FormsFortPro Features
FormsFort paid/manual feature guide for captcha, CC recipients, autoresponders, file uploads, advanced uploader, webhooks, domain restrictions, and intro text.
Pro Features
Paid/manual controls for busier production forms. FormsFort gates Web3Forms-style pro features through manual entitlements for now. No Stripe checkout is required in the baseline.
Feature groups
Spam protection
reCAPTCHA v3, Cloudflare Turnstile, hCaptcha, honeypots, and domain restrictions.
Email features
CC recipients, autoresponder confirmations, and custom notification intro text.
File uploads
Multipart attachments and object-storage backed advanced upload reservations.
Integrations and security
Per-submit webhooks, form-level webhook settings, server IP safelists, and delivery logs.
Captcha providers
Choose a provider from form settings, store custom secret keys encrypted when needed, and include the matching browser token field in the form. reCAPTCHA and Turnstile use their provider scripts; hCaptcha can be loaded by the FormsFort helper script.
<!-- reCAPTCHA v3 -->
<input type="hidden" name="recaptcha_response" id="recaptcha-response" />
<!-- Cloudflare Turnstile -->
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
<div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY"></div>
<!-- hCaptcha with FormsFort helper script -->
<div class="h-captcha" data-captcha="true"></div>
<script src="https://api.formsfort.dev/client/script.js" async defer></script>CC recipients
Paid/manual forms can copy extra recipients on the queued notification email. Separate multiple addresses with commas or semicolons.
<input type="hidden" name="ccemail" value="[email protected]; [email protected]" />Autoresponder and intro text
Autoresponders are configured from the dashboard and require a valid submitted email field. Intro text changes the opening line on the recipient notification email.
<input type="email" name="email" required />Dashboard settings:
- autoresponder enabled
- autoresponder subject
- autoresponder from name
- autoresponder intro text
- include submission copy
- recipient notification intro text
File attachments
Multipart uploads require a paid/manual upload entitlement, form-level count/size/MIME settings, a safe filename extension, and scanner approval before delivery.
<form action="https://api.formsfort.dev/submit" method="POST" enctype="multipart/form-data">
<input type="hidden" name="access_key" value="YOUR_ACCESS_KEY" />
<input type="file" name="attachment" />
<button type="submit">Submit</button>
</form>JavaScript uploads should send FormData directly:
await fetch("https://api.formsfort.dev/submit", {
method: "POST",
headers: { accept: "application/json" },
body: new FormData(form),
});Advanced uploader
The client helper upgrades advanced file inputs, reserves object-storage uploads, writes storage keys back into hidden fields, and blocks submit until uploads finish. The generated widget also exposes FilePond-compatible theme hooks for Web3Forms-style uploader CSS.
<form action="https://api.formsfort.dev/submit" method="POST">
<input type="hidden" name="access_key" value="YOUR_ACCESS_KEY" />
<input
type="file"
name="attachment"
data-advanced="true"
multiple
accept="image/*, application/pdf"
data-max-files="3"
data-max-file-size="5MB"
/>
<button type="submit">Submit</button>
</form>
<script src="https://api.formsfort.dev/client/script.js" async defer></script>
<style>
.filepond--panel-root {
background-color: #2c2c2c;
}
.filepond--drop-label {
color: #d4d4d4;
}
</style>Webhooks and domain restrictions
Webhooks are queued and redacted after successful delivery. Domain restrictions compare the request Origin or Referer against exact hostnames configured on the form.
<input type="hidden" name="webhook" value="https://example.com/formsfort" />Dashboard settings:
- allowed domains: example.com, www.example.com
- server IP safelist for trusted server-side submissions
- form-level webhook endpoint
- webhook delivery retry policy and logs