Jump to

Skill · Form strategy

Form strategy.

Forms are where intent becomes action. Design them or lose it.

Design forms well or lose conversions, frustrate users, and drown in spam. Every form decision falls into one of five dimensions: field strategy, field design, validation, spam defense, and submission flow. The biggest lever is the first one, because every additional field reduces conversion.

The skill audits the current form, cuts fields to the minimum that moves the user to the next step, layers spam defense, and tests the whole path through to the CRM, email, or database where submissions land.

Audience: designers, marketers, and engineers building or auditing a form, fighting form spam, planning validation, or chasing a dropping completion rate.

View the skill on GitHubBrowse the full catalog

The framework

Five dimensions. Field strategy is the biggest lever.

Every form decision falls into one of these. The first one moves conversion the most, because each field you add costs completion.

  1. 01Field strategy: ask for the minimum to make the next step happen, and everything else later. For each field, decide if it is required for user value, business value, inferable, or askable later.
  2. 02Field design: labels above inputs, a single column, logical grouping, the right input type, autocomplete attributes, and sensible defaults that never mislead.
  3. 03Validation: validate on blur not on keystroke, re-validate on submit, write specific messages, position errors at the field, and validate server-side as well as client-side.
  4. 04Spam defense: a layered set (honeypot, time-based detection, rate limiting, a modern invisible CAPTCHA, behavioral signals, content filtering) rather than one brute-force gate.
  5. 05Submission flow: inline success for short forms, a confirmation for high-value ones, an email confirmation for signups, saved state on errors, and per-step saving for multi-step forms.

How the skill runs

Eight steps from audit to monitoring.

The skill audits, defines the real success metric, cuts fields, layers defense, and verifies the form end to end before watching it over time.

  1. 01

    Audit current state

    Per form: purpose, field count, completion rate, spam rate, validation, post-submit flow, and where the data goes.

  2. 02

    Define success per form

    Track the metric that matters (qualified leads, confirmed subscriptions, substantive replies), not raw submissions.

  3. 03

    Cut fields ruthlessly

    Apply the field filter. A seven-field form often becomes a three-field form and conversion rises.

  4. 04

    Set up spam defense

    Add a honeypot, time-based detection, and rate limiting before launch; add a modern CAPTCHA for high-traffic forms.

  5. 05

    Improve validation

    Specific messages, the right timing (blur or submit, not keystroke), and server-side validation matching the client.

  6. 06

    Verify accessibility

    Labels on every input, errors linked to fields, logical focus order, and error indication beyond color alone.

  7. 07

    Test downstream

    Submit and confirm the data lands correctly, defenses work, the user gets their confirmation, and internal notifications fire.

  8. 08

    Monitor

    Completion rate, spam rate, errors per submission, and the field where people abandon, tracked over time.

Reference files

The reference that goes alongside the SKILL.md.

  • references/form-anatomy-checklist.md

    A field-by-field, behavior-by-behavior checklist for auditing or designing a form, covering structure, accessibility, validation, and spam defense.

Browse all reference files on GitHub

Bridges to other skills

Where the form's neighbors live.

Form strategy owns the form. These cover the funnel around it, the copy on it, the code behind it, and the full accessibility pass.

  • The wider funnel

    cro-optimization

    Generic conversion optimization across a funnel is a cro-optimization job. Form strategy handles the form-specific concerns inside it.

  • The words on the form

    landing-page-copy

    Writes the copy that frames the form and its call to action. The form's fields and behavior are this skill's territory.

  • Behind the fields

    frontend-component-build

    Backend handling beyond the form, and the input components themselves, sit with the build skills. Form strategy decides what the form asks and how it behaves.

  • Full WCAG pass

    accessibility-audit

    When the goal is a full WCAG audit rather than the form-level accessibility baseline, run the dedicated audit.

Open source under MIT

Read the SKILL.md on GitHub.

The skill source lives in the rampstackco/claude-skills repository alongside dozens of other skills covering the full lifecycle of brand and product work. This page is a structured overview; the SKILL.md is the source. MIT licensed.

View SKILL.mdBrowse the full catalog

Frequently asked questions.

How many fields should a form have?
The minimum to make the next step happen, with everything else asked later. Every additional field reduces conversion, so for each field ask whether it is required to deliver value to the user, required to deliver value to the business, inferable from another source (email domain, behavior, context), or askable later (after first contact, on a settings page). A seven-field form often becomes a three-field form once you apply that filter, and completion rises.
How should validation behave?
Validate on blur, not on every keystroke, because inline errors that fire as someone types are jarring. Re-validate on submit to catch skipped fields. Write specific messages ('Email must include @' beats 'Invalid email'), position errors next to the field they refer to, and do not submit a form with errors: highlight the first errored field and scroll to it. Validate server-side as well, because client validation is UX and server validation is correctness. For format-flexible fields like phone numbers, validate liberally and reject only what is clearly wrong.
How do I stop form spam?
Layered defense, not a single gate. A honeypot field that humans leave blank and bots fill, time-based detection that rejects submissions completed in under two to three seconds, rate limiting per IP, a modern invisible CAPTCHA (Turnstile or reCAPTCHA v3) as a last resort, behavioral signals, content filtering, and a server-side review queue for high-spam-target forms. For most contact forms, a honeypot plus a time check plus an invisible CAPTCHA is enough. Old image CAPTCHAs are conversion-killers; use the invisible kind that only escalates when needed.
What should happen after submit?
An inline success message for short forms, a confirmation page for high-value submissions that sets expectations and next steps, and an email confirmation for signups, purchases, and RSVPs. Save the entered data on errors so the user does not re-enter everything, which is one of the most frustrating form failures. For multi-step forms, show progress, save state between steps so a refresh does not wipe it, allow back navigation without data loss, and validate per step rather than only at the end.
What accessibility baseline does a form need?
Every input has an associated label (visible or via aria-label), errors are linked to their inputs through aria-describedby and aria-invalid, focus order matches the visual order, color is never the only way an error is signaled, and the whole form is keyboard-navigable. Leave autocomplete on (disabling it is almost never a real security improvement and always a UX cost), and set tabindex only when truly necessary. For the full WCAG pass, run accessibility-audit.
How is form-strategy different from cro-optimization?
Form-strategy covers the form-specific concerns: field strategy, field design, validation, spam defense, submission flow, and the downstream integration to a CRM, email, or database. Cro-optimization is generic conversion optimization across a whole funnel. Use form-strategy when the work is the form itself, and cro-optimization when the question is the broader conversion problem the form sits inside.