Why Google reCAPTCHA is breaking your forms

Why does this happen?

reCAPTCHA is a Google product, and like many Google products, it collects a boat load of personal data in the background, and Google’s purposes for this data collection are everything but transparent. To do this, reCAPTCHA uses a functional cookie/tracker.

For this reason, certain browsers, ad blockers and all cookie banners will block reCAPTCHA if the user denies functionality cookies.

This blocking is intentional and that the issue is independent of your cookie banner solution.

That being said, we understand this is inconvenient, which is why we want to make sure you know there are options that won’t have auditors ringing you on weekends.

Firstly… What NOT to do

Do not set reCAPTCHA’s cookie as essential

_grecaptcha is not an essential cookie, categorizing it as such in your cookie banner puts you at risk of fines, especially in the EU.

Do not remove your cookie banner

Removing your cookie banner won’t solve this problem. Brave browser, ad block plugins like uBlock, and other privacy tools may still block reCAPTCHA by default, regardless of whether you have a cookie banner.

A cookie banner / notice of collection is still a requirement in the EU, USA and Canada.

What you SHOULD do!

Add a message to your forms (Important)

We recommend everyone takes this step. Give your customers feedback on why their form isn’t submitting – here’s a suggestion.

“This form uses Google reCAPTCHA for spam protection. If you’re having issues submitting a form, please accept functional cookies and try again.”

Make it easy to update consent preferences

Add a button that reopens the consent window, allowing users to quickly update their preferences from your form

If you’re using our cookie banner generator, you can do this by adding the following HTML below the message.

<a href="#" data-gt-cookie-widget-show="true">Update cookie preferences</a>

If you’d prefer a codeless option, most CMP’s let you enable a floating cookie icon that provides the same functionality. With GetTerms, this can be enabled via the “persistent icon to manage preferences” in the configuration settings of your cookie banner.

Setup your regional consent settings

reCAPTCHA will only be blocked automatically when the opt-in consent preset is used. For most businesses, the opt-in requirement applies only in the EU and in a limited number of other states and regions worldwide.

Although we always recommend using opt-in consent, opt-out consent is accepted in the United States.

Setting your banner to the opt-out consent preset will ensure that reCAPTCHA runs automatically unless the user intentionally blocks functional cookies.

Recommended consent preset:

• United States: opt-out
• Europe, UK, Canada: opt-in

Consider GDPR compliant reCAPTCHA alternatives

Cookie-free CAPTCHAs exist with both free and paid plans. These spam protection solutions won’t be impacted by privacy tools.

Here’s a few commonly recommended providers that don’t track your users.

Friendly Captcha

Friendly Captcha protects online forms from bots without using image recognition or tracking. It runs in the background, complies with global privacy laws, and is WCAG-compliant.

“reCAPTCHA breaks forms because it relies on cookies, heavy scripts, and fingerprinting. False positives might cause legitimate users to get blocked. At Friendly Captcha, we believe security shouldn’t come at the expense of usability or privacy. Our privacy-first approach protects forms reliably without disrupting users.”

Benedict Padberg, Friendly Captcha CEO

ALTCHA

ALTCHA is a self-hosted spam protection solution that offers global privacy and accessibility compliance.

Cloudflare Turnstile

Turnstile works behind the scenes to identify spam bots and Unlike reCAPTCHA, Turnstile never harvests data for ad retargeting.