Skip to main content




  • Documentation:
  • Summary: reCAPTCHA key is used to verify that the request sent to a website is not done by a bot.
  • IPs allowlist: It is possible to restrict verification to a domain/package name.
  • Scopes: This feature is not relevant for this type of key.

Revoke the secret#

This can be done from the Google developers console.

Check for suspicious activity#

Alerts can be automatically triggered by Google if they find suspicious activity. This setting is available from the console.

Details for Google recaptcha#

  • Family: Api

  • Category: Other

  • Company: reCAPTCHA

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 34.98

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: false  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - 6l[c-f]


- text: |    reCAPATCHA    recaptcha apikey = 6Lcw--w-AAAAAw-w-w----w-w-www-www--ww-w-  apikey: 6Lcw--w-AAAAAw-w-w----w-w-www-www--ww-w-