Spam Protection
Enable spam protection for your surveys using Google reCAPTCHA v3.
Overview
Spam protection feature protects your Formbricks instance from spam and automated abuse by verifying that survey responses are submitted by real users. This guide explains how to enable and configure spam protection in your Formbricks instance using Google reCAPTCHA v3.
Spam protection is a paid feature. It is only available for users on paid plans or if you have Enterprise Edition.
Spam protection does not work for surveys displayed with the Mobile SDKs(React Native, iOS, or Android SDKs). Enabling this setting in the Survey Editor will break the survey in those environments.
Key Generation
To use spam protection, you need to generate a Site Key and Secret Key:
- Go to the Google reCAPTCHA admin console.
- Register a new site:
- Label: Any name (e.g., “Formbricks Self-Hosted”)
- reCAPTCHA type: Select reCAPTCHA v3
- Domains: Add your domain (e.g.,
yourdomain.com
). For local development, addlocalhost
. - Accept the terms and submit.
- Copy the generated Site Key and Secret Key.
Note: Keep your Secret Key private and never expose it in client-side code.
Configuration
Add the following environment variables to your .env
file or deployment environment:
Restart your application after setting these variables.
Firewall & Network Requirements
If your self-hosted Formbricks instance is behind a firewall or proxy, ensure it can reach the Google reCAPTCHA verification endpoint:
https://www.google.com/recaptcha/api/siteverify
Allow outbound HTTPS (TCP port 443) traffic to this domain.
Steps to Enable Spam Protection
You can enable Google reCAPTCHA v3 spam protection for your survey directly from the Formbricks Survey Editor. This helps prevent automated and spammy responses.
Open the Survey Editor
Navigate to the Survey Editor.
Go to the Settings Tab
Click on the Settings tab next to the Questions & Styling tab.
Find Spam Protection Option
Scroll down to the Response Options and find the Spam Protection option.
Enable Spam Protection
Toggle the Spam Protection option to activate spam protection for this survey.
Set the reCAPTCHA Threshold
Adjust the response threshold. This is the score threshold for accepting or rejecting responses. A lower threshold (e.g., 0.1) is lenient, while a higher threshold (e.g., 0.9) is strict.
Save Your Changes
Click Save to apply spam protection settings to your survey.
Once enabled, all survey responses will be checked using Google reCAPTCHA v3 before being accepted.
For help, join the conversation on GitHub Discussions.