Loading tutorials…
Loading tutorials…
Hotjar's recordings are the most powerful feature in the tool — and the most-wasted. The difference is filter discipline. This is the setup that turns 1,000 recordings/week into 5 useful insights, not 1,000 hours of "someday I'll watch these."
Who this is forTeams with Hotjar installed who have recordings stacking up but no recurring review process. Or teams about to enable recordings and want to avoid the standard pattern of capturing everything and watching nothing.
What you'll need
Step 1
Settings → Sites & Organizations → your site → Recordings. Filter aggressively. The default (record everything) burns quota in days.
Open Settings → Sites & Organizations → click your site → Recordings tab.
Under Capture Rules, switch from "Record on all pages" to "Record on specific pages."
Include: top 3 landing pages, top 3 product pages, the checkout flow, and any page where the conversion question is unresolved.
Exclude: /account/*, /admin/*, /dashboard/*, /login, /signup-success, /password-reset. None of these answer acquisition questions.
For ecommerce: include /cart, /checkout, /checkout/* — but suppress all form fields and order details (see step 3).
Save. From this point on, recordings only capture the URLs that match. Verify by visiting an excluded URL in incognito — you should NOT see a session appear under those URLs in Recordings.
Step 2
Suppress all input fields by default. Add data-hj-suppress to any DOM element rendering PII (user names, emails, addresses).
Open Settings → Sites & Organizations → your site → Privacy & Security.
Toggle Suppress text on all inputs to ON. This replaces typed input (and the visible text in input elements) with asterisks across all recordings.
For elements rendering PII outside of inputs (e.g., a logged-in user's name in a header, an order summary on the thank-you page), add the data-hj-suppress attribute to those DOM elements. Hotjar's engine reads it and masks the text in recordings.
Example: <div class="user-name" data-hj-suppress>Jane Doe</div> — Jane Doe will render as asterisks in the recording, but the page still works for the real user.
For entire blocks (e.g., the whole order summary section), apply data-hj-suppress on the parent — it cascades to children.
Review the first 10 recordings after going live. Click any recording, scrub to a form-fill moment, confirm asterisks appear. If real PII shows, fix it before processing more.
Step 3
Visit your site, click around, complete a flow. Within 30 minutes a session should appear in Recordings. If not, the install or capture rules are wrong.
Open a clean incognito browser. Visit one of the URLs you included in capture rules. Navigate 3-5 pages. Spend at least 30 seconds on each.
In Hotjar, go to Recordings → All recordings. Sort by Most recent. Within 5-30 minutes, your session should appear.
Click the session. Verify: (a) the recording plays smoothly with mouse/click/scroll events, (b) input fields are masked with asterisks if you typed anywhere, (c) the URL path matches what you visited.
If no session appears after 1 hour: re-check the install (window.hj should be a function in DevTools Console), re-check that the URL you visited is in your capture rules, re-check that your IP isn't excluded under Settings → Privacy & Security → IP Blocking.
Common gotcha: on Free Basic, the 35/day cap can be exhausted by 11 AM if you have a busy site. Test with a fresh quota window (UTC day reset).
Step 4
Saved filters are what turn 1,000 recordings into 5 useful ones. Build 3-5 standing filters that answer your top CRO questions.
Open Recordings → click Filter at the top → Filter recordings.
Filter 1 — Rage clickers on checkout: Behavior → contains Rage click + Page → contains /checkout. Save filter as "Checkout rage clicks". These are the highest-signal recordings — each shows a real bug or UX gap.
Filter 2 — Bouncers on top landing page: Behavior → Visited only this page + Page → equals /landing/main + Time on page → less than 30s. Save as "Landing page bouncers". Useful for diagnosing why paid traffic doesn't convert.
Filter 3 — Mobile checkout drop-off: Device → Mobile + Page → contains /checkout + Behavior → did not convert. Save as "Mobile checkout drop-offs". Reveals mobile-specific friction (tap targets, form field issues, viewport bugs).
Filter 4 — Sessions from a specific traffic source: Traffic source → equals google / cpc + Page → contains /pricing. Save as "Google Ads → pricing". Watch what paid users actually do vs organic users.
Filter 5 — High-intent abandoners: Behavior → Added to cart + did not purchase + Session duration → greater than 2 minutes. Save as "Cart abandoners". These users had intent and dropped off — usually the most actionable cohort.
