Learn about common issues you might encounter or questions you might have while using reCAPTCHA Enterprise.
Can I use reCAPTCHA Enterprise globally?
Yes, please use
www.recaptcha.net in your code in circumstances when
www.google.com is not accessible.
- First, replace
<script src="https://www.google.com/recaptcha/enterprise.js?render=<SITE_KEY>" async defer></script>with
<script src="https://www.recaptcha.net/recaptcha/enterprise.js?render=<SITE_KEY>" async defer></script>, substituting your Site Key for
- After that, apply the same logic to everywhere else that uses
www.google.com/recaptcha/on your site.
reCAPTCHA Enterprise sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
If you prefer to not use the
www.google.com domain which may have other cookies set, you can use
I'd like to use the score from reCAPTCHA Enterprise to show a challenge / checkbox widget. How can I do this?
We recommend that you do not do this. reCAPTCHA Enterprise expects to see both good and bad user behavior on implementation. If you trigger a reCAPTCHA Enterprise checkbox widget based on a reCAPTCHA Enterprise score, the checkbox widget is only being exposed to bad traffic. Due to this, the widget can have a more difficult time determining whether to show a challenge or not. This can result in issuing NO CAPTCHAs (no challenge shown at all) to fraudulent users or bots due to trouble making that differentiation.
In these cases, we recommend just using a challenge-based site key upfront (like reCAPTCHA Enterprise with a CHECKBOX Site Key) instead,
but installing a SCORE Site Key on every page, as well as issuing
grecaptcha.enterprise.execute to train the model, but foregoing
assessments on the SCORE tokens. Essentially, this achieves the goal by training the reCAPTCHA Enterprise CHECKBOX site keys
on user behavior, resulting in less challenges shown to legitimate users and more challenges to fraudulent ones.
I'd like to hide the reCAPTCHA Enterprise badge. What is allowed?
Can I customize the reCAPTCHA Enterprise widget or badge?
Yes. reCAPTCHA Enterprise offers light and dark themes, as shown below. To choose a
theme, set the
data-theme attribute in the
How many domains can I add in the "verify domains" list in Google Cloud Console?
There is a limit of 250 domains per site key.
I use a third-party plug-in / implementation that does not formally support reCAPTCHA Enterprise. Can I still use reCAPTCHA Enterprise?
Yes, you can use reCAPTCHA Enterprise. Use the following steps:
- Create a reCAPTCHA v2/v3 site key in the reCAPTCHA Admin Console.
- Migrate the site key to reCAPTCHA Enterprise by following the instructions in Quickstart: Migrating from reCAPTCHA.
In the reCAPTCHA Enterprise Dashboard, what timezone is used? Can I change this?
This timezone is based on the Client Timezone of your browser. This cannot be changed at this time.
How do I measure the quality of the scores reCAPTCHA Enterprise is returning?
Ultimately, it depends on your use case and desired results. Generally, we recommend that you use your own internal metrics you have about user behavior to determine if the score was accurate, such as:
- Did a user that reset their password and received a high score later report that their account was hijacked?
- Did a user that logged in with a low score proceed to spam others?
- Did a user that failed to login and received a low score, then proceed to try and login to several different usernames?
I'd like to run automated tests with reCAPTCHA Enterprise. What should I do?
You can create reCAPTCHA Enterprise site keys designed for testing by using
the gcloud command-line tool.
For more information, see the
--testing-score options in the
recaptcha keys create reference page.
- Creating a checkbox site key that always returns "No CAPTCHA" (no challenge) and 1.0 (change --domains and --display-name below).
gcloud alpha recaptcha keys create --testing-challenge=nocaptcha --web --domains="domain1.com,domain2.com" --display-name="Always No CAPTCHA" --integration-type=checkbox
- Creating a checkbox site key that always returns an unsolvable challenge (change --domains and --display-name below).
gcloud alpha recaptcha keys create --testing-score=0.0 --testing-challenge=challenge --web --domains="domain1.com,domain2.com" --display-name="Unsolvable Challenge" --integration-type=checkbox
- Creating a score-based site key that always returns a set score (change --domains, --display-name, and --testing-score below).
gcloud alpha recaptcha keys create --testing-score=1.0 --web --domains="domain1.com,domain2.com" --display-name="Always 1" --integration-type=score
What session data is collected by reCAPTCHA Enterprise and how does Google protect it?
For more information about how Google protects data, see the Security White Paper.