Pro Features
FormsFort paid feature guide for advanced captcha, CC recipients, autoresponders, file uploads, advanced uploader, webhooks, advanced domain policies, server IP safelists, and intro text.
Pro Features
Paid controls for busier production forms. FormsFort gates paid features through active Stripe subscriptions or support-managed manual entitlements.
Feature groups
Spam protection
reCAPTCHA v3, Cloudflare Turnstile, hCaptcha, honeypots, and wildcard domain policies. Exact allowed domains are available on Free.
Email features
CC recipients, autoresponder confirmations, and custom notification intro text.
File uploads
Multipart attachments and object-storage backed advanced upload reservations.
Integrations and security
Per-submit webhooks, form-level webhook settings, wildcard domain policies, server IP safelists, and delivery logs.
Captcha providers
Choose a provider from form settings, store custom secret keys encrypted when needed, and include the matching browser token field in the form. Free forms can use shared reCAPTCHA v2. Pro, Business, and lifetime forms can use reCAPTCHA v3, Cloudflare Turnstile, and hCaptcha. reCAPTCHA and Turnstile use their provider scripts; hCaptcha can be loaded by the FormsFort helper script.
<!-- reCAPTCHA v2 -->
<div class="g-recaptcha" data-captcha="true"></div>
<!-- reCAPTCHA v3 -->
<input type="hidden" name="recaptcha_response" id="recaptcha-response" />
<!-- Cloudflare Turnstile -->
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
<div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY"></div>
<!-- hCaptcha with FormsFort helper script -->
<div class="h-captcha" data-captcha="true"></div>
<script src="https://api.formsfort.com/client/script.js" async defer></script>CC recipients
Paid/manual forms can copy extra recipients on the queued notification email. Separate multiple addresses with commas or semicolons.
<input type="hidden" name="ccemail" value="[email protected]; [email protected]" />Autoresponder and intro text
Autoresponders are configured from the dashboard and require a valid submitted email field. Intro text changes the opening line on the recipient notification email.
<input type="email" name="email" required />Dashboard settings:
- autoresponder enabled
- autoresponder subject
- autoresponder from name
- autoresponder intro text
- include submission copy
- recipient notification intro text
File attachments
Multipart uploads require a paid/manual upload entitlement, form-level count/size/MIME settings, a safe filename extension, and scanner approval before delivery.
<form action="https://api.formsfort.com/submit" method="POST" enctype="multipart/form-data">
<input type="hidden" name="access_key" value="YOUR_ACCESS_KEY" />
<input type="file" name="attachment" />
<button type="submit">Submit</button>
</form>JavaScript uploads should send FormData directly:
await fetch("https://api.formsfort.com/submit", {
method: "POST",
headers: { accept: "application/json" },
body: new FormData(form),
});Advanced uploader
The client helper upgrades advanced file inputs, reserves object-storage uploads, writes storage keys back into hidden fields, and blocks submit until uploads finish. The generated widget also exposes FilePond-compatible theme hooks for FormsFort uploader CSS.
<form action="https://api.formsfort.com/submit" method="POST">
<input type="hidden" name="access_key" value="YOUR_ACCESS_KEY" />
<input
type="file"
name="attachment"
data-advanced="true"
multiple
accept="image/*, application/pdf"
data-max-files="3"
data-max-file-size="5MB"
/>
<button type="submit">Submit</button>
</form>
<script src="https://api.formsfort.com/client/script.js" async defer></script>
<style>
.filepond--panel-root {
background-color: #2c2c2c;
}
.filepond--drop-label {
color: #d4d4d4;
}
</style>Webhooks, domains, and server IPs
Webhooks are queued and redacted after successful delivery. Exact allowed domains compare the request Origin or Referer against hostnames configured on the form and are available on Free. Pro, Agency, and Lifetime workspaces can use wildcard domain policies such as *.example.com. Paid/manual controls in this group include webhooks, wildcard domain policies, and server IP safelists.
<input type="hidden" name="webhook" value="https://example.com/formsfort" />Dashboard settings:
- allowed domains: example.com, www.example.com
- wildcard domain policies: *.example.com for paid/manual workspaces
- server IP safelist for trusted server-side submissions
- form-level webhook endpoint
- webhook delivery retry policy and logs