What happens to reCAPTCHA v1?
Since we launched reCAPTCHA v2 in Dec, 2014, a significant number of websites around the world have switched to it. Most of the human users enjoy the No CAPTCHA reCAPTCHA experience with a single click in the checkbox. With the advanced risk analysis engine, reCAPTCHA v2 can effectively separate humans from bots and always stay ahead of the attackers. So we decided that it's time to stop supporting the old version of reCAPTCHA, which means:
- We won't develop any new features for reCAPTCHA v1.
- Any new key registered on reCAPTCHA will be only valid for v2.
If your site still uses reCAPTCHA v1, it will continue to work, but please expect that it may become less functional. We encourage you to register a new key and upgrade to v2 soon.
I'd like to run automated tests with reCAPTCHA v2. What should I do?
With the following test keys, you will always get No CAPTCHA and all verification requests will pass.
- Site key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
- Secret key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
The reCAPTCHA widget will show a warning message to claim that it's only for testing purpose. Please do not use these keys for your production traffic.
I want to learn how reCAPTCHA grades my site traffic. Is there a report that I can check?
Yes. reCAPTCHA reports the daily pass and fail stats in the admin console. If you are using reCAPTCHA V2, you can also see how many No CAPTCHAs were rendered per day as well as site spam index chart. You are strongly encouraged to upgrade to reCAPTCHA V2 to enjoy these advanced features.
Can I customize the reCAPTCHA widget?
Yes. reCAPTCHA offers two themes, light and dark, as shown below. To choose a theme, simply set the data-theme attribute in the grecaptcha.render parameter.
Then, you must add the following
<noscript>HTML immediately following the
<script src="https://www.google.com/recaptcha/api.js" async defer></script> <div class="g-recaptcha" data-sitekey="your_site_key"></div> <noscript> <div> <div style="width: 302px; height: 422px; position: relative;"> <div style="width: 302px; height: 422px; position: absolute;"> <iframe src="https://www.google.com/recaptcha/api/fallback?k=your_site_key" frameborder="0" scrolling="no" style="width: 302px; height:422px; border-style: none;"> </iframe> </div> </div> <div style="width: 300px; height: 60px; border-style: none; bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px; background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;"> <textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid #c1c1c1; margin: 10px 25px; padding: 0px; resize: none;" > </textarea> </div> </div> </noscript>
Some users are not seeing the checkbox reCAPTCHA widget. What's happening?
Is the reCAPTCHA widget in the above example what your users are seeing?
In some cases, the end user's environment doesn't have the features to support the checkbox reCAPTCHA widget due to:
- old browser(see the minimum browser requirements)
- some installed plugins conflicting with reCAPTCHA
- unstable network
<script src="https://www.google.com/recaptcha/api.js?fallback=true" async defer></script>
Please implement this fallback UI only when it's necessary for your site, due to the poor user experience.
Recently my reCAPTCHA widget started displaying "Invalid site key". What's happening?
I'm getting 404 error: content from http://www.gstatic.com/... not available. What should I do?
The reason you are seeing this error is because you referenced an obsolete reCaptcha JS code exampled below:
Instead, you should only include this line in your code:
We are constantly updating our recaptcha__XYZ.js versions. Please rely on the api.js to route to the right version.
I'm getting an uncaught SecurityError: blocked a frame with origin "https://www.google.com" from accessing a frame with origin "<your domain>". What should I do?
I'm using Content-Security-Policy (CSP) on my website. How can I configure it to work with reCAPTCHA?
Note: reCAPTCHA also works with 'strict-dynamic' on browsers that support it.
Alternatively, please add the following values to the directives:
- script-src https://www.google.com/recaptcha/, https://www.gstatic.com/recaptcha/
- frame-src https://www.google.com/recaptcha/
- style-src 'unsafe-inline'
I'm getting an error "Localhost is not in the list of supported domains". This was working before, what should I do?
localhost domains are no longer supported by default. If you wish to continue supporting them for development you can add them to the list of supported domains for your site key. Go to the admin console to update your list of supported domains. We advise to use a separate key for development and production and to not allow localhost on your production site key.