Skip to content
Glossary

Honeypot field

Start with Formspring All terms

A honeypot is a spam-trapping technique: an extra form field that is hidden from human visitors with CSS but still present in the HTML. Real people never see it, so they never fill it in. Automated bots, which fill in every field they find, walk straight into it - and any submission that contains a value in the honeypot field is flagged as spam.

The honeypot's appeal is that it costs the legitimate visitor nothing: there is no puzzle to solve and no challenge to pass, unlike a CAPTCHA. It catches the majority of naive, drive-by bot traffic for free, which is why it belongs as the first layer of any layered spam-protection strategy.

A honeypot alone will not stop targeted bots written specifically for your form or human spam farms - those need additional layers like rate limits, reputation filtering, and AI moderation. The forms guide covers the full layered approach, and honeypot vs reCAPTCHA vs hCaptcha compares the options.

Related terms

Spam filtering

The layered techniques a form backend uses to keep automated and unwanted submissions out of your inbox without blocking real people.

Form backend

A hosted service that receives, processes, and stores HTML form submissions so your website does not need its own server-side code.

Read the full guide

Related

Keep moving through the workflow.

Give your next important form a real home.

Start free with one form. Add ownership, private files, and clear history before responses pile up in inboxes.

Start free →Browse examples

·· no card · 50 submissions / mo · no countdown