Skip to main content




  • Documentation:
  • Summary: reCAPTCHA key is used to verify that the request sent to a website is not done by a bot.
  • IPs allowlist: It is possible to restrict verification to a domain/package name.
  • Scopes: This feature is not relevant for this type of key.

Revoke the secret#

This can be done from the Google developers console.

Check for suspicious activity#

Alerts can be automatically triggered by Google if they find suspicious activity. This setting is available from the console.

Details for Google recaptcha#

  • Category: Other

  • Company: reCAPTCHA

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 41.14

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - 6l


- text: >    reCAPATCHA    recaptcha apikey = 6Lcw--w-AAAAAw-w-w----w-w-www-www--ww-w-  apikey: 6Lcw--w-AAAAAw-w-w----w-w-www-www--ww-w-