Loading tutorials…
Loading tutorials…
Hotjar isn't hard to install — it's hard to install in a way that won't burn through your monthly session quota in week one. This is the setup that prevents the rebuild most teams do at month two.
Who this is forOwners or marketers standing up Hotjar on a site for the first time. If you're running paid traffic or testing a new landing page and don't yet have qualitative behavior data, every week without Hotjar is a week of guessing why users bounce.
What you'll need
Step 1
Sign up at insights.hotjar.com, pick a plan based on real monthly sessions — not aspirational ones. Free Basic caps at 35 daily sessions.
Go to insights.hotjar.com/signup. Sign up with a work email — consumer Gmail works but Workspace makes seat management cleaner once your team grows.
Pick a plan based on your actual traffic, not what you hope to grow to. Free Basic = 35 sessions/day per site (~1,050/mo). Plus = ~100 sessions/day. Business = 500-7,000 sessions/day depending on tier. Scale = 7,500+ sessions/day.
Don't overspend. Most sub-10K-visitors/mo sites are fine on Free Basic for the first 60 days while you figure out which questions you actually want to answer. You can upgrade in one click later.
Account name is your business name. The first site is created during signup — enter your primary domain without https:// (e.g., acme.com). Hotjar will normalize it.
After signup, you'll land on the in-app Get Started checklist. Don't follow it blindly — the order in this tutorial is better.
Step 2
In Sites & Organizations, add each domain you want to track. Each site gets its own Site ID and tracking snippet — don't reuse one across multiple domains.
From the left sidebar, click Sites & Organizations. You'll see the site created during signup. Click Add new site if you have additional domains (e.g., main site + landing-page subdomain on Webflow).
Each site gets a unique Site ID (numeric, e.g., 3294817). Click the site row to open its setup panel.
Pick a Site type: Website (default), Mobile web app, or Desktop app. Most users pick Website. Hotjar's behavior data model is built for web — native mobile app coverage is via SDK and is a separate flow.
Copy the tracking snippet from the Install Hotjar section. It looks like a small <script> block referencing static.hotjar.com/c/hotjar-XXXXXXX.js and a settings object with your hjid (Site ID) and hjsv (snippet version).
Paste the snippet into the <head> tag of every page on your site. Below the </title> tag is the conventional spot, but anywhere in <head> works.
Step 3
Shopify, WordPress, Webflow, and Wix all have first-class Hotjar integrations. Use the platform option unless you need GTM for other reasons.
Shopify: Apps → search "Hotjar" → install the official Hotjar app → paste your Site ID. The app injects the snippet into the theme automatically and handles checkout pages on stores using checkout extensibility.
WordPress: install the "Hotjar" plugin from the official plugin directory, paste your Site ID under Settings → Hotjar. The plugin handles the snippet site-wide without theme edits.
Webflow: Project Settings → Custom Code → paste the snippet into Head Code. Hit Save Changes, then re-publish the site (Webflow doesn't hot-deploy header code).
Wix: Settings → Custom Code → Add Custom Code → paste in Head, set "Apply to" to "All pages," select "Place Code in" Head.
Google Tag Manager: create a Custom HTML tag with the Hotjar snippet, trigger = All Pages. This is the right path if you also run Meta Pixel, GA4, or any other tracking — you keep one source of truth for tags.
Step 4
In your Hotjar dashboard, the Install Hotjar panel auto-checks within ~5 minutes. Don't trust silence — actively visit your site, then re-check.
Open Sites & Organizations → click your site → look at the install status indicator. Green check = snippet detected on the most recent crawl. Red X = not detected.
If red, click Verify installation. Hotjar will fetch your homepage and confirm. If it still fails, try in an incognito browser (your own ad blocker may be hiding the snippet from Hotjar's checker too).
Better verification: install the Hotjar Chrome extension (free, official). Visit your site. The extension's badge will turn from grey to red and show the Site ID it detected. If you see the right Site ID, you're done.
Even better verification: in your site's DevTools → Console, type window.hj and press Enter. Response should be a function. If it's undefined, the snippet didn't load — usually a script error before it, or a Content-Security-Policy header blocking static.hotjar.com.
Common CSP fix: add static.hotjar.com, script.hotjar.com, *.hotjar.io, vars.hotjar.com, and vc.hotjar.io to your script-src and connect-src directives. Hotjar's docs maintain the current allow-list.
