Frequently Asked Questions

Learn about common issues you may face or questions you may have while using reCAPTCHA Enterprise.

Can I use reCAPTCHA Enterprise globally?

Yes, please use www.recaptcha.net in your code in circumstances when www.google.com is not accessible.

  • First, replace <script src="https://www.google.com/recaptcha/enterprise.js?render=<SITE_KEY>" async defer></script> with <script src="https://www.recaptcha.net/recaptcha/enterprise.js?render=<SITE_KEY>" async defer></script>, substituting your Site Key for <SITE_KEY>.
  • After that, apply the same logic to everywhere else that uses www.google.com/recaptcha/ on your site.

I'd like to use the score reCAPTCHA Enterprise returns to show a challenge / checkbox widget. How can I do this?

We recommend that you do not do this. reCAPTCHA Enterprise expects to see both good and bad user behavior on implementation. If you trigger a reCAPTCHA Enterprise checkbox widget based on a reCAPTCHA Enterprise score, the checkbox widget is only being exposed to bad traffic. Because of the above, the widget will have a more difficult time determining whether to show a challenge or not. This can result in issuing NO CAPTCHAs (no challenge shown at all) to fraudulent users or bots due to trouble making that differentiation.

In these cases, we recommend just using a challenge-based Site Key upfront (like reCAPTCHA Enterprise with a CHECKBOX Site Key) instead, but installing a SCORE Site Key on every page, as well as issuing grecaptcha.enterprise.execute to train the model, but foregoing assessments on the SCORE tokens. Essentially, this will achieve the goal by training the reCAPTCHA Enterprise CHECKBOX Site Keys on user behavior, resulting in less challenges shown to legitimate users and more challenges to fraudulent ones.

I'd like to hide the reCAPTCHA Enterprise badge. What is allowed?

You are allowed to hide the badge as long as you include the fact that you use reCAPTCHA Enterprise to protect your site and that "Google's Terms of Service and Privacy Policy apply" visibly in the user flow. Please include the following text:

This site is protected by reCAPTCHA Enterprise and the Google
<a href="https://policies.google.com/privacy">Privacy Policy</a> and
<a href="https://policies.google.com/terms">Terms of Service</a> apply.

For example:

Example of how to display terms

How do I measure the quality of the scores reCAPTCHA Enterprise is returning?

Ultimately, it depends on your use case and desired results. Generally, we recommend that you use your own internal metrics you have about user behavior to determine if the score was accurate, such as: + Did a user that reset their password and received a high score later report that their account was hijacked? + Did a user that logged in with a low score proceed to spam others? + Did a user that failed to login and received a low score, then proceed to try and login to several different usernames?