Trustpilot

Trustpilot

Consumer review platform used by businesses to collect and display customer ratings. The Trustpilot script loads a ratings widget showing aggregate review scores. Businesses use embedded Trustpilot widgets to display social proof, and Trustpilot fires impression events to track widget visibility.

Back to Vendor Library

Overview

Trustpilot is a consumer review platform used by over 700,000 businesses worldwide to collect and display customer ratings. Businesses embed Trustpilot widgets on product pages, homepages, and checkout flows to display aggregate star ratings and individual reviews as social proof. The widget loads live data from Trustpilot's platform. Trustpilot is headquartered in Copenhagen, Denmark, and London, UK — making it an EU-origin service with simpler data transfer considerations than US-headquartered equivalents.

What This Script Does

Widget Rendering and Content Delivery

  • Embeds a TrustBox widget (Trustpilot's term for its review display components) showing the business's aggregate TrustScore, star rating, total review count, and recent review excerpts
  • Widget assets are loaded from widget.trustpilot.com and Trustpilot's CDN at cdn.trustpilot.net
  • Script file: https://widget.trustpilot.com/bootstrap/<version>/tp.widget.bootstrap.min.js
  • The widget renders within a sandboxed iframe served from Trustpilot's domain

Impression and Interaction Tracking

  • Fires an impression event to Trustpilot's analytics endpoint when the widget enters the viewport (using an Intersection Observer)
  • Records click events when visitors click through to read the full Trustpilot business profile
  • Tracks widget load performance metrics

Cookies Set

  • No cookies are set on the host website's first-party domain by the Trustpilot widget directly
  • Within the Trustpilot iframe context: session identifiers may be set on trustpilot.com to track widget impressions across the Trustpilot network
  • _ga and _gid — if Trustpilot uses Google Analytics internally within the widget iframe; scoped to trustpilot.com

Data Collected and Transmitted

  • Widget impression events (page URL, business unit ID) sent to api.trustpilot.com
  • Click-through events with referrer URL
  • Visitor IP address and user agent transmitted to Trustpilot servers (hosted in EU/UK)

Business Reviews API

  • Live review data is fetched from api.trustpilot.com/v1/business-units/<id>/reviews on each widget load
  • Review data is public (published on Trustpilot.com) and does not constitute personal data processing of the site visitor

Consent & Compliance

Consent category: Functional

Trustpilot widgets display publicly available business review data. The impression tracking is minimal: it records that a widget was shown on a given URL, not persistent visitor behavior. Under GDPR, the legitimate interest basis (Article 6(1)(f)) is appropriate — displaying social proof for a commercial service is a legitimate interest that does not materially impact visitor privacy rights. The ePrivacy Directive is less clearly triggered since no cookies are set on the host domain. Under CCPA, the widget does not constitute a sale or sharing of personal information. Being EU-headquartered, Trustpilot does not trigger GDPR international transfer concerns.

Should You Block This Without Consent?

No. Trustpilot widgets display public review data as social proof with negligible tracking impact. No cookies are set on the host domain, impression data is minimal, and the service is EU-based. The widget does not require consent under a proportionate analysis, though disclosure in the site's privacy policy is recommended.

Visit website

Consent Categories

Functional

Also Known As

trustpilot widget GDPRtrustpilot cookiestrustpilot embed consentreview widget privacytrustpilot tracking

Industries

Computers Electronics and Technology

Tracked Domains (1)

trustpilot.comAnalytics

Frequently Asked Questions

Do Trustpilot review widgets require visitor consent?

No. Trustpilot widgets display publicly available business review data with minimal tracking impact. No cookies are set on the host website's domain, impression data is limited to the widget URL and business ID, and Trustpilot is headquartered in the EU, eliminating international data transfer concerns under GDPR.

What does the Trustpilot widget load and track?

The TrustBox widget loads from widget.trustpilot.com and cdn.trustpilot.net, rendering star ratings and review counts inside a sandboxed iframe. It fires an impression event to api.trustpilot.com when the widget enters the viewport, recording the host page URL and business unit ID. No host-domain cookies are set.

How does ConsentStack handle Trustpilot on my site?

ConsentStack classifies Trustpilot as functional and allows it to load without a consent gate. It appears in your ConsentStack vendor audit and cookie notice disclosure so visitors are informed of its presence. Because no host-domain cookies are set and tracking is minimal, it does not require active consent management.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Trustpilot

ConsentStack automatically detects and manages Trustpilot trackers so your site stays compliant with global privacy regulations.

Get started