Step 5
Default sampling will burn your quota on noise. Set sample rate by URL pattern and suppress recordings on URLs that contain PII (account pages, checkout success).
Go to Settings → Sites & Organizations → click your site → Recordings settings.
Set Recording capture rules: include only URLs you actually need to analyze. Exclude /account/*, /admin/*, /cart/* (cart pages are usually noisy), and any thank-you page that exposes order details in the URL.
For PII suppression: under Privacy & Security → Settings, enable Suppress text on all inputs by default. This replaces typed input with asterisks in recordings — required for GDPR compliance on most B2C sites.
For elements with custom-rendered PII (e.g., a React app showing the user's name in a header), add the data-hj-suppress attribute to those DOM elements. Hotjar's text-suppression engine looks for it.
Save. From this point on, only matching URLs record and PII is masked. If you skip this step, your first month's recordings will be 70% logged-in account pages and useless.
Step 6
Add at least one backup admin and review who has access. Hotjar bills per seat above Free Basic — keep the team scoped.
Settings → Organization → Team Members → Invite member. Enter email, pick a role.
Roles: Owner (full control, billing), Admin (full control except billing), Member (create + view), Read-only (view only). Start everyone as Member unless they manage the account.
Add at least one Admin besides yourself. Solo-founder accounts where one person owns the only Owner seat are the most common Hotjar lockout story.
Above Plus, paid plans bill per seat. Audit Settings → Organization → Team Members quarterly and remove anyone who left the company or no longer uses the tool.
For agencies: use Hotjar Organizations to manage multiple client sites under one billing umbrella. Each client site gets its own Site ID but rolls up to one team.
Step 7
Wait 24 hours after install. Open Recordings → All recordings. You should see real sessions playing. If empty, the install is wrong.
Hotjar needs 1-24 hours to capture and process the first recordings depending on plan. Sessions show in Recordings within 5-10 minutes; full processing can take longer.
Open Recordings → All recordings. Sort by Most recent. Click any session — you should see a video player with mouse movement, scroll, and click events. If the panel is empty, the install isn't producing data.
Cross-check session count against GA4: GA4 → Reports → Realtime → users in last 30 minutes vs Hotjar → Recordings → recorded today. They won't match exactly (Hotjar samples), but they should be in the same order of magnitude.
If Hotjar shows 5 sessions/day and GA4 shows 5,000, you've hit the Free Basic cap — upgrade or accept the sample. If Hotjar shows 0 and GA4 shows 5,000, the install is broken — re-verify with the Chrome extension.
Set a 30-day baseline before drawing any conclusions. Hotjar's value is pattern recognition over volume of sessions, not single-session insights.
Common mistakes
Buying Business plan before validating real questions
What goes wrong: Business plan starts at $80/mo and scales to $400+/mo. Teams jump straight to it for the Funnels and Trends modules, then realize they don't yet have specific CRO questions Hotjar can answer. $1,000-5,000/year on capacity that goes unused.
How to avoid: Start on Free Basic or Plus for 60 days. Track which insights you actually pull. Upgrade only when a specific blocked workflow (e.g., Funnels for a 5-step checkout) justifies the next tier.
Installing without configuring PII suppression
What goes wrong: Recordings capture credit card fields, email addresses, addresses, and authenticated user data. Under GDPR/CCPA, this is a data-processing violation worth €10K-20M (4% of global revenue). Even US-only sites get burned when EU traffic shows up.
How to avoid: Before going live, enable Suppress text on all inputs by default. Add data-hj-suppress to any DOM element rendering PII. Review the first 10 recordings to confirm asterisks appear where you expect.
Tracking checkout and account pages with no exclusion list
What goes wrong: Hotjar quota is consumed by repeat sessions on /account, /dashboard, /admin — pages where no acquisition decision happens. On Free Basic's 35/day cap, this means 0 sessions/day on landing pages and product pages — the only pages that matter for CRO. On a $5K/mo paid-ads account, that's ~$500-1,500/mo in lost CRO leverage because you can't see where your paid traffic friction is.
How to avoid: In Recordings settings, exclude /account/*, /admin/*, /dashboard/*, and any internal app paths. Reserve quota for top-of-funnel and conversion-page traffic.
