Skip to main content
FlowFn
IntegrationsTemplatesPricingDocsBlogSign inStart free
All documentation

v1.9.0

UpdatedJun 1, 2026Reading time1 min read

Released 2026-05-31. Public form submissions are now protected from bots and abuse automatically.

Invisible reCAPTCHA on forms

  • Submissions to FlowFn-hosted form pages (/f/<slug> on flowfn.com or a <name>.flowfn.com subdomain) are now verified with invisible reCAPTCHA — score-based, with no checkbox or puzzle for your visitors.
  • It runs alongside the existing per-visitor rate limiting and optional password gate. Automated and abusive submissions are rejected before they reach your workflow.
  • Embedded forms load that same FlowFn-hosted page in an iframe, so they get reCAPTCHA too — on a best-effort basis (some browsers block third-party scripts inside iframes; the embed token, allowed-domains list, and rate limiting still apply there).
  • Forms served on your own custom domain skip reCAPTCHA (it can't verify a non-FlowFn origin) and rely on rate limiting plus your other protections.
  • Nothing to configure — it applies automatically.

Privacy

Spotted an issue or have feedback?

support@flowfn.com
Back to docs hub →