--- title: Changes to CAPTCHA implementation on Storefronts - Shopify developer changelog description: Shopify’s developer changelog documents all changes to Shopify’s platform. Find the latest news and learn about new platform opportunities. source_url: html: https://shopify.dev/changelog/changes-to-captcha-implementation-on-storefronts md: https://shopify.dev/changelog/changes-to-captcha-implementation-on-storefronts.md --- [Back to Developer changelog](https://shopify.dev/changelog) July 24, 2024 Tags: * Action Required * Themes # Changes to CAPTCHA implementation on Storefronts We are rolling out changes to CAPTCHA on the following forms on Storefronts: * Customer Login * Customer Account Creation * Reset Password * Contact Form * Newsletter Signup * Blog Comments The changes include: **1. Migration from Google reCAPTCHA to hCaptcha** We are migrating our CAPTCHA solution to hCaptcha as part of an ongoing effort to reduce form spam. This is an ongoing, phased, rollout, and does not affect our [published methods](https://shopify.dev/docs/storefronts/themes/trust-security/captcha) for you to work with CAPTCHA. **2. Alternative methods to bind CAPTCHA to forms** You can now force CAPTCHA wireup to Storefront forms using either declarative markup or JavaScript. This is primarily intended for App/Theme developers who wish to take control of Form submission, for example by constructing hidden forms that POST to Shopify. See the [documentation](https://shopify.dev/docs/storefronts/themes/trust-security/captcha#advanced-forcing-captcha-wire-up-to-a-form) for further information and examples. **3. Strict CAPTCHA validation on form submissions** Previously, forms submitted from Storefronts that contained an invalid or missing CAPTCHA token would redirect to `/challenge` for the user to solve an interactive CAPTCHA. Such form submissions will now cause a 400 error. Theme and App authors who submit forms to Shopify are strongly encouraged to ensure that their forms work with CAPTCHA enabled, by submitting a valid CAPTCHA without relying on the redirect to `/challenge`