Saved filters appear in Recordings → Filters dropdown. Pull them up in 1 click. This is the entire workflow.
Step 5
Calendar a recurring 30-min slot. Run through your 5 saved filters. Watch 1 recording per filter. Write down 1 finding per filter. Ship 1 fix per week.
Recordings are useless without a recurring practice. Put a 30-min weekly slot on your calendar — Friday afternoon is the standard.
Open Recordings → click your first saved filter ("Checkout rage clicks"). Pick the most recent recording. Watch it at 2x speed. Write down what you saw.
Repeat for the other 4 filters. 5 minutes per filter = 25 minutes. 5 minutes to summarize.
Outcome of each 30-min session: 1-5 findings written down, 1 shipped fix queued for the next dev cycle.
After 4 weeks, you'll have shipped 4 fixes and have a backlog of 10-15 hypotheses to test. This compounds — most teams' conversion rate moves 5-15% within 90 days of running this cadence.
Pro tip: record the watching session (Loom, Tella) so the rest of the team can scrub through your reasoning. Better than slide-deck handoffs.
Step 6
When you find a useful recording, tag it so future filters surface it. Share with team via the Note + Share Link features.
Inside a recording, click the Tag icon (top right of the player). Add tags like "checkout-bug", "cta-confusion", "mobile-tap-issue". Use a consistent taxonomy or tags become noise.
Click Add Note to annotate at a specific timestamp ("at 1:23, user tries to click the disabled coupon field 3 times — rage click cluster").
Click Share to generate a shareable link. Hotjar lets you grant view-only access to the recording without giving the recipient Hotjar account access — useful for sending bug reports to engineering.
Engineering tip: paste the recording link in your Jira / Linear / GitHub bug ticket. "User can't use the coupon code" with no recording is a ticket that bounces; with a Hotjar link, it gets prioritized.
Build a tag library that maps to your CRO backlog: each tag = one type of friction to track over time. "rage-click-checkout" tagged 5x in a week = top-priority fix.
Step 7
Recordings auto-delete based on plan tier (365 days on most paid plans). Archive what matters before then. Monitor quota burn weekly.
Free Basic: recordings deleted after 365 days. Plus: 12 months. Business and Scale: 12-18 months depending on subscription. Confirm yours under Settings → Plan & Billing.
For any recording you reference in a CRO writeup, export it (Plus and above): open the recording → top-right menu → Export. Saves as a video file.
Monitor monthly quota: Settings → Plan & Billing shows sessions captured this period vs cap. If you're hitting 80% by mid-month, tighten capture rules — don't just upgrade.
Quarterly: archive saved filters you're no longer using. Stale filters tempt you to read data from a layout that's since changed.
When you redesign a page, freeze the existing capture rules for that URL, ship the change, and re-evaluate filters after 2 weeks of new recordings. Old recordings stay for reference but won't pollute new analysis.
Common mistakes
Recording everything with no exclusion list
What goes wrong: Quota burns in days on Free Basic; on Plus, you'll exhaust a month's cap in a week. Worse, 80% of captured recordings are /dashboard and /account where no acquisition decision happens. The recordings that matter (landing pages, checkout) get under-sampled. On a $30-200/mo Hotjar subscription, that's 80% wasted spend ($24-160/mo) plus the bigger cost: zero leverage on the pages where leverage matters.
How to avoid: Set capture rules to specific high-value URLs only. Exclude logged-in app pages. Reserve quota for acquisition + conversion paths.
Going live without PII suppression
What goes wrong: Recordings capture credit card fields, addresses, emails, phone numbers. Under GDPR Article 4, this is processing personal data without consent or basis — fines start at €10K and scale to €20M / 4% of global revenue. Even US-only operators get burned when EU traffic shows up via paid social.
How to avoid: Before going live, enable Suppress text on all inputs. Add data-hj-suppress to PII-rendering elements. Audit the first 10 recordings to confirm masking.
Watching recordings with no filter (random scrolling)
What goes wrong: Spending an hour scrubbing through random recordings finds 0-1 insights and feels like work but produces nothing. Most teams do this once, conclude 'recordings don't work,' and stop using the tool. The $40-200/mo subscription continues.
