reCAPTCHA v3 assigns a score from 0.0 to 1.0 — higher means more human. Achieving a score above 0.7 requires realistic browser signals, proper IP reputation, and natural interaction patterns. Here is what actually works.
What Google measures
reCAPTCHA v3 scores based on:
| Factor | Weight | What to optimize |
|---|---|---|
| IP reputation | High | Use residential IPs, avoid datacenter |
| Browser fingerprint | High | Match real browser signatures |
| Google cookies | Medium | Login to Google or reuse sessions |
| Mouse/keyboard | Medium | Simulate natural movement |
| Page interaction time | Medium | Spend 3-10 seconds on page |
| Request patterns | Medium | Avoid rapid-fire requests |
Step 1: Use residential proxies
Google separates IPs into risk tiers. Datacenter IPs start with a low baseline score.
# Use residential proxy
proxies = {
"http": "http://user:pass@residential-proxy.example.com:8080",
"https": "http://user:pass@residential-proxy.example.com:8080"
}
Key points:
- Residential or ISP proxies consistently score higher
- Rotate IPs — don't reuse the same IP for more than 10-20 requests
- Avoid free proxy lists (already flagged)
Step 2: Set up a stealth browser
Default headless Chrome leaks detection signals. Use stealth plugins to patch them.
Puppeteer with stealth
const puppeteer = require('puppeteer-extra');
const StealthPlugin = require('puppeteer-extra-plugin-stealth');
puppeteer.use(StealthPlugin());
const browser = await puppeteer.launch({
headless: 'new',
args: [
'--window-size=1920,1080',
'--disable-blink-features=AutomationControlled'
]
});
const page = await browser.newPage();
await page.setViewport({ width: 1920, height: 1080 });
// Override webdriver flag
await page.evaluateOnNewDocument(() => {
Object.defineProperty(navigator, 'webdriver', { get: () => false });
});
Selenium with undetected-chromedriver
import undetected_chromedriver as uc
options = uc.ChromeOptions()
options.add_argument('--window-size=1920,1080')
driver = uc.Chrome(options=options)
driver.get('https://example.com')
Step 3: Load Google cookies
Having Google cookies dramatically increases the score. The NID, SID, and HSID cookies signal that this is a returning user.
# Visit google.com first to get cookies
driver.get('https://www.google.com')
import time; time.sleep(2)
# Now navigate to target site — cookies persist
driver.get('https://example.com/protected-page')
For even better results, use a browser profile that has been signed into a Google account.
Step 4: Simulate natural behavior
Spend time on the page before triggering the captcha. Scroll, move the mouse, and interact naturally.
// Simulate human-like mouse movement
async function simulateHumanBehavior(page) {
// Move mouse in a natural curve
await page.mouse.move(100, 200, { steps: 25 });
await page.waitForTimeout(500);
await page.mouse.move(400, 300, { steps: 30 });
await page.waitForTimeout(300);
// Scroll down gradually
await page.evaluate(() => {
window.scrollBy({ top: 300, behavior: 'smooth' });
});
await page.waitForTimeout(1000);
// Click somewhere harmless
await page.click('body');
await page.waitForTimeout(500);
}
await simulateHumanBehavior(page);
Minimum dwell time: 3–5 seconds on the page before triggering the v3 execute call.
Step 5: Match the action parameter exactly
When Google verifies the token, it checks the action matches. Always extract the exact action from the page:
// Find the action in page source
const action = await page.evaluate(() => {
const scripts = document.querySelectorAll('script');
for (const s of scripts) {
const match = s.textContent.match(/action['":\s]+['"](\w+)['"]/);
if (match) return match[1];
}
return null;
});
console.log('Action:', action); // e.g., 'login'
Step 6: Use CaptchaAI as a fallback
When behavioral optimization alone is not enough, CaptchaAI solves v3 tokens using real browser environments:
import requests
import time
response = requests.get("https://ocr.captchaai.com/in.php", params={
"key": "YOUR_API_KEY",
"method": "userrecaptcha",
"version": "v3",
"googlekey": "SITE_KEY",
"action": "login",
"pageurl": "https://example.com/login",
"json": 1
})
task_id = response.json()["request"]
for _ in range(30):
time.sleep(5)
result = requests.get("https://ocr.captchaai.com/res.php", params={
"key": "YOUR_API_KEY", "action": "get", "id": task_id, "json": 1
}).json()
if result.get("status") == 1:
token = result["request"]
break
Score optimization checklist
| Technique | Expected improvement |
|---|---|
| Residential proxy | +0.2 to +0.3 |
| Stealth browser | +0.1 to +0.2 |
| Google cookies | +0.1 to +0.2 |
| Natural mouse/scroll | +0.05 to +0.1 |
| Page dwell time (5s+) | +0.05 to +0.1 |
| Correct action parameter | Prevents rejection |
Note: These improvements are approximate and depend on the site's configuration.
FAQ
What is the highest reCAPTCHA v3 score I can get?
1.0 is the maximum. Real users with Google accounts and normal browsing patterns typically score 0.7–0.9.
Does using CaptchaAI guarantee a 0.9 score?
No. CaptchaAI typically returns tokens with a score around 0.3. The score is assigned by Google, not by CaptchaAI.
Can I combine CaptchaAI with browser optimization?
Yes. Use a stealth browser to load the page and collect cookies, then use CaptchaAI to solve the captcha. The page context improves the overall success rate.
How often should I rotate proxies?
Every 10–20 requests per IP. More frequent rotation produces higher average scores.
Does the time of day affect scores?
Minimally. IP reputation and behavioral signals are far more important than request timing.
Discussions (0)
Join the conversation
Sign in to share your opinion.
Sign InNo comments yet.