This example is sending the Content-Security-Policy header. Look at the source and inspect the network tab for this request to see what's happening. The reCAPTCHA v3 API is being called here, however you can use the same approach for the v2 API calls as well.
NOTE:This is a sample implementation, the score returned here is not a reflection on your Google account or type of traffic. In production, refer to the distribution of scores shown in your admin interface and adjust your own threshold accordingly. Do not raise issues regarding the score you see here.
- reCAPTCHA script loading
- grecaptcha.ready() fired, calling
grecaptcha.execute('6LdKlZEpAAAAAAOQjzC2v_d36tWxCl6dWsozdSy9', {action: 'examples/csp'})'
- Received token from reCAPTCHA service, sending to our backend with:
fetch('/recaptcha-v3-verify.php?token=abc123
- Received response from our backend:
{"json": "from-backend"}
⤴️ Try again