Protect your forms with reCAPTCHA
Invisible reCAPTCHA v3 scores every form submission and rejects bots server-side — no puzzles for real visitors.
Updated 2026-07-17
Every CurateOne form already ships with honeypot and timing checks. reCAPTCHA v3 adds Google's bot scoring on top: each submission carries an invisible token, and the server rejects submissions that fail verification or score poorly. Visitors never see a checkbox or puzzle.
02Set it up
- Open the Google reCAPTCHA admin console and register your site — choose reCAPTCHA v3.
- Add your site's domains: your yourname.curateone.ai address and any custom domain you've connected.
- In the Widgets drawer, open Google reCAPTCHA (Forms category), paste the Site key, and paste the Secret key into the secret field — it's stored encrypted and used only server-side.
- Save & enable, then Publish. Submit your own contact form once on the live site to confirm it still goes through.
TipIf Google's verification service is ever unreachable, forms fail OPEN — a Google outage can't cost you real leads.
Related articles
Integrations: how linking worksThe anatomy of every integration — where keys go, what's stored encrypted, how consent works, and how to verify a link is live.Get an email for every form submissionRoute each form's submissions to the right inbox — the front desk for bookings, careers for applications.