[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-17。"],[],[],null,["# Interpret assessments for websites\n\nThis page explains how to interpret a score to understand the level of risk that\nuser interactions pose, and take appropriate actions for your\nsite.\n\nreCAPTCHA returns a score for each request based on the interactions\nwith your site, regardless of the key type. After you receive the score from\nreCAPTCHA, you must interpret the score and take appropriate actions\nfor your site.\n\nBefore you begin\n----------------\n\n[Create an assessment for your website](/recaptcha/docs/create-assessment-website).\n\nInterpret the assessment\n------------------------\n\nAfter your backend submits a user's reCAPTCHA\nresponse token to reCAPTCHA, you receive an assessment as a JSON\nresponse as shown in the following example.\n| **Note:** We recommend using any JSON parsers in the non-strict parsing mode to prevent outages in case of any additional fields being introduced to the JSON response. [reCAPTCHA Client Libraries](/recaptcha/docs/libraries) handle additional fields for you.\n\nTo interpret an assessment, consider the following parameters:\n\n- `valid`: indicates whether the provided user response token is valid. When `valid = false`, the reason is specified in `invalidReason`. `valid = false` can also indicate that a user has failed to solve a challenge or there is a `siteKey` mismatch.\n- `invalidReason`: the reason associated with the response when `valid = false`.\n- `action`: a user interaction that triggered reCAPTCHA verification.\n- `expectedAction`: the expected action from a user that you specified when creating the assessment.\n- `score`: the level of risk that the user interaction poses.\n- `reasons`: additional information about how reCAPTCHA has interpreted the user interaction.\n- `challenge` ([preview](/products#product-launch-stages)): indicates the\n response to the challenge for policy-based challenge\n keys. Possible values: `PASS`, `FAIL`, or `NOCAPTCHA`.\n\n ```bash\n {\n \"event\":{\n \"expectedAction\":\"\u003cvar class=\"readonly\" translate=\"no\"\u003eEXPECTED_ACTION\u003c/var\u003e\",\n \"hashedAccountId\":\"\u003cvar class=\"readonly\" translate=\"no\"\u003eACCOUNT_ID\u003c/var\u003e\",\n \"siteKey\":\"\u003cvar class=\"readonly\" translate=\"no\"\u003eKEY_ID\u003c/var\u003e\",\n \"token\":\"\u003cvar class=\"readonly\" translate=\"no\"\u003eTOKEN\u003c/var\u003e\",\n \"userAgent\":\"(USER-PROVIDED STRING)\",\n \"userIpAddress\":\"\u003cvar class=\"readonly\" translate=\"no\"\u003eUSER_PROVIDED_IP_ADDRESS\u003c/var\u003e\"\n },\n \"name\":\"\u003cvar class=\"readonly\" translate=\"no\"\u003eASSESSMENT_ID\u003c/var\u003e\",\n \"riskAnalysis\":{\n \"reasons\":[],\n \"score\":\"\u003cvar class=\"readonly\" translate=\"no\"\u003eSCORE\u003c/var\u003e\"\n \"challenge\":\"\u003cvar class=\"readonly\" translate=\"no\"\u003ePASS\u003c/var\u003e\"\n },\n \"tokenProperties\":{\n \"action\":\"\u003cvar class=\"readonly\" translate=\"no\"\u003eUSER_INTERACTION\u003c/var\u003e\",\n \"createTime\":\"\u003cvar class=\"readonly\" translate=\"no\"\u003eTIMESTAMP\u003c/var\u003e\",\n \"hostname\":\"\u003cvar class=\"readonly\" translate=\"no\"\u003eHOSTNAME\u003c/var\u003e\",\n \"invalidReason\":\"(ENUM)\",\n \"valid\":(BOOLEAN)\n }\n }\n ```\n\n### Verify actions\n\nThe JSON response contains the `action` parameter that you specified for a\nuser interaction when calling `execute()` and the `expectedAction` parameter\nthat you specified when creating the assessment.\n\nVerify that `action` matches the `expectedAction`.\nFor example, a `login` action should be returned on your **login** page.\nIf there is a mismatch, it indicates that an attacker is attempting to falsify\nactions. You can take actions against the user interaction, such as adding\nadditional verifications or blocking the interaction to prevent any\nfraudulent activities.\n\n### Interpret scores\n\nThe scoring system of reCAPTCHA is an expansion from prior\nversions of reCAPTCHA to allow greater granularity in responses.\nreCAPTCHA has 11 levels for scores with values ranging from\n0.0 to 1.0. The score 1.0 indicates that the interaction poses low risk and\nis very likely legitimate, whereas 0.0 indicates that the interaction poses\nhigh risk and might be fraudulent.\n\nOut of the 11 levels, only the following four score levels are available before\ntriggering an automatic security review by adding a billing account to your\nproject: 0.1, 0.3, 0.7, and 0.9.\n\nTo request access to 11 score levels, [add a billing account](/billing/docs/how-to/create-billing-account)\nto your project.\n\nThe reCAPTCHA SMS defense risk score works inversely in comparison to the\nreCAPTCHA global score. A reCAPTCHA SMS defense risk score of 0.0\nshows low confidence of SMS toll fraud occurring; a risk score of 1.0\nshows high confidence of SMS toll fraud occurring.\n\nreCAPTCHA learns by monitoring real traffic on your site.\nTherefore, scores in a staging environment and within 7 days of\nimplementation might differ from the long-term production scores.\n\nIf you installed score-based keys, you can first run\nreCAPTCHA without taking action and then decide on thresholds by\nlooking at the traffic.\n\nBased on the score, you can take an appropriate action in the context of your\nsite. To protect your site better, we recommend that you take the action in the\nbackground instead of blocking traffic.\n\nThe following table lists some of the actions you might take:\n\n### Reason codes\n\nReason codes are available after triggering an automatic security review by\nadding a billing account to your project. To request access to\nreason codes, [add a billing account](/billing/docs/how-to/create-billing-account)\nto your project.\n\nSome scores might be returned with reason codes that provide additional\ninformation about how reCAPTCHA interpreted the interactions.\n\nThe following table lists the reason codes and their descriptions:\n\n### Response of the siteverify method\n\nThe `siteverify` method returns a JSON object containing the following fields\nwhen used to create an assessment: \n\n```gdscript\n{\n \"success\": true|false, // whether this request was a valid reCAPTCHA token for your site\n \"score\": number // the score for this request (0.0 - 1.0)\n \"action\": string // the action name for this request (important to verify)\n \"challenge_ts\": timestamp, // timestamp of the challenge load (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)\n \"hostname\": string, // the hostname of the site where the reCAPTCHA was solved\n \"error-codes\": [...] // optional\n}\n```\n\nWhat's next\n-----------\n\n- To tune your site-specific model, you can send the assessment IDs back to Google to confirm true positives and true negatives, or correct errors. For details, see [Annotate assessments](/recaptcha/docs/annotate-assessment)."]]