splitforms.com
Get free key
guide · captcha & spam

Invisible reCAPTCHA — How It Works and When to Use It

'Invisible reCAPTCHA' usually refers to two things: reCAPTCHA v2's invisible variant (badge in the corner, fires only on submit) and reCAPTCHA v3 (always-on, no visible UI). Both run without a puzzle for most users — but harvest behavioral data and occasionally fall back to a puzzle for flagged users.

html
<!-- Invisible reCAPTCHA v2 (badge variant) -->
<script src="https://www.google.com/recaptcha/api.js" async defer></script>

<form id="contact" action="https://splitforms.com/api/submit" method="POST">
  <input type="hidden" name="access_key" value="YOUR_ACCESS_KEY" />

  <input name="name" required />
  <input name="email" type="email" required />
  <textarea name="message" required></textarea>

  <button
    type="submit"
    class="g-recaptcha"
    data-sitekey="YOUR_SITE_KEY"
    data-callback="onSubmit"
    data-size="invisible"
  >
    Send
  </button>
</form>

<script>
window.onSubmit = function (token) {
  // token is the reCAPTCHA response — verify server-side
  document.getElementById("contact").submit();
};
</script>

<!--
The reCAPTCHA badge appears in the bottom-right corner of every page.
Google requires it OR a privacy-policy mention of reCAPTCHA usage.
-->

Invisible reCAPTCHA comes in two flavors. (1) reCAPTCHA v2 invisible: a badge in the page corner, the CAPTCHA fires only when the user clicks submit, no visible challenge for most users (but falls back to an image puzzle for suspicious sessions). (2) reCAPTCHA v3: always-on background scoring, never shows a puzzle, returns a score the developer interprets.

v2 invisible is good for low-volume forms where you want a fallback puzzle for borderline cases. The badge is visible (legal requirement unless you add a privacy-policy notice), but for most users the experience is 'click submit, form goes'. The fallback puzzle only fires for users Google's algorithm flags as suspicious.

v3 is good for high-volume forms where any visible friction tanks conversion. No badge required (just the privacy mention), no puzzle ever, just a score from 0.0-1.0. The cost is more behavioral data harvesting and a thresholding problem — pick too high and you block real users; too low and bots get through.

Both flavors are still reCAPTCHA — Google harvests behavioral data, the script is ~600KB, and there are accessibility concerns when the fallback puzzle fires. For most contact forms, a honeypot + backend AI classifier (splitforms ships both) is the better tradeoff: no badge, no script, no fallback puzzle, no privacy concerns. Reach for invisible reCAPTCHA only when you have evidence the simpler layers don't catch your specific spam.

How to set this up

Step 01

Pick v2 invisible or v3

v2: badge + fallback puzzle for suspicious users. v3: always-on scoring, no puzzle ever, harder thresholding.

Step 02

Add the script and site key

<script src='https://www.google.com/recaptcha/api.js'> + data-sitekey on the submit button (v2) or grecaptcha.execute (v3).

Step 03

Handle the callback

v2: data-callback fires with the token. v3: get the token via grecaptcha.execute. Both: send the token to your server.

Step 04

Verify server-side

POST the token to siteverify with your secret key. v2 returns success/failure; v3 returns a score.

Invisible to most, fallback puzzle for some. Still harvests data.

Frequently asked questions

What is invisible reCAPTCHA?

A reCAPTCHA variant that runs without a visible puzzle for most users. Two flavors: v2 invisible (badge + fallback puzzle for suspicious users) and v3 (always-on scoring, never shows a puzzle, returns a score).

Invisible reCAPTCHA v2 vs v3 — which?

v2 invisible: lower-volume forms where you want a fallback puzzle for borderline cases. v3: high-volume forms where any visible friction tanks conversion, but you need to handle the score-thresholding problem.

Is invisible reCAPTCHA accessible?

Mostly yes — invisible means most users never see a puzzle. But the v2 fallback puzzle that fires for flagged users has well-documented accessibility issues (screen reader failures, low color contrast, time pressure). v3 sidesteps this by never showing a puzzle, but harvests more data.

Does invisible reCAPTCHA show the Google badge?

Yes — the badge in the bottom-right is required by Google's TOS, unless you add a privacy-policy notice that reCAPTCHA is in use. Many sites add the notice to remove the badge for visual cleanness.

Is there a non-Google invisible CAPTCHA?

hCaptcha offers a similar invisible mode with cleaner privacy. For the strongest no-friction spam protection, a honeypot + backend AI classifier is the best alternative — no third-party script, no behavioral profiling.

Related guides

Captcha & spam

reCAPTCHA vs hCaptcha — Which to Use in 2026

Captcha & spam

reCAPTCHA v3 Setup — Working Code and Score Thresholds

Captcha & spam

Stop Form Spam Bots — Honeypot + AI Classifier Strategy

Ship the form, not the backend.

Free for 1,000 submissions/month. Email delivery, AI spam filtering, signed webhooks, real dashboard — all on the free plan. No credit card.

Get a free access key →