Best Practices
Do Not Enable ‘Require User to be Logged In’
Within your form’s settings will be an option to require users to be logged in to access the form. This feature conflicts with our layered authentication and VPN. If you have a need to restrict access to a form, please use Google Forms.
Do Not Enable ‘Enable Ajax’
When you add a form to a page, there will be a checkbox to ‘Enable Ajax.’ Do not use this feature, as it directly conflicts with the web standards styling that forms utilize in the Boise State environment and causes varying visual problems.
Do Not Enable 'Anti-Spam Honeypot'
Within your form’s settings will be an option to use an anti-spam honeypot. This feature should not be activated, as it occasionally conflicts with your form’s confirmation messages. Instead, please use the “CAPTCHA” field on each form, located under “Advanced Fields.”
NOTE: In general, these fields can be difficult for screen reader users. To assist, we recommend adding the following description: “Please check ‘I’m not a robot’ to verify CAPTCHA.”
Do Not Collect Sensitive Data
Do not collect SSN, passwords, transcripts, or financial data. For more information, visit the Information Security page.
Do Use Field Labels
Each field should include a field label, typically the first item on the general tab of each field. Without a field label on each field, a form is not considered web accessible.
Do Update Notification Settings
For each form published, it is advised to update the form’s notification settings under Settings > Notifications. Specifically, the “Send to” and “From” email addresses should be updated to specific emails that you would like to use. Using {admin_email} for any notification email is not recommended.