UserTesting

Overview

UserTesting is a UX research and human insight platform founded in 2007 and headquartered in San Francisco. It operates one of the largest panels of on-demand research participants and provides tools for running moderated and unmoderated usability studies, card sorting, tree testing, live interviews, and in-context feedback collection. On live websites, UserTesting appears through its intercept-based study recruitment — injecting study invitations and survey prompts into the production environment to reach actual site visitors and recruit them into research studies. This in-context approach captures genuine behavioural data that remote panel studies cannot replicate. UserTesting merged with UserZoom in 2023 to form a combined enterprise UX research platform.

What This Script Does

UserTesting scripts load from usertesting.com domains and inject research intercepts into the host page's DOM. The activation conditions, study design, and targeting rules are configured by the host organisation's UX research team.

Cookies and identifiers set:

• utid — UserTesting visitor identifier; first-party cookie set on the host domain; used to manage intercept frequency (preventing the same visitor from being shown the same study invitation repeatedly); expiry 1 year.
• ut_session — Session cookie managing the current research intercept state — tracking whether the visitor has been shown an invitation, accepted, declined, or completed the study; expires at session end.
• ut_study_<id> — Study-specific cookie recording the visitor's assignment to a particular study and their completion status; expiry 30 days per study.
• ut_screener — Screener result cookie storing responses to pre-study qualification questions used to determine eligibility for specific studies; expiry 30 days.

Script filenames and CDN: recruit.js and intercept.js loaded from app.usertesting.com or cdn.usertesting.com. Study configuration fetched from api.usertesting.com/studies/<id>/config. Survey response data POSTed to app.usertesting.com/collect/. Screen recording sessions stream to recording.usertesting.com.

Per-session data collected:

• Page URL, referrer, and navigation path within the site
• Session assignment and intercept display timing
• Screener question responses and qualification outcome
• Survey responses (free text, rating scales, multiple choice)
• Screen recording stream (where the participant consents to recording): captures full page rendering, mouse movements, clicks, and typed text
• Audio recording of participant think-aloud narration (for moderated sessions)
• Click heatmap data and scroll depth events
• Task completion time and success/failure classification

Targeting and sampling: The intercept script evaluates real-time targeting conditions — page URL patterns, visit number, session depth, device type, referral source, and custom JavaScript conditions — to determine which visitors to approach for study participation. This targeting evaluation occurs on every page load while the script is active.

Consent & Compliance

UserTesting scripts are classified under the analytics category. The deployment of scripts that collect screen recordings, behavioural data, survey responses, and potentially audio recordings of visitors requires explicit prior consent under GDPR Articles 6 and 9 (where audio or sensitive content is captured). Under the ePrivacy Directive, the utid persistent visitor identifier and the intercept frequency management cookies require opt-in consent, as they are not strictly necessary for any service requested by the visitor. Under CCPA/CPRA, the collection of behavioural profiles, interaction patterns, and screen recordings constitutes personal information — and potentially sensitive personal information if audio is captured. Screen recording capabilities also raise specific considerations under US state wiretapping laws (California CIPA). UserTesting participates in the EU-US Data Privacy Framework for transatlantic data transfers.

Should You Block This Without Consent?

Yes. UserTesting scripts collect detailed behavioural and interaction data, set persistent visitor identifiers, and may capture screen recordings and survey responses. These are research analytics activities that are not necessary for website functionality. Block until the visitor provides analytics consent.