Stay organized with collections Save and categorize content based on your preferences.
A reCAPTCHA key is normally tied to a set of individual domains or package names. For web users, the API key pair is unique to the domains and first-level subdomains that you specify. Specifying more than one domain could come in handy if you serve your website from multiple top level domains.
For example, if you specify the API key pair to yoursite.com, the following table shows whether or not reCAPTCHA will work for the domain and its subdomain variations. If you specify other domain names or TLDs (for example: anothersite.com, yoursite.net), the same reCAPTCHA conditions apply.
Specified domain Website domain Will reCAPTCHA work? yoursite.com yoursite.com Yes www.yoursite.com Yes subdomain.yoursite.com Yes subdomain.yoursite.com:8080 YesIf you would like to use "localhost" for development, you must add it to the list of domains.
For mobile users, the API key pair is only unique to the specified package names (for example, com.google.recaptcha.test).
However, if your domain or package name list is extremely long, fluid, or unknown, we give you the option to turn off the domain or package name checking on reCAPTCHA's end, and instead check on your server.
To do so, in the admin console, go to "Advanced Settings" for your key, and untick the "Domain/Package Name Validation" box.
Security WarningTurning off this protection by itself poses a large security risk - your key could be taken and used by anyone, as there are no restrictions as to the site it's on. For this reason, when verifying a solution, you are required to check the hostname/package field and reject any solutions that are coming from unexpected sources.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-07-10 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-07-10 UTC."],[[["reCAPTCHA keys are linked to specific domains or package names for security."],["You can allow reCAPTCHA to work across multiple subdomains and domains by specifying them when creating the key."],["For local development, \"localhost\" needs to be added to the allowed domains."],["Disabling domain/package name validation in reCAPTCHA settings introduces significant security risks and requires server-side hostname/package verification."]]],["reCAPTCHA keys are tied to specific domains or package names. For websites, a key works for the specified domain and its first-level subdomains. Multiple domains can be added to a single key. For mobile apps, keys are tied to package names. If the domain/package list is extensive, checking can be disabled in the admin console's \"Advanced Settings.\" However, disabling it requires manual hostname/package verification on the server to prevent unauthorized use. Turning off domain or package checking without server side checking is a large security risk.\n"]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4