EU CAPTCHA for Contao

Frequently Asked Questions

• How do I add EU CAPTCHA to a Contao website?

  Add verify.js and the EU CAPTCHA widget div with your sitekey to your Contao form template override. In your Contao extension that processes the form, read the eu-captcha-response from the request and make a server-side verification call to the EU CAPTCHA API with your secret key before processing or storing the form submission.

• Is there an official EU CAPTCHA extension for Contao?

  EU CAPTCHA can be integrated into Contao by creating a custom form field widget as a Contao extension. The widget renders the EU CAPTCHA div in the form and the accompanying bundle performs server-side verification using the EU CAPTCHA REST API. Consult the EU CAPTCHA documentation for available Contao extensions.

• Does EU CAPTCHA work with Contao's built-in form generator?

  Yes. Contao's form generator supports custom form field widgets through the Contao extension system. By registering a custom captcha widget that renders the EU CAPTCHA div and verify.js, the form generator includes the widget when building forms in the Contao backend, allowing editors to protect forms without touching template code.

• How do I verify a CAPTCHA token in Contao form processing?

  In your Contao form processing hook (loadFormField or processFormData), access the eu-captcha-response value from the submitted input. Make an HTTP POST request to the EU CAPTCHA verification API using Contao's RequestToken mechanism or a standard PHP HTTP client with your secret key and the token. Reject the submission if verification fails.

• Is EU CAPTCHA compatible with Contao 4 and Contao 5?

  Yes. EU CAPTCHA uses standard HTML, JavaScript, and a REST API for verification. The widget approach — a div element and a script tag — is compatible with both Contao 4 (Symfony 5/6 based) and Contao 5 (Symfony 6/7 based). The Contao extension bundle structure follows Symfony bundle conventions, which are consistent across both major Contao versions.

• Can EU CAPTCHA be used with custom Contao content elements?

  Yes. If you build custom Contao content elements or frontend modules that include forms, add the EU CAPTCHA widget div and verify.js script to the element's Twig or PHP template output. Process the eu-captcha-response token in your element's generate method, following the standard EU CAPTCHA server-side verification pattern.

• Is EU CAPTCHA GDPR compliant for Contao websites?

  Yes. EU CAPTCHA is operated by an EU-based company, is hosted entirely in Germany, and does not rely on US cloud providers or infrastructure subject to US surveillance laws. The service processes only the data necessary to provide and verify the CAPTCHA (such as IP address and technical browser or device information) in line with the requirements of the GDPR. Your organization remains responsible for providing transparent privacy information, selecting an appropriate legal basis, and obtaining any required consent for your specific Contao implementation. This information does not constitute legal advice; please consult your legal counsel for an assessment of your individual case.