Hotjar's Recordings will report both clicks and mouse movements that happen within same-origin iframes. Clicks and mouse movement will show relative to the iframe element, not the page inside the iframe.
- Displaying same-origin iframes inside your Recordings
- Cross-origin iframes inside your Recordings
- The difference between same-origin and cross-origin
Current technological limitations with tracking iframes
If you'd like to get a Recording of interactions happening inside of an iFrame, only put the Hotjar Tracking Code on the iframe and not on the parent page. Having the Hotjar Tracking Code on both the parent page and the iFrame can cause Recordings of the page to fail and data collection to be skewed.
Displaying same-origin iframes inside your Recordings
When the Hotjar script encounters an iframe on a web page, the actual interactions inside that same-origin iframe won't be recorded. Instead, the URL of the iframe will be saved and reloaded inside the Recording when it's being played back if we have access to the assets.
<iframe src="/page.html" data-hj-allow-iframe></iframe>
Cross-origin iframes inside your Recordings
Cross-origin iframes, such as iframes loading a YouTube video or a third party extension, Hotjar will not be able to collect data or display the iframe. The element will instead show an error message.
The difference between same-origin and cross-origin
Same-origin means that the page loaded within the iframe is loaded from the same exact protocol and subdomain as the parent window.
Cross-origin policy applies when the page loaded within an iframe DOES NOT match the exact protocol and subdomain as the parent window.
The URL that the iframe points to is stored on our servers and reloaded every time a recording is played. This means that if the URL triggers some additional behavior on the server that the URL points to, other than just serving the iFrame content, this could cause unexpected and adverse results.