Google Recaptcha showing up on all our pages

Huh? HTTPS is enabled. Please just stop with the wrong advice.

Excuse me?

And no, HTTPS is not enabled. Your server does not even listen on HTTPS.

1 Like

If, as @sandro said, your SSL mode is set to Flexible, your site is not secure. Your traffic can still be intercepted and it is misleading to visitors.

Its the BOT MANAGEMENT beta feature i referenced earlier. Turn that off and the recaptcha thing is gone. Simple as that. This has nothing to do with HTTPS. You are talking about something totally different now.

You appear to have solved the earlier issue so we are now just telling you how to actually make your site secure.

OK but i wanted to fix my issue and you guys were blaming the HTTPs and the v3.

My site has passed the https checkers so as far as I am concerned it is fine. But please if you want to open another ticket to talk about the SSL go ahead. (yes i know it doesnt have full SSL on origin and cloudflare, i realize that) It is not a data sensitive site.

I will look into the SSL advice to make it FULLY secure but now it is partially secure on a non data sensitive website so that will have to do for the moment.

Exactly, it appears secure and is misleading, please read the linked thread.

I was not. You already solved your issue and I pointed out that your site is insecure. Thats it.

And thats where it is wrong. Your Cloudflare facing part is secure but your site itself is still insecure. I can only refer you to the link @domjh posted twice.

1 Like

I have been experiencing the same thing. I started seeing that lower right corner box a few days ago, right after I implemented Captcha V3. The only difference is I thought it was the new normal. I never thought for a minute it was an issue, but it makes sense to not have to see it on pages that don’t have any contact forms. Maybe they are forcing us to publicize their gadget.

Try turning off Contact Form 7 if you use it. This is a known issue since the invisible recaptha was introduced.

Everyone please check your BOT MANAGEMENT settings. It is under “Configurations” on your main screen (at the top) when you log into your Cloudflare account.

Once you turn Bot Management to “OFF” it will go away.

The answer was a few posts above but the discussion got completely off topic so you might have missed it.

That’s a private beta feature. Most people don’t have it. How did you end up getting it?

1 Like

I don’t know. My pro paid account doesn’t have it but my “free” account does. Maybe thats the difference.

1 Like

Dear @Webfantic @user200,

Thanks for your message. In order to protect Cloudflare, our customers and website owners from malicious, automatic requests (bots), we have added additional security features to your website via Cloudflare Bot Management (currently in private beta).

In particular, we have added Google Recaptcha v3 to your page. We have also added or might add a new Firewall rule to present Captchas to suspicious requests.

You may disable the private beta version of the Bot Management service in your account configuration section if you prefer to wait for the general availability of the service.

Cloudflare Support


Hey @nr1234 (and the CF team),

I’m not in the beta, but I know my way around the API and there’s no mention of recaptcha in the help drawer. I would suggest mentioning what may be injected into the customer’s html, including mentioning that ReCaptcha may be used for bot management purposes. Some developers are very against the idea of sending any data to Google at all, so letting them know that this feature uses recaptcha would help them make the decision on whether or not to use it.

Don’t get me wrong, I see the benefit of using v3 to detect bots. This seems like a very cost-effective way to integrate v3 into a website without having to change your application’s code, but I’d like to know what’s being done at CF when I turn on a feature.


This topic was automatically closed after 14 days. New replies are no longer allowed.