Today, if we are working with any big product company for the Salesforce marketing cloud implementation project. Any cloud pages that capture some information and writes inside weather in the sales cloud or marketing cloud must require security approval unless it has some bot attack protection like Google reCAPTCHA.

How can we add Google reCAPTCHA in Salesforce Marketing Cloud Cloud pages?

Since I have not seen Google reCAPTCHA V2 working correctly with Salesforce Marketing Cloud AMPscripts functions, below are the details f implementing Google reCAPTCHA V3 over cloud pages.

In the head section; add the following script code.

<script type=”text/javascript” runat=”server”>
Platform.Load(“core”, “1”);
var response = [0];
var responseDetails = {};
var reCaptchaResponse = Request.GetFormField(“response”);
var headerNames = [“MyTestHeader1”, “MyTestHeader2”];
var headerValues = [“MyTestValue1”, “MyTestValue2”];
var contentType = ‘application/x-www-form-urlencoded’;
var url = ‘’;
var privateKey = ‘Your Google reCAPTCHA v3 privateKey‘;
var payload = ‘secret=’ + privateKey + ‘&response=’ + reCaptchaResponse;
responseDetails.StatusCode = Platform.Function.HTTPPost(url, contentType, payload, headerNames, headerValues, response);
responseDetails.Response = response;
var res=responseDetails.Response[0];
var obj = Platform.Function.ParseJSON(res);
var score = obj.score;
<script src=” Google reCAPTCHA v3 publicKey“></script>
grecaptcha.ready(function() {
// do request for recaptcha token
// response is promise with passed token
grecaptcha.execute(‘Your Google reCAPTCHA v3 publicKey‘, {action:’validate_captcha’})
.then(function(token) {
// add token value to form
document.getElementById(‘response’).value = token;

* Yellow highlighted, please add your KEYS.

Well, the above script alone is not enough; if we see carefully, it requires a google reCAPTCHA response value. for that purpose we need to add a hidden field along with other fields in the cloud page as below;

<input type=”hidden” name=”response” id=”response” value=””>

Now that we know, based on Cloudpages visitor and its behavior over the page, Google reCAPTCHA auto-generate a Score for that visitor.

The given score is always between 0 to 1. anything closer to “1” is a good score, and in other words, the visitor is not a boat.

Hence in general, as best practice, we always need to check if the score is higher than 0.5 then only proceed with further AMPscripts executions for the cloud page, like below.

IF @score > ‘0.5’ THEN SET @submit = RequestParameter(“submit”)
IF @submit == 1 THEN SET ……