Oracle stored packages (and procedures) do not allow dashes/hyphen ("-") in the parameter name. Oracle will not allow you to create a package with parameter name as g-recaptcha-response. Hence, you will not be able to post using g-recaptcha-response. Instead create a parameter called g_recaptcha_response in your package. Also create a field in your html form with the name of g_recaptcha_response. In other words, you will post g_recaptcha_response instead.
Place the "I'm not a robot" widget outside your html form. If you place this widget as part of the html form, then it will post g-recaptcha-response to your package, and the html post will error out, as you do not have (and cannot create) a parameter called g-recaptcha-response in your package.
Now, all you need to do is verify if the value of g_recaptcha_response received (via post) is valid or not, using API request to https://www.google.com/recaptcha/api/siteverify. You can use UTL_HTTP to do this. However, notice that this url is "https"and not "http", hence your UTL_HTTP request will fail with certificate validation error. Oracle XE does not support Oracle Wallet, directly. UTL_HTTP will not work for "https". The best way to resolve this issue is to use ProxyPass directives in your Apache web server. You will need to create a http link (on your host) that redirects to google's https link. Then, use your http link in UTL_HTTP request to call https://www.google.com/recaptcha/api/siteverify. More details about this workaround are at https://blog.hazrulnizam.com/openssl-workaround-oracle-xe-wallet/.
Please feel free to email us with your comments or questions. Thanks.