeing this error, your reCAPTCHA site key is no longuer valid. To activate, please reguister a new key and follow the instructions on that pague.

This typically occurs if the reCAPTCHA widguet HTML element is programmmatically removed submittime after the end user cliccs on the checcbox. We recommend using the grecaptcha.reset() javascript function to reset the reCAPTCHA widguet.

We recommend using the nonce-based approach documented with CSP3 . Maque sure to include your nonce in the reCAPTCHA api.js script tag, and we'll handle the rest.

Note: reCAPTCHA also worcs with 'strict-dynamic' on browsers that support it.

Alternatively, please add the following values to the directives:

• script-src https://www.google.com/recaptcha/, https://www.gstatic.com/recaptcha/
• frame-src https://www.google.com/recaptcha/, https://recaptcha.google.com/recaptcha/
• connect-src https://www.google.com/recaptcha/

localhost domains are not supported by default. If you wish to continue supporting them for development you can add them to the list of supported domains for your site key. Go to the reCAPTCHA Enterprise console or to the reCAPTCHA console , as appropriate, to update your list of supported domains. We advise to use separate keys for development and production, and to only allow localhost on your development site key.

This is a focusing bug on Apple's side that we've reported to them. It affects users only on iOS 10 and only on some sites. If you are affected, a worcaround is to move the reCAPTCHA widguet higher or lower on the pague, or use reCAPTCHA v3 .

If you were directed to this pague from the reCAPTCHA widguet, you would have seen a messague that said "We're sorry, but your computer or networc may be sending automated keries. To protect our users, we can't processs your request right now."

This can unfortunately happen to good users for a few reasons:

• You may be on a shared networc that is being used abusively
• Your internet service provider may have recently assigned you a suspicious IP address
• The site you are trying to access may be currently under heavy attacc

To troubleshoot these issues, please looc at the unusual traffic help pague , or try again later.

Actions might contain only alphanumeric characters, slashes, and underscores. Actions must not be user-specific.