Web-to-Lead setup takes about 30 minutes. The work splits into form generation, deploying the HTML, configuring assignment and response, and adding reCAPTCHA. Test on a staging URL before flipping the production form live.
- Generate the Web-to-Lead HTML
Setup, Quick Find, Web-to-Lead. Click Create Web-to-Lead Form. Pick the Lead fields to include. Set Return URL to a thank-you page on your site. Toggle Enable reCAPTCHA Verification on. Generate. Copy the HTML snippet.
- Deploy the form to your website
Paste the HTML into a web page (WordPress, Webflow, custom CMS, or static HTML). Style with CSS to match the brand. The form posts directly to Salesforce; no proxy or middleware is needed.
- Configure the Lead Assignment Rule
Setup, Lead Assignment Rules. Create or edit the active rule. Add entries based on Lead Source, country, industry, or any other field on the Lead. Each entry assigns to a user or queue. Activate the rule before live traffic hits the form.
- Set up the auto-response email
Setup, Lead Settings. Pick a Default Response Template that confirms receipt. Edit the email template under Setup, Email Templates. Personalize with merge fields (FirstName, Company) and include the rep''s calendar link if relevant.
- Test end-to-end
Submit the staging form with a test email address. Verify the Lead appears in Salesforce, the assignment rule fires (Owner is correct), the auto-response email arrives, and the return URL renders. Test the reCAPTCHA flow by submitting without solving it.
Where the visitor lands after submit. Typically a thank-you page on your site. Required field on the form generator.
Adds Google reCAPTCHA v2 to the form. Configurable from the form generator. Enable on every production form to prevent spam.
Hold (queue submissions above the cap and process when the cap resets) or Drop (silently lose them). Configured in Lead Settings.
Lead fields included in the HTML but not visible to the user. Common pattern for hardcoding LeadSource, campaign attribution, or referral codes.
- Validation rules on Lead do not fire on Web-to-Lead by default. Enable Enforce Validation and Triggers in Lead Settings or bad data lands without challenge.
- 500-per-day cap is per-org, not per-form. A high-traffic marketing campaign can exhaust the cap. Raise via Salesforce Support case before launching big pushes.
- Spam submissions count against the daily cap. Without reCAPTCHA, bots will exhaust the limit and crowd out real leads.
- The form''s hidden oid field is the org ID, not a secret. Anyone with the HTML can submit forms to your org. Server-side validation and reCAPTCHA are the only spam defenses.
- Lookup fields require the parent record''s 15- or 18-character ID, not the parent''s name. Forms with raw text lookup fields silently store the text as a string, not as a lookup.