reCAPTCHA v3 Integration Without Backend Code
Using Google reCAPTCHA v3 tokens to protect forms in static Next.js applications.
NA
Naushad Alam
Contributing Author · Squoosh Next BlogGoogle reCAPTCHA v3 assigns a score from 0.0 to 1.0 to each user interaction based on behavioral analysis, with scores above 0.5 generally indicating human users. Unlike v2, it requires no challenge UI and runs invisibly in the background. In a purely static Next.js application without a backend, reCAPTCHA tokens can still be generated and used in combination with a Vercel Serverless Function or a simple Cloudflare Worker that handles only the token verification POST request to the Google reCAPTCHA verification API.
The token is obtained on the client via grecaptcha.enterprise.execute() with the site key and an action label, then sent alongside the form data to the verification function. The function calls the Google API with the secret key and returns pass or fail to the client. This minimal backend surface is acceptable even in privacy-focused applications since only the reCAPTCHA token (not image data) is transmitted.
Key Takeaways
Google reCAPTCHA v3 assigns a score from 0.
0 to each user interaction based on behavioral analysis, with scores above 0.
5 generally indicating human users.
Unlike v2, it requires no challenge UI and runs invisibly in the background.
Try It in the Workspace
Everything discussed in this article can be tested directly in Squoosh Next — no sign-up, no upload, 100% client-side.