'Invalid nonce' error in submit form

Browser: All
OS: All
URL: VCC – Scholaship Application Form – Venice Curatorial Course

Hi Brickers!
I have a problem with a form.
Some users manage to submit the form correctly, while others, once they have filled in all the fields and pressed the submit button, receive an ‘Invalid nonce’ error as in the image below:

Thanks and regards,

1 Like

If you use a cache plugin, that will happen. You have to exclude the page with the form from being cached or use a cache with edge side includes (ESI) that can cache everything except the form.

Otherwise you have to change the TTL of your cache to 12 hrs.


Many thanks @macksix your solution is perfect!

That’s great to know, but what should if the form is used on a single page temple?

It’s a Siteground site using their server/plugin caching.

Thanks for any info!

Hello @lele !
Would you please tell me what worked for you ? The ESI solution or the 12 hrs TTL setting ?

I don’t know how to set the ESI parameters in LS Cache plugin. I tried to read the documentation but it is still hard for me to understand the way I can do it.


Bricks v1.9.6 (Use v1.9.6.1) generates nonce with AJAX now, so there should be no problems with caching the form now.

Actually, I have the problem for one of my client with a bricks native form.
Each time she try to complete and send the form, it returns an ‘Invalid Token’ error. I couldn’t figure why until I deactivate LS Cache. Then it worked…

Sadly this issue has not been resolved in I’ve had to remove the litespeed cache plugin on all my bricks sites to avoid an “invalid token” (previously nonce error).

Hi @jezza & @ludo,

It seems like the new fix works for most users, but not all, as we have received similar reports through tickets. We’re unable to replicate the issue on our end, but if you can share the browser and operating system of the device where you’re able to replicate this, that would be great.

Hey Charaf, I’ll see what I can find out. I only have screenshots sent from a client showing the issue, which was in turn sent to them by their customer. All forms on the particular site in question have custom actions if that helps. Another client had a phone call from a customer about an “Invalid nonce” (glad you’ve changed the wording on that as we’re in the UK). As a consequence, I first disabled all caching on pages with forms, but that did not work so had to disable the whole plugin. I’ve experienced it using the Brave browser.

1 Like

@charaf Sadly, I can’t reproduce it by myself. As @jezza said, it is the same for me as the client sent me screenshots only. I tried to make him look at the console while in google meets but nothing appeared.

@jezza I turned the TTL to 12hrs and it seems to resolve the issue for now. Sadly, I don’t know how to use ESI functionality on Lite Speed. I think it could solve the problem.

@charaf thanks for your work. Sorry by not being able to help more. As it may help you, it never seem to happen on mobiles…

1 Like

Thank you both @ludo & @jezza. Your answers are consistent with other reports we’ve received. Most users are also unable to replicate it, which makes it impossible for us to debug and look for a solution at this time, but we’ll keep an eye out for any clues.

I have the same issue for invalid form token, sent message to help@bricksbuilder,io

Hi Charaf, send an email to help@bricksbuilder.io about the same problem like others have on this thread, and you asking for credentials. I give it, but then still no answer since February 20. Is there anything you can inform about the progress if any?


Hi @MichaelW,

I don’t think the issue you’re facing is the same as the issue reported on this thread. I shared more details over email.

1 Like


i have had this issue too.

it looks like the contact form cannot be cached.

i was trying to use bricks-nonce as additional element that is added to ESI tab in Litespeed plugin. but honestly i dont know how this works, the problem is the customer has Invalid nonce token issues and she cannot capture leads via contact form. this seems to a big problem when using contact form as a pop-up. So currently I needed to remove all pop-ups from the pages (as they must be cached).

can you please bring more info on how to add brick-nonce to ESI or how to solve it when a page is to be cached and i wanted to add contact form to that page? I could be doing it via ESI but the contact form styling css is not seen when the ESI shortcode is added onto the page.

thanks for looking into this.

Unfortunately, I also encountered something similar when clients complained to me. The most interesting thing here is that when you check everything yourself, everything works. Often the error is related to the site or browser cache. I think it’s time to create an admin email notification if an error like this occurs :frowning:

1 Like

How is this still not fixed? I purchased OLS hosting mainly cuz of litespeed cache, thanks to this, its unusable and the worst part is, many people dont event know they have issue like this on their sites, resulting on losing leads they dont event know they could have.

1 Like

that is a very good idea… we should be getting a notification when Invalid nonce token message appears!!

I have actually worked with ChatGPT to write a php snippet for this event. Not tested it yet but I have added that below.

To handle the issue of an “Invalid form token” error occurring on your website’s contact form and notify the admin via email when this problem occurs, you can add a PHP snippet to your WordPress theme’s functions.php file. Below is a sample snippet to achieve this:

// Add a hook to check for invalid form token
add_action('init', 'check_invalid_form_token');

function check_invalid_form_token() {
    // Check if the nonce verification failed
    if (isset($_GET['error']) && $_GET['error'] === 'invalid_nonce') {
        // Get the admin email
        $admin_email = get_option('admin_email');
        // Prepare email subject and message
        $subject = 'Invalid Form Token Error Detected';
        $message = 'Dear Admin, an invalid form token error occurred on your website. Please check the contact form for issues.';

        // Send email notification to admin
        wp_mail($admin_email, $subject, $message);


  • This code snippet adds a WordPress action hook init to check for the presence of an error parameter in the URL query string with the value invalid_nonce. This indicates that the nonce verification failed, resulting in an “Invalid form token” error.
  • If the error is detected, the admin email address is retrieved using get_option('admin_email').
  • An email subject and message are prepared to notify the admin about the error.
  • The wp_mail() function is then used to send an email notification to the admin.

Make sure to test this code snippet thoroughly on your development environment before deploying it to your production website. Additionally, ensure that your server is configured to send emails correctly.