- Understanding iframes within Hotjar
- What are my options to track iframe content with Hotjar?
- What does it mean to allow iframes within Hotjar?
- What limitations exist after allowing an iframe?
Understanding iframes within Hotjar
An iframe can be described as a web page that appears inside of another web page. They are often used to embed content from third-party websites, such as chatbots, videos, or forms. However, they can also be used to show content from the same website domain.
To determine where an iframe's content is coming from, we can look at the iframe source URL (src=""), which is shown in the code like this:
In the example above, the iframe source URL is coming from YouTube.
You can learn more about iframes in the Mozilla Developer Network documentation.
To get the most out of this article, it's important to know these terms:
- iframe 'parent' page - This is the page where the <iframe> code has been added. This page usually has its own content but also includes the embedded iframe content. It is the page that your users will visit in their browser.
Example of an iframe parent page (https://www.hotjar.com).
- iframe 'source' page - This is the page where the iframe content is coming from. The source page URL is usually not a page that your users would access directly.
Example of the corresponding iframe source page. (https://Hotjar.eu.ada.support)
Hotjar cannot track iframes embedded on your page
By default, Heatmaps and Recordings will block iframe elements that are included in session data and prevent them from rendering content. Instead of the iframe content, while watching a recording or viewing a heatmap, you'll see a message stating that Hotjar cannot track iframes embedded on your page:
What are my options to track iframe content with Hotjar?
Hotjar is only able to track webpages where the Hotjar Tracking Code (TC) is installed. If the TC is installed on the iframe's parent page, then the TC will track that page, but it won't track or display interactions within the iframe (the iframe source page content).
The same is true vice versa. If the TC is installed within the iframe source page, it will track and display interactions for the source page, but it will not track or display interactions on the iframe's parent page.
Hotjar can be used to track iframe content in the following ways, we'll outline each one in the paragraphs below:
- Install the TC only on the iframe parent page
- Install the TC only on the iframe source page
- Install the same TC on both the iframe parent & source pages
Considerations when attempting to install the Hotjar Tracking Code within an iframe.
To track interactions within an iframe, you'll need to have access to edit the code of the iframe's source page. If using an iframe that is from a third party, this may not be possible. If the third party allows you to add your tracking code to the source page of their iframe content, they will also need to factor Hotjar tracking into their privacy and cookie policies.
Install the TC only on the iframe parent page
With this approach, Hotjar will track the page content of the parent page, but no interactions will be tracked inside the iframe.
In recordings and heatmaps, the iframe will be blocked by default, and if you allow the iframe to appear, you will see a static version of the iframe source page content, but Hotjar will not track any interactions within the iframe. Learn how to allow an iframe.
Install the TC only on the iframe source page
With this approach, Hotjar will track the page content of the iframe's source page, but no interactions will be tracked on the parent page.
In recordings and heatmaps, you will see the parent page that was actually visited by the user, but you'll only see data collection based on interactions that occurred within the iframe element. Any interactions the user had with the parent page outside of the iframe will not be tracked.
Install the same TC on both the iframe parent & source pages
With this approach, Hotjar will be able to detect data from both the parent page and the iframe source page. However, this is only possible if your team is able to edit the code from the iframe source page directly (this is rarely possible if using an iframe provided by a third party).
If you are able to add the TC to your iframe source page and the parent page, it's important to know that the iframe content will be treated as a separate page within Hotjar recordings. Instead of seeing both the parent and source page interactions at the same time, Hotjar will treat interactions with the iframe as another tab in the user's session.
This will cause the recording to look like the user is clicking back and forth between the iframe parent page and the iframe source page instead of seeing both of them at the same time. Due to the limitations around iframes, it is not possible to prevent this behavior when the TC is added to both the parent and source pages at the same time.
How to allow an iframe within Hotjar
Before allowing iframes on your Hotjar Site, review the next section in this article that outlines the limitations that may prevent iframes from being displayed in Hotjar.
Add data-hj-allow-iframe as an HTML attribute to your iframe.
<iframe src="https://example.com/page.html" data-hj-allow-iframe=""></iframe>
This can be written as data-hj-allow-iframe="", data-hj-allow-iframe="true", or just data-hj-allow-iframe. Either way, the value will show as "true" on the backend.
This attribute must be placed in the <iframe> element itself and cannot be placed in the parent element of the iframe. Many third-party tools do not allow you to edit their <iframe> elements, which means they cannot be allowed.
An iframe source page will reload each time it's displayed within Hotjar
The URL that the iframe points to is stored on our servers and reloaded every time a recording is played. This means that if loading the iframe source page triggers some additional behavior, this could cause unexpected and adverse results.
Visit your Sites & Organizations page.
Click on the site settings gear icon to visit your site settings page.
Expand the Session targeting & tracking menu.
Enter the top-level domain name you wish to allow under the heading ALLOWED IFRAME DOMAINS.
Only enter the top-level domain when entering domain names into the ALLOWED IFRAME DOMAINS field. The top-level domain is the domain without www, http://, or https:// connected to it. For example, if you wanted to allow https://www.hotjar.com/ to this field, the top-level domain would be hotjar.com
What limitations exist after allowing an iframe?
Before allowing an iframe, consider the limitations that will persist even after allowing the iframe:
❌ The iframe must have a src attribute.
❌ Hotjar cannot allow an iframe if its src attribute uses a relative page path (Example: src=“/page”) instead of the complete URL (Example: src=“https://hotjar.com/page”).
❌ Interactions (click and scroll events, typing, CSS animations, DOM mutations, etc.) will not be tracked in the iframe if recording the parent page.
- Third-party video players (including YouTube and Vimeo)
- Third-party forms (including Typeform forms)
- Most third-party web-apps that are loaded via iframes
- Most third-party payment systems
This means that Hotjar can only show the following aspects of an allowed iframe:
✅ Cursor behavior is tracked relative to the parent page.