By logging the $response from Google, I have discovered that the majority of time I receive “timeout-or-duplicate” error. I’ve learned that the token is only valid for 2 minutes after you execute is called as stated in the docs:
“Note: reCAPTCHA tokens expire after two minutes. If you're protecting an action with reCAPTCHA, make sure to call execute when the user takes the action.”
Thus, if you spend more then 2 minutes on the contact-form, you get the timeout error. That's why its recommended in the docs to only call execute if the user actually submits your form / takes action.
Source: https://stackoverflow.com/a/60076476/2157236
Any solution to this?