Solve the widget below, then click Verify. The form GETs the token to /api/verify/recaptcha_v2 which calls google.com/recaptcha/api/siteverify with our secret. The response page shows the verdict. (GET, not POST — CloudFront OAC for Lambda Function URLs requires signed payloads, which browsers don't send for POST bodies. Putting the token in the query string sidesteps the limitation.)