Netlify hosted recaptch destroy performance 🫤 Any solution?

Hi there,

I am using Netlify hosted captcha, which is very easy to setup but it destroy all the performance optimisation I done.

Also bring your own captcha have only 1 option guess what google captcha. There is no option to add hcapthc or Cloudflare captcha that I prefer more.

Now usually I show captcha conditionally such as if user click the email field show captcha A very simple line of code to load captcha conditionally.

let isCaptchaLoaded = !1;
const forms = document.getElementsByClassName("form-with-captcha");
for (form of forms)
    form.onsubmit = function(e) {
        let t = new FormData(form);
        ajax(form, t, cb)
    form.querySelector('input[type="email"]').addEventListener("focus", () => {
        if (isCaptchaLoaded)
        isCaptchaLoaded = !0;
        const e = document.createElement("script");
        e.src = "",

How can I add a condition in netlify hosted captcha so it only loads when use actually click the email field instead of just loading it on each load. which is also a privacy nightmare specially in EU


What you’re asking is not possible at the moment.

1 Like

Hi @hrishikesh

Why not? it is very easy and important for performance. I spend hours to make website score 100 on lighthouse and this shitty captcha destroys it.

it isn’t that difficult just hold it until a field is clicked or let user bring there own captcha other then the google captcha.

In EU you need 1 out of 6 legal basis to collect data and google captcha loading by default track users and collect data. This is not just performance but also privacy nightmare forced upon netlify users.

Unfortunately I have to take my site to Cloudflare pages to avoid privacy violation and site performance decline with the limited captcha option that netlify offers :frowning_face:


It’s an opt-in feature, you can choose to not use it if it’s not fitting your use-case or needs.

This has been requested a few times (less than 5), but based on the utterly low demands, we do not have the bandwidth to make this a priority.

Please don’t make incorrect statements. ReCaptcha is not forced. You can choose to not use it.

Hi @hrishikesh

Lets agree to disagree, if there is only 1 option to protect from spam and there is monopoly of google it is not opt-in I cannot just optout of google and opt-in to a different captcha. Even if I use bring your own captcha it still have to be google.

Again you cannot have a website form without spam protection and when you limit users to only 1 option then users are forced to use that 1 option or risk getting increased number of spam since this is the only option.

Let’s just end it here, it is disappointing that netlify limit users to only use google captcha or have no captcha.

Is there another way where I can keep hosting on netlify and use either hcaptcha or cloudlfare captcha?


Usually, I’d have done that, but not in this case, sorry. Here’s why:

  1. Netlify Forms are an opt-in feature in itself: You can host sites on Netlify without using Netlify Forms. You specifically choose to use that feature. None of that is “forced” like you mentioned.
  2. Again, not all websites use ReCaptcha to prevet spam submission. I myself did not use ReCaptcha for my website (and I still don’t), and I don’t really receive any spam. I can agree that our experiences would differ, but your statement of “you cannot have a website without spam protection” is not true. It’s probably your specific use-case that needs spam prevention. Now, robots can even bypass ReCaptcha to some extent, so you’re never 100% safe from spam - which again raises the question whether to use ReCaptcha or not - thus, an opt-in feature.
  3. Users being forced to use the only ReCaptcha that we provide is something I can agree on - that’s the only thing you can use IF (i), you want to use Netlify Forms and (ii) you wish to implement some kind of captcha protection - again opt-in.
  4. You can continue hosting on Netlify, and use a different form service - something that might allow you to use a different captcha service.

Hi @hrishikesh

Give me 1 good reason to do this, the only reason to use netlify over Cloudflare pages for me was forms

I suppose you have a website with no traffic not the case with me need spam protection

At least something to agree upon

Again not worth hosting on netlify if I need to use form from another provider. I believe in that case without the forms Cloudflare pages is way better than netlify specially considering free analytics on cloudlfare pages.

I would rather have a solution to my issue if possible this argument is tiring :frowning: .


I’m sorry if Netlify doesn’t serve your use-case. Feel free to host on Cloudflare if that better matches yoour requirements.

But, if you stick to using Netlify Forms and then say we’re forcing you to use ReCaptcha, that’s an invalid statement and there’s simply no way I’d be accepting it. “Force” is simply the wrong word to use.

Hi @hrishikesh

I mean instead of arguing with me why not just provide better service to the clients and let them choose freely which captcha they want to use instead of limiting the options to just one and then complain about the user complaints. Grow up


Hey @tocih50254 , glad you found the Netlify Community - which is just that, a Community for folks excited about the JAMstack and using Netlify products to build better websites. And Communities only work if people enjoy contributing.

In the post above you sound pretty rude and while we understand you’re having tricky issues, we can’t accept you making our Community feel hostile.

Take a look at our Community Guidelines and this post on Writing Great Questions.

Hey @SamO

You pretend as you are an open source project. you are for profit and me as a client complain about your shitty decision to keep just google recaptcha which not just destroy performance but is also terrible for gdpr compliance.

Google analytics is already banned in some countries in EU and the recaptcha is also ruled to be not compliant. I feel you are hostile as one after another just want me to not express the issue. so with due respect if you have no solution what is your purpose to jump into this conversation.

I post my issue in hope to get a solution. Seems like GDPR compliance is not known to netlify as their shitty website is not compliant how can I as a client can expect compliance for my clients when hosting with you?

Hope you got what you need now if you have nothing you can provide please don’t jump again go scratch your head else where.

@tocih50254 I’m just a fellow user, no affiliation with Netlify, and it seems the only real issue is the hostility, (although I entirely understand being upset if you feel you’ve wasted time/effort, as nobody likes that!).

The reality is that all solutions have limitations, in this case the limitations of the Netlify Forms product mean that it’s not a good fit for your current requirements.

As is always the case, you’re obviously free to engineer your own solution to use on Netlify or elsewhere.

Could the Netlify Forms product be better? Sure!

Should you let them know how they could improve it to align with EU specific laws/regulations? Sure!

Are they going to just suddenly implement a solution so you don’t have to adjust your solution? Unlikely.

If your project runs on Cloudflare Pages, the great news is you should be able to migrate there easily and then just adjust your form to point at whatever provider (or custom solution) does meet your requirements.

GDPR was introduced in 2018 we are now in year 2023? what are you talking about this should have been done 6 years ago.

@tocih50254 “Should have” isn’t a compelling counter-point to what I was expressing.

What’s important is what Netlify’s product currently does, or might do within the timeframe you require.

Netlify don’t tend to action customer feedback quickly (ref: I’ve been on the forums a few years now, I made some reasonable self-management feature requests early on to cut down on support requests and they’ve simply never progressed).

So if Netlify doesn’t currently do what you want, it’s unlikely it will do what you want anytime soon, and you should use something else.

It’s sucks, but it’s just how it is.

1 Like

thanks @nathanmartin

got your point now, if it isn’t already there then there is no point arguing or explaining them why it is important. it make sense as I cannot be the 1st one telling them about their violations of gdpr compliance on their website and how their decision makes us as clients also non compliant with gdpr.

point taken off to cloudlfare pages. cheers!