URL: /rules/security/form-captcha

---
title: "Form CAPTCHA"
description: "Checks for CAPTCHA protection on public forms"
---

Checks for CAPTCHA protection on public forms

| | |
|---|---|
| **Rule ID** | `security/form-captcha` |
| **Category** | [Security](/rules/security) |
| **Scope** | Per-page |
| **Severity** | warning |
| **Weight** | 4/10 |

## Solution

Add CAPTCHA protection (reCAPTCHA, Cloudflare Turnstile, hCaptcha, etc.) to public-facing forms to prevent spam and bot submissions. Contact forms, comment forms, newsletter signups, and registration forms are common targets for automated abuse. Modern CAPTCHA solutions like Turnstile offer invisible protection with minimal user friction.

## Enable / Disable

### Disable this rule

```toml squirrel.toml
[rules]
disable = ["security/form-captcha"]
```

### Disable all Security rules

```toml squirrel.toml
[rules]
disable = ["security/*"]
```

### Enable only this rule

```toml squirrel.toml
[rules]
enable = ["security/form-captcha"]
disable = ["*"]
```