We have configured Gcloud reCaptcha API key. If we set key restrictions to "none" reCaptcha works just fine. When we attempt to add website referrer restrictions, reCaptcha fails. We are getting 403 error (forbidden). We have tried all different website domain patterns fully qualified and wildcard (*).

We followed the documentation scenario examples as follows. None worked.

'''
Senario Restrictions
Allow a specific URL Add a URL with an exact path. For example:
www.example.com/path
www.example.com/path/path
Some browsers implement a referrer policy that sends only the origin URL for cross-origin requests. Users of these browsers can't use keys with page-specific URL restrictions.

Allow any URL in your site You must set two URLs in the allowedReferers list.
URL for the domain, without a subdomain, and with a wildcard for the path. For example:
example.com/*
A second URL that includes a wildcard for the subdomain and a wildcard for the path. For example:
*.example.com/*

Allow any URL in a single subdomain or naked domain
You must set two URLs in the allowedReferers list to allow an entire domain:
URL for the domain, without a trailing slash. For example:
www.example.com
sub.example.com
example.com
A second URL for the domain that includes a wildcard for the path. For example:
www.example.com/*
sub.example.com/*
example.com/*
'''

Any guidance on how to get website restrictions to work is appreciated.