How to avoid: Build 5 saved filters answering specific CRO questions. Watch 1 recording per filter per week. 30 minutes total. Ship 1 fix.
No tagging or note-taking on watched recordings
What goes wrong: You find an insight, fix the bug, then 6 weeks later see the same pattern again — and can't find the original recording or remember which fix you tried. Same lessons re-learned every quarter. Typical cost: 4-6 hours/quarter of re-watching old recordings + 2-3 duplicated fix attempts = $2,000-5,000/year in repeated CRO work.
How to avoid: Tag every useful recording with a consistent taxonomy. Add timestamped notes inside the recording. Reference recording links in your bug tickets and CRO writeups.
Treating recordings as decisions, not evidence
What goes wrong: Watching 1 recording of one user clicking the wrong button and shipping a redesign based on it. The change moves conversion 0% because n=1 was an outlier. Wasted ~$3,000-10,000 in design + dev cycles.
How to avoid: For any finding worth shipping, validate with 5-10 recordings showing the same pattern. Recordings are evidence for hypotheses, not the hypothesis itself.
Letting old recordings get auto-deleted before exporting
What goes wrong: A recording that proved a critical insight ("users abandon when shipping cost reveals at step 3") expires after 12 months. The original evidence is gone. Future debates can't reference it. Teams typically re-investigate the same friction pattern 6 months later, costing $1,500-4,000 in duplicated CRO discovery work.
How to avoid: Export any recording you reference in a CRO writeup, PRD, or post-mortem. Save the MP4 in the project folder. Treat important recordings like screenshots — they're documentation.
Recap
Done — what's next
How to set up Hotjar Heatmaps the right way
Read the next tutorial
Hand it off
Recordings are the single most underused feature in most Hotjar accounts. A specialist running a weekly filter-driven review typically pulls 3-5 actionable insights per week and ships 1-2. On a $50K/mo ad-spend account, that's usually $5K-15K/mo in recovered conversion lift. The specialist runs $400-1,000/mo at $14-16/hr — most accounts see net positive in the first 60 days.
See specialist rates
365 days on most paid plans (Plus through Business). Check Settings → Plan & Billing for your exact retention. Free Basic also stores for 365 days but with much smaller monthly capture caps. Export any recording you want to reference long-term.
Yes. Hotjar respects the Do Not Track browser header by default. You can also offer a JavaScript-triggered opt-out via the hj("optOut") call — useful for cookie banners that disable analytics on user request. Required under GDPR if you're recording EU users.
Yes, by default. Which is why PII suppression is mandatory before going live. With Suppress text on all inputs enabled, all input field text (including credit cards, emails, addresses) is replaced with asterisks in recordings. Never go live without this enabled.
FullStory captures everything as DOM events and can replay any historical session with full fidelity (and is 5-10x the price). Clarity is free with unlimited sessions but has a slightly simpler player. Hotjar sits in the middle — paid above basic tier, strong filter and tagging UX, tight integration with surveys and funnels. See the decision guide.
Yes via User Attributes. Push hj("identify", userId, {plan: "premium", isLoggedIn: true}) from your site. Then in Recordings filter, segment by attribute. Useful for B2B SaaS where you want to watch only paid-plan users vs trial users.
Usually one of: (a) the recording is from a slow-network user and Hotjar's player throttles to match (rare), (b) your network connection is slow on playback (test on wifi), (c) the recording captured a heavy-asset page (lots of video/iframes) — Hotjar may degrade fidelity. Try downloading the MP4 export and playing locally.
Hotjar
Heatmaps are the most-misread feature in Hotjar. The same map answers a different question depending on whether you set it up for click, move, scroll, or rage-click — and most teams pick the wrong one.
Hotjar
GA4 tells you 60% of users abandoned at checkout step 2. Hotjar Funnels tells you which 60% — and lets you click straight into 5 recordings of the people who dropped off. That's the workflow.
Hotjar
Hotjar is GDPR-capable, not GDPR-default. The out-of-the-box install processes EU user data without consent, captures PII in recordings, and may not have your DPA on file. This is the cleanup that keeps you out of regulator trouble.
Hotjar
DIY Hotjar is a great idea — until it isn't. This is the honest framework: when the cost of unwatched recordings and unanalyzed surveys exceeds the cost of hiring help, and how to tell which side you're on.