reCAPTCHA v3 assigns a score between 0.0 (bot) and 1.0 (human) based on behavioral signals. When your automation consistently gets scores below the site's threshold, every request fails silently — no challenge popup, just rejection.
This guide covers the most common causes of low scores and how to fix each one.
How scoring works
reCAPTCHA v3 collects these signals before assigning a score:
| Signal category | What it checks |
|---|---|
| Mouse movement | Natural cursor paths, speed, pauses |
| Scroll behavior | Page scrolling patterns |
| Typing cadence | Keystroke timing and rhythm |
| Browser fingerprint | Canvas, WebGL, fonts, plugins |
| Cookie & session | Google cookies, browsing history |
| IP reputation | Datacenter vs residential, abuse history |
| Page interaction time | Time spent on page before triggering action |
Common causes of low scores
1. Missing or wrong action parameter
Every grecaptcha.execute() call includes an action string. If you pass the wrong action to CaptchaAI, the token's embedded action will not match what the site expects.
Fix: Inspect the page source or DevTools to find the exact action value and pass it in your API request.
2. Datacenter IP or flagged proxy
Google tracks IP reputation. Datacenter IPs and overused proxies consistently receive lower scores.
Fix:
- Use residential or ISP proxies
- Rotate IPs between requests
- Avoid free proxy lists
3. No browser signals
Headless browsers with default configurations send incomplete or suspicious signals. Missing mouse movement, no scroll history, and no cookies are all red flags.
Fix:
- Use
puppeteer-extra-plugin-stealthor equivalent - Inject realistic mouse movements and scrolling
- Set a realistic viewport size and user agent
4. Missing Google cookies
Users with Google account cookies (NID, SID, HSID) tend to get higher scores. Automation with clean browser profiles lacks this history.
Fix:
- Load a browser profile with existing Google cookies
- Visit Google services before hitting the target page
5. Token used too late
reCAPTCHA v3 tokens expire after 2 minutes. If your automation takes too long between obtaining and submitting the token, it will be rejected.
Fix: Request the token immediately before the form submission, not during page load.
6. Too many requests from same session
Rapid repeated grecaptcha.execute() calls from the same page or session lower the score on each subsequent call.
Fix:
- Add delays between requests (at least 15–30 seconds)
- Rotate sessions and browser profiles
7. Headless browser detection
Sites can detect headless Chrome via navigator.webdriver, missing plugins, or inconsistent chrome.runtime properties.
Fix:
- Set
navigator.webdriver = false - Use stealth plugins that patch all detection vectors
- Use a real browser instance via browser automation
Solving with CaptchaAI to handle scoring
CaptchaAI solves reCAPTCHA v3 using real browser environments, producing tokens that typically score 0.3. This passes most sites but not those with thresholds above 0.3.
import requests
import time
response = requests.get("https://ocr.captchaai.com/in.php", params={
"key": "YOUR_API_KEY",
"method": "userrecaptcha",
"version": "v3",
"googlekey": "SITE_KEY",
"action": "login",
"pageurl": "https://example.com/login",
"json": 1
})
task_id = response.json()["request"]
for _ in range(30):
time.sleep(5)
result = requests.get("https://ocr.captchaai.com/res.php", params={
"key": "YOUR_API_KEY", "action": "get", "id": task_id, "json": 1
}).json()
if result.get("status") == 1:
token = result["request"]
print(f"Token received: {token[:50]}...")
break
const axios = require('axios');
async function solveV3(sitekey, pageurl, action) {
const { data } = await axios.get('https://ocr.captchaai.com/in.php', {
params: {
key: 'YOUR_API_KEY', method: 'userrecaptcha', version: 'v3',
googlekey: sitekey, action, pageurl, json: 1
}
});
const taskId = data.request;
for (let i = 0; i < 30; i++) {
await new Promise(r => setTimeout(r, 5000));
const res = await axios.get('https://ocr.captchaai.com/res.php', {
params: { key: 'YOUR_API_KEY', action: 'get', id: taskId, json: 1 }
});
if (res.data.status === 1) return res.data.request;
}
throw new Error('Timeout');
}
Score troubleshooting checklist
| Check | Action |
|---|---|
| Action parameter correct? | Compare with page source grecaptcha.execute() call |
| Token fresh? | Use within 2 minutes of generation |
| IP type? | Switch to residential proxies |
| Browser stealth? | Enable stealth plugins, patch webdriver flag |
| Request rate? | Add 15-30s delays between solves |
| Google cookies? | Load profile with Google session cookies |
| Correct sitekey? | Verify you extracted the v3 sitekey, not a v2 key |
FAQ
What score do I need to pass reCAPTCHA v3?
It depends on the site. Common thresholds are 0.3 for low-security pages and 0.7 for critical actions like payments. Most sites use 0.5 as the default.
Can CaptchaAI guarantee a high score?
No. CaptchaAI returns the score assigned by Google, typically around 0.3. The score is determined by Google's risk model, not by CaptchaAI.
Does using a VPN lower my score?
VPN IPs are often flagged as datacenter or high-risk, which can lower scores. Residential proxies perform better.
Why does my score drop over time?
Google learns from repeated patterns. If the same IP, fingerprint, and behavior repeat without variation, the score gradually decreases.
Should I solve v3 or just let it fail and solve the v2 fallback?
Many sites show a v2 challenge when v3 scores are low. If you consistently fail v3, identify the v2 fallback and solve that instead — it has a binary pass/fail result rather than a score.
Discussions (0)
Join the conversation
Sign in to share your opinion.
Sign InNo comments yet.