Subject: reCAPTCHA Domain Limit – Enterprise Scaling Options

Question

Hello Google reCAPTCHA Team,

We are currently using the free version of Google reCAPTCHA, which has a limit of 50 allowed domains per key. We have already reached this limit with our existing customers.

We are considering upgrading to reCAPTCHA Enterprise, which supports up to 250 allowed domains per key. However, we expect to eventually exceed the 250-domain limit as we onboard more customers.

Could you please advise on the recommended long-term approach for this scenario? Specifically:

Is it possible to manage domain validation within our application code (server-side) rather than relying solely on the domain allowlist configured in reCAPTCHA?
If we exceed 250 domains, what are the supported options (for example, using multiple keys, alternative configurations, or other recommended best practices)?

Thank you,
Kotreshi Sakragoudra

faube · Accepted Answer

I would encourage you to consider creating a new key for each site if these sites are unrelated (in terms of the users visiting them and the browsing journeys on them). I would expect reCAPTCHA detection to better model human and bot behavior on each site.

However, to answer your question it is possible to use a key on more than 250 domains by performing validation yourself. For more details:

https://docs.cloud.google.com/recaptcha/docs/create-key-website#create-recaptcha-key-REST

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded