Localhost is not in the list of supported domains for this site key


I’ve installed Local 5.5.3 onto my laptop and it works fine.
I’ve logged in to the wordpress install and installed the All in One Migration plugin, then uploaded a backup copy of my live site. That worked fine.
When click on finish I then need to log back in (Reauth), but as soon as I do I get a message in the bottom right saying that “Localhost is not in the list of supported domains for this site key.”

Having clicked on the “supported domains” link, then quickly pressing ctrl+a, ctrl+c, then pasting into notepad, I see this:






Frequently Asked Questions

Should I use reCAPTCHA v2 or v3?

reCAPTCHA v2 is not going away! We will continue to fully support and improve security and usability for v2.

reCAPTCHA v3 is intended for power users, site owners that want more data about their traffic, and for use cases in which it is not appropriate to show a challenge to the user.

For example, a registration page might still use reCAPTCHA v2 for a higher-friction challenge, whereas more common actions like sign-in, searches, comments, or voting might use reCAPTCHA v3. To see more details, see the reCAPTCHA v3 developer guide.

Can I run reCAPTCHA v2 and v3 on the same page?

To do this, load the v3 site key as documented, and then explicitly render v2 using grecaptcha.render.

    <title>reCAPTCHA demo: Running both v2 and v3</title>
    <script src="https://www.google.com/recaptcha/api.js?render=v3_site_key"></script>
      grecaptcha.ready(() => {
        grecaptcha.render('html_element', {
           'sitekey' : 'v2_site_key'
      function onSubmit() {
        grecaptcha.ready(() => {
            grecaptcha.execute('v3_site_key', {action: 'homepage'}).then((token) => {

Are there any QPS or daily limits on my use of reCAPTCHA?
If you wish to make more than 1k calls per second or 1m calls per month, you must use reCAPTCHA Enterprise or fill out this form and wait for an exception approval.
I’d like to hide the reCAPTCHA badge. What is allowed?

You are allowed to hide the badge as long as you include the reCAPTCHA branding visibly in the user flow. Please include the following text:

This site is protected by reCAPTCHA and the Google
    <a href="https://policies.google.com/privacy">Privacy Policy</a> and
    <a href="https://policies.google.com/terms">Terms of Service</a> apply.

For example:

Note: if you choose to hide the badge, please use

.grecaptcha-badge { visibility: hidden; }

I’d like to run automated tests with reCAPTCHA. What should I do?

For reCAPTCHA v3, create a separate key for testing environments. Scores may not be accurate as reCAPTCHA v3 relies on seeing real traffic.

For reCAPTCHA v2, use the following test keys. You will always get No CAPTCHA and all verification requests will pass.

    Site key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
    Secret key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe

The reCAPTCHA widget will show a warning message to ensure it's not used for production traffic.

How can I see more about my website’s traffic?

reCAPTCHA reports daily stats in the admin console.

Can I use reCAPTCHA globally?

Yes, please use "www.recaptcha.net" in your code in circumstances when "www.google.com" is not accessible.

    First, replace <script src="https://www.google.com/recaptcha/api.js" async defer></script> with <script src="https://www.recaptcha.net/recaptcha/api.js" async defer></script>
    After that, apply the same to everywhere else that uses "www.google.com/recaptcha/" on your site.

Can I customize the reCAPTCHA widget or badge?

Yes. reCAPTCHA offers two themes, light and dark, as shown below. To choose a theme, simply set the data-theme attribute in the grecaptcha.render parameter.

Light theme:

Dark theme:

How can I customize reCAPTCHA v3?

The JavaScript API available for Invisible reCAPTCHA also works for v3. Simply use the JavaScript API to explicitly render reCAPTCHA with a v3 site key to access options such as repositioning the badge or changing the theme.

When rendering reCAPTCHA v3 with this method, remember to set the size parameter to 'invisible' and use the client ID returned by grecaptcha.render when calling grecaptcha.execute instead of the site key.

Recently my reCAPTCHA widget started displaying “Invalid site key”. What’s happening?

If you are seeing this error, your reCAPTCHA site key is no longer valid. To activate, please register a new key and follow the instructions on that page.

I’m getting an uncaught SecurityError: blocked a frame with origin “https://www.google.com” from accessing a frame with origin “&ltyour domain&gt”. What should I do?

This typically occurs if the reCAPTCHA widget HTML element is programmatically removed sometime after the end user clicks on the checkbox. We recommend using the grecaptcha.reset() javascript function to reset the reCAPTCHA widget.

I’m using Content-Security-Policy (CSP) on my website. How can I configure it to work with reCAPTCHA?

We recommend using the nonce-based approach documented with CSP3. Make sure to include your nonce in the reCAPTCHA api.js script tag, and we'll handle the rest.

Note: reCAPTCHA also works with 'strict-dynamic' on browsers that support it.

Alternatively, please add the following values to the directives:

    script-src https://www.google.com/recaptcha/, https://www.gstatic.com/recaptcha/
    frame-src https://www.google.com/recaptcha/

I’m getting an error “Localhost is not in the list of supported domains”. What should I do?

localhost domains are not supported by default. If you wish to continue supporting them for development you can add them to the list of supported domains for your site key. Go to the admin console to update your list of supported domains. We advise to use a separate key for development and production and to not allow localhost on your production site key.

Only on iOS 10, the page scrolls to the bottom when the user completes the challenge?

This is a focusing bug on Apple's side that we've reported to them. It affects users only on iOS 10 and only on some sites. If you are affected, a workaround is to move the reCAPTCHA widget higher or lower on the page, or use reCAPTCHA v3.

My computer or network may be sending automated queries?

If you were directed to this page from the reCAPTCHA widget, you would have seen a message that said "We're sorry, but your computer or network may be sending automated queries. To protect our users, we can't process your request right now."

This can unfortunately happen to good users for a few reasons:

    You may be on a shared network that is being used abusively
    Your internet service provider may have recently assigned you a suspicious IP address
    The site you are trying to access may be currently under heavy attack

To troubleshoot these issues, please look at the unusual traffic help page, or try again later.

Was this page helpful?

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2019-08-30.

    Women Techmakers
    Google Developer Groups
    Google Developers Experts
    Developer Student Clubs
Developer consoles
    Google API Console
    Google Cloud Platform Console
    Google Play Console
    Firebase Console
    Actions on Google Console
    Cast SDK Developer Console
    Chrome Web Store Dashboard

Google Developers

Google Cloud Platform
All products

Sign up for the Google Developers newsletter

This site uses cookies from Google to deliver its services and to analyze traffic.
More details"

What do I need to do to be able to log into my backup site on Local?


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.