hCaptcha

hCaptcha

CAPTCHA and bot protection service used as a privacy-focused alternative to Google reCAPTCHA. The hCaptcha script presents challenge puzzles to detect automated traffic. Collects browser environment signals and puzzle interaction data to classify visitors as human or bot.

Back to Vendor Library

Overview

hCaptcha is a bot detection and CAPTCHA service used as a privacy-focused alternative to Google reCAPTCHA. It presents challenge puzzles to distinguish human visitors from automated traffic and is commonly deployed on login forms, registration pages, and checkout flows.

What This Script Does

  • Loads the hCaptcha challenge widget on pages where bot protection is configured
  • Collects browser environment signals (user agent, screen resolution, language, installed plugins) to assess bot probability
  • Records interaction data during puzzle solving (mouse movements, timing, touch events)
  • Sends collected signals to hCaptcha servers for human/bot classification
  • Returns a verification token to the site's backend for server-side validation
  • Sets a session cookie (hc_accessibility) for accessibility preferences

Consent & Compliance

  • Consent category: Essential
  • GDPR/ePrivacy: hCaptcha's data collection is limited to security-related signals necessary for bot detection. Under the ePrivacy Directive, cookies and data processing strictly necessary for a service explicitly requested by the user (e.g., submitting a form) are exempt from consent requirements.
  • CCPA: Data collected is used solely for security purposes and is not sold.

Should You Block This Without Consent?

No. hCaptcha is a security service that protects forms and endpoints from automated abuse. Blocking it without consent would leave those endpoints vulnerable to bots, credential stuffing, and spam. It qualifies as a strictly necessary service under ePrivacy and GDPR.

Visit website

Consent Categories

Essential

Also Known As

hCaptchahcaptcha recaptcha alternativeCAPTCHA bot protectionprivacy CAPTCHAhuman verification widgetbot detection service

Industries

Computers Electronics and Technology

Tracked Domains (3)

hcaptcha.comEssential
js.hcaptcha.comEssential
newassets.hcaptcha.comEssential

Frequently Asked Questions

Does hCaptcha require cookie consent?

No. hCaptcha is categorized as essential. It is a bot protection and CAPTCHA service that secures forms and login pages from automated abuse. Security tools necessary for site integrity do not require visitor consent under GDPR or ePrivacy directives.

What does hCaptcha collect from visitors?

hCaptcha collects browser environment signals including user agent, screen resolution, and interaction patterns during challenge puzzles to distinguish humans from bots. It does not set long-lived tracking cookies for advertising. Data is used solely for bot classification purposes.

How does ConsentStack manage hCaptcha?

ConsentStack classifies hCaptcha as essential because it provides security functionality required for safe form submission and login. ConsentStack does not block hCaptcha regardless of a visitor's consent choices, ensuring bot protection remains active at all times on protected pages.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for hCaptcha

ConsentStack automatically detects and manages hCaptcha trackers so your site stays compliant with global privacy regulations.

Get started free