reCAPTCHA: Tips and Guidelines
Stay organized with collections
Save and categorize content based on your preferences.
Important: Version 1.0 of the reCAPTCHA API is no longer supported, please upgrade to Version 2.0. Learn more
User Mistakes
Making mistakes when filling out a form can be a very frustrating exprience for the user. When a user enters
the CAPTCHA incorrectly (or any other field in the form), we strongly encourage you to help them by:
-
Re-displaying the form in question with the form data they entered pre-filled, so they don't have to
re-enter everything.
-
Adding the
error=
parameter to http://www.google.com/recaptcha/api/challenge so that the error type is
displayed to the user.
reCAPTCHA on an https site
In order to avoid getting browser warnings when you use reCAPTCHA
on an SSL site, you should replace http://www.google.com/recaptcha/api with https://www.google.com/recaptcha/api when you
request a challenge. Your request to reCAPTCHA would look like this:
<script type="text/javascript"
src="https://www.google.com/recaptcha/api/challenge?k=your_public_key">
</script>
<noscript>
<iframe src="https://www.google.com/recaptcha/api/noscript?k=your_public_key"
height="300" width="500" frameborder="0"></iframe><br>
<textarea name="recaptcha_challenge_field" rows="3" cols="40">
</textarea>
<input type="hidden" name="recaptcha_response_field"
value="manual_challenge">
</noscript>
Empty reCAPTCHA Fields
If the value of "recaptcha_challenge_field" or "recaptcha_response_field" is
not set when you are processing the form, avoid sending a request to www.google.com/recaptcha/api/verify. This allows
you to more quickly deal with simple attempts at spamming.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-07-10 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-07-10 UTC."],[[["\u003cp\u003ereCAPTCHA API version 1.0 is no longer supported; users should upgrade to version 2.0.\u003c/p\u003e\n"],["\u003cp\u003eWhen users make mistakes in forms, pre-fill their previous entries and use the \u003ccode\u003eerror=\u003c/code\u003e parameter in the reCAPTCHA API challenge URL to display the error type.\u003c/p\u003e\n"],["\u003cp\u003eWhen implementing reCAPTCHA on HTTPS sites, ensure to use the \u003ccode\u003ehttps://\u003c/code\u003e protocol in the reCAPTCHA API URL to prevent browser warnings.\u003c/p\u003e\n"],["\u003cp\u003eTo handle spam attempts efficiently, avoid sending verification requests to the reCAPTCHA API if the challenge or response fields are empty.\u003c/p\u003e\n"]]],["Upgrade from reCAPTCHA API version 1.0 to 2.0. When form errors occur, pre-fill the form with user-entered data and add the `error=` parameter to the reCAPTCHA challenge URL. For SSL sites, use `https://www.google.com/recaptcha/api` instead of `http://` for challenge requests. If `recaptcha_challenge_field` or `recaptcha_response_field` is unset, skip the verification request to quickly handle spam.\n"],null,["# reCAPTCHA: Tips and Guidelines\n\n**Important** : Version 1.0 of the reCAPTCHA API is no longer supported, please upgrade to Version 2.0. [Learn more](/recaptcha/docs/faq)\n\nUser Mistakes\n-------------\n\nMaking mistakes when filling out a form can be a very frustrating exprience for the user. When a user enters\nthe CAPTCHA incorrectly (or any other field in the form), we strongly encourage you to help them by:\n\n- Re-displaying the form in question with the form data they entered pre-filled, so they don't have to re-enter everything.\n- Adding the `error=` parameter to http://www.google.com/recaptcha/api/challenge so that the error type is displayed to the user.\n\nreCAPTCHA on an https site\n--------------------------\n\nIn order to avoid getting browser warnings when you use reCAPTCHA\non an SSL site, you should replace http://www.google.com/recaptcha/api with https://www.google.com/recaptcha/api when you\nrequest a challenge. Your request to reCAPTCHA would look like this: \n\n```carbon\n\u003cscript type=\"text/javascript\"\n src=\"https://www.google.com/recaptcha/api/challenge?k=your_public_key\"\u003e\n\u003c/script\u003e\n\n\u003cnoscript\u003e\n \u003ciframe src=\"https://www.google.com/recaptcha/api/noscript?k=your_public_key\"\n height=\"300\" width=\"500\" frameborder=\"0\"\u003e\u003c/iframe\u003e\u003cbr\u003e\n \u003ctextarea name=\"recaptcha_challenge_field\" rows=\"3\" cols=\"40\"\u003e\n \u003c/textarea\u003e\n \u003cinput type=\"hidden\" name=\"recaptcha_response_field\"\n value=\"manual_challenge\"\u003e\n\u003c/noscript\u003e\n```\n\nEmpty reCAPTCHA Fields\n----------------------\n\n\nIf the value of \"recaptcha_challenge_field\" or \"recaptcha_response_field\" is\nnot set when you are processing the form, avoid sending a request to www.google.com/recaptcha/api/verify. This allows\nyou to more quickly deal with simple attempts at spamming."]]