Hcaptcha cookie gdpr compliance

  • Resolved Muette

    (@muette)


    1 year, 2 months ago

    A few days ago we updated to the latest version of hcaptcha. Our Cookiebot GDPR compliance plugin latest report now tells us that there are hcaptcha cookies (where there were none before), specifically __cflb. The GDPR problem for us is that there is no information about where this cookie sends its data, which is not adequate. The cookies are triggered by api2.hcaptcha.com – something which didn’t seem to happen in your previous version. We specifically adopted Hcaptcha to avoid precisely these issues. Please can you urgently assist otherwise we have no alternative but to remove Hcaptcha. Thank you.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor kaggdesign

    (@kaggdesign)

    Are you sure that you use our plugin? In the plugin code, there is no such text as api2.hcaptcha.com. I do not see any cookie created by hcaptcha.com on my test site.

    And what is more important, the hCaptcha WP plugin team has no access to the hCaptcha script code. We deal with the plugin code by itself, which is 100% open-sourced.

    Please ask your question on the hcaptcha.com website; I am sure the hCaptcha primary development team will help you. hCaptcha was and stays 100% GDPR-compliant.

    Thread Starter Muette

    (@muette)

    I’m using your plugin v 3.3.0 for sure.

    See screenshot for what Cookiebot tells us about the new cookie’s origins. I will ask hcaptcha.com as you suggest but I have never had any dealings with them – all I did was install your plugin.

    So, still mystified as to how and why this has occurred.

    https://prnt.sc/xUs-EWqr0M6y

    Thread Starter Muette

    (@muette)

    Would using test mode & test id cause such an issue?

    Have discovered the problem seems to be localised to one page – maybe its just a dicky WP page. Other forms seem to be correct, Cookiebot just picked up this one page which is wrongly displaying the test captcha. I will redo the page, hopefully the problem will go away then – will let you know what happens.

    • This reply was modified 1 year, 2 months ago by Muette.
    Plugin Contributor kaggdesign

    (@kaggdesign)

    Thank you for providing additional info. Test mode also does not create any cookies for me.

    To use the plugin, you had to add keys. To add keys, you need to visit hcaptcha.com, create account there and get keys. So I do not understand how did you not communicate with hcaptcha.com.

    What I want to explain: I do not have access to hCaptcha scripts source code. Scripts are loaded in the plugin from hcaptcha.com as is. You should ask hcaptcha.com development team.

    Can you also provide a link to the page on your website where you have api2.hcaptcha.com? I can try to understand via browser console which script is the initiator.

    Thread Starter Muette

    (@muette)

    Thank you. I will redo the faulty page – the error only occurs on this one page. The same forms are fine on other pages, but on this one persistently display the test captcha despite the site being set to live mode. So it has to be a WP bug. Thank you for you offer of help. I have to redo the page though and will let you know what happens. At least you know now if anyone else has the same problem.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Hcaptcha cookie gdpr compliance’ is closed to new replies.