CAPTCHA Integration
Available on all plans. See pricing.
Formtorch supports three CAPTCHA providers that you can attach to any form:
| Provider | Notes |
|---|---|
| Cloudflare Turnstile | Privacy-friendly, no user interaction required |
| hCaptcha | Privacy-focused alternative to reCAPTCHA |
| Google reCAPTCHA v3 | Score-based, invisible to users |
How it works
When CAPTCHA is enabled on a form, Formtorch:
- Requires a valid CAPTCHA token with each submission
- Verifies the token server-side with the provider’s API before processing the submission
- Rejects submissions with invalid or missing tokens with a
400error
The widget is embedded on your page by your provider’s JavaScript snippet. When the user submits the form, the provider injects a token into the form data automatically. Formtorch reads and verifies that token, so you don’t need to handle it manually.
How to enable
- Go to Form Settings → CAPTCHA
- Toggle CAPTCHA on and choose your provider
- Enter your site key (public) and secret key (server-side) from the provider’s dashboard
- Follow the provider-specific embed instructions to add the widget to your form
See the provider pages below for full setup steps, code examples, and troubleshooting.
Provider setup guides
When to use CAPTCHA
TorchWarden™ and honeypot protection handle the vast majority of spam without any user friction. CAPTCHA adds a heavier layer that’s worth considering for:
- High-value forms (lead capture, checkout) under active bot pressure
- Forms that have exhausted honeypot and TorchWarden options
- Compliance requirements that mandate a specific CAPTCHA provider
For most forms, TorchWarden + honeypot is sufficient.
Last updated on