Using one Site ID across multiple unrelated domains
What goes wrong: Data from a corporate site and a separate ecommerce site merge into one Hotjar Site. Heatmaps cross-contaminate. Recordings are unsortable. You can't answer per-domain questions — and once data is mixed, there's no clean way to separate it retroactively. Most teams discover this 3-4 months in and rebuild: ~$3,000-6,000 of wasted Hotjar subscription + 2-4 weeks of re-instrumentation.
How to avoid: Create one Hotjar site per real top-level domain. Each gets its own Site ID and snippet. Bills the same on most plans; gains organizational clarity.
Single Owner seat with no backup
What goes wrong: When the founder or agency contact leaves, no one can access billing or downgrade the plan. Hotjar support won't transfer ownership without the Owner's email confirmation — and if that mailbox is deactivated, you're locked out. Most accounts in this state get cancelled at renewal and all historical data deleted — typically $400-2,000 of paid subscription lost + a year of CRO learnings gone.
How to avoid: Add at least one Admin (Owner-level for redundancy if Plus+) on day one. Document who has access in your team wiki.
Ignoring the Hotjar Chrome extension for verification
What goes wrong: You install the snippet, see a green check in Hotjar, and assume it works. Three weeks later you realize the snippet was on the homepage template only — product pages and checkout have zero data. Half your CRO questions can't be answered. On a $20K/mo ad-spend account, 3 weeks of missing checkout data = ~$3,000-8,000 in CRO insights that didn't compound into conversion lift.
How to avoid: Install the Hotjar Chrome extension. Visit at least 3 page templates (home, product, checkout, account). The extension badge must turn red and show your Site ID on each. Anything else = install is incomplete.
Recap
Done — what's next
How to set up Hotjar Heatmaps the right way
Read the next tutorial
Hand it off
Setting up Hotjar is a project. Turning recordings + heatmaps + surveys into a steady stream of CRO experiments is a job. A vetted conversion specialist on EverestX typically runs $300-800/mo at $14-16/hr — initial setup + first CRO playbook is usually a 1-week sprint at $400-1,000 total.
See specialist rates
For most sub-2,000-visits/day sites, Free Basic (35 sessions/day) is enough to spot the top 3 friction patterns in 30 days. Above that, you're sampling so heavily that funnel-wide questions become unreliable. Upgrade to Plus (~$32/mo) once you hit that ceiling.
The snippet loads asynchronously and adds ~30-50KB compressed. Real-world Largest Contentful Paint impact is typically under 50ms. If your site is already on the Core Web Vitals borderline, install via GTM with a 1-2 second delay trigger to defer Hotjar past LCP.
Yes. Hotjar detects route changes via the History API automatically — no need to call hj() manually for each route. For older SPAs that don't use pushState, fire hj('stateChange', '/new-path') after each navigation.
Yes if you set hjCookieDomain to .acme.com in your Hotjar settings (Sites & Organizations → site → Cookie Settings) and install the same Site ID on both subdomains. Hotjar will then treat them as one user journey.
GA4 tells you WHAT happened (page views, conversions, funnel drop-off rates). Hotjar tells you WHY — recordings show the friction, heatmaps show the dead clicks, surveys show the intent. They're complementary. Most professional stacks run both. See the GA4 integration tutorial below.
Free Basic data is retained as long as the account is active. Paid plan data is retained for the duration of your plan + 30 days after cancellation. After that, recordings, heatmaps, and survey responses are permanently deleted. Export anything you want to keep before cancelling.
Hotjar
Heatmaps are the most-misread feature in Hotjar. The same map answers a different question depending on whether you set it up for click, move, scroll, or rage-click — and most teams pick the wrong one.
Hotjar
Hotjar's recordings are the most powerful feature in the tool — and the most-wasted. The difference is filter discipline. This is the setup that turns 1,000 recordings/week into 5 useful insights, not 1,000 hours of "someday I'll watch these."
Hotjar
GA4 tells you what happened across thousands of sessions. Hotjar shows you why for 5 of them. Connecting the two means you can click from a GA4 anomaly straight into the 5 Hotjar recordings that explain it. This is the workflow.
Hotjar
DIY Hotjar is a great idea — until it isn't. This is the honest framework: when the cost of unwatched recordings and unanalyzed surveys exceeds the cost of hiring help, and how to tell which side you're on.