Due to potential security problems inherent to how iframes work, Hotjar is unable to track user interaction on iframe elements embedded on your site. By default, Hotjar's Recordings don't show parts of your site that are contained inside iframes.
If you're unfamiliar with iframes, you can think of them as web pages inside web pages. They are often used to add elements like chatbots, videos, or forms to your pages by third-party services. You can read more about them in the Mozilla Developer Network documentation.
Hotjar offers the ability to display self-hosted iframes within Recordings without capturing movement and click data. This means the following content types cannot be captured within Hotjar Recordings:
❌Third-party video players (such as YouTube or Vimeo)
❌Third-party forms (for example, Typeform forms)
❌Web-apps that are loaded via iframes
❌Most third-party payment systems
❌Most third-party content
Enabling self-hosted iframes to display inside your Recordings is a two-step process:
- Adding an HTML attribute to the iframe
- Whitelisting the iframes domain in your Hotjar Site Settings
Check out whitelisting limitations before continuing
It is important to take a look at the section What limitations still exist after whitelisting an iframe? to make sure you'd like to continue whitelisting the iframe inside Recordings.
What limitations still exist after whitelisting an iframe?
Before whitelisting, you should consider some of the limitations that still exist after whitelisting an iframe.
We can track:
✔️ a static page delivered through an iframe can be displayed inside a Recording.
✔️ mouse over behavior is tracked, relative to the parent page.
We cannot track:
❌ clicks on elements inside an iframe.
❌ scroll events inside an iframe.
❌ typing input inside an iframe.
❌ DOM mutation events.
❌ CSS animations dependent on user input (such as hovering over a button).
If you'd like to record interactions happening inside of an iframe you can put the Hotjar Tracking Code in the head element of the iframe source page, but you must also remove the Tracking Code on the parent page. Having the Hotjar Tracking Code on both the source page and the page containing the iframe can cause Recordings of the page to fail and data collection to be skewed.
Adding an HTML attribute to the iframe
If your iframe is not a third-party iframe and is hosted on your site, you can add an HTML attribute to make viewing the content within your Recordings possible. Movement and input data will still not be captured.
Add data-hj-allow-iframe as an HTML attribute to the iframe.
<iframe src="/page.html" data-hj-allow-iframe=""></iframe>
This can be written as ="", true or just data-hj-allow-iframe. Either way, the value will show as "true" on the backend.
This attribute has to be placed in the iframe element itself
Before starting on this step, take a look at What limitations still exist after whitelisting an iframe?
Go to site settings by clicking Settings > Sites & Organizations
Click the cog icon next to the site you want to whitelist.
You will see a field where you can insert the top-level domain name you wish to whitelist, under the heading Whitelisted Iframe Domains For Recordings.
An iframe source page will reload each time it's displayed in a Recording playback
The URL that the iframe points to is stored on our servers and reloaded every time a recording is played in the Hotjar dashboard. This means that if loading the iframe source page triggers some additional behavior, this could cause unexpected and adverse results.