All Vendors
session_replay

Smartlook

Session replay platform with comprehensive behavioral capture and fingerprinting deployed as product analytics.

107 IOCs1 detections1 sites
27
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Smartlook discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

1 detection across 1 site
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Requires claims extraction via CDT

Observed Behavior

Live website analysis pending

Customer Impact

What This Means For You

Product teams gain session replay insights but organization captures and stores comprehensive behavioral recordings that may include sensitive user data despite masking efforts. Third-party session storage creates data breach exposure and consent complexity. Recordings become liability in security incident or legal discovery scenarios.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Smartlook

  • Audit session recording for PII capture despite input masking configurations
  • Review data retention policies to minimize storage of behavioral recordings
  • Implement consent gates to prevent recording of EU/UK users without explicit opt-in

If You're Evaluating Smartlook

  • Self-hosted session replay to eliminate third-party data exposure
  • Privacy-preserving analytics alternatives that aggregate rather than record individual sessions
  • Sampling strategies to reduce recording volume and associated data liability

Negotiation Leverage

  • Request detailed technical documentation on PII masking reliability and edge cases where sensitive data may still be captured
  • Demand contractual prohibition on using your session recordings for Smartlook's machine learning training or product development
  • Negotiate data residency controls and explicit limits on Smartlook employee access to your customer session recordings
Runtime Detections

Runtime Detections

2 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Fingerprints users through interaction patterns, mouse movements, and engagement signals captured in session recordings

BTI-C07Session Recording

Full session replay

Impact: Records complete user sessions including form interactions, navigation paths, and potentially sensitive input before masking

IOC Manifest

IOC Manifest

104 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.smartlook.com/wp-content/plugins/activecampaign-subscription-forms/site_tracking.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/jquery-migrate-1.2.1.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/slick/slick.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/jquery.form.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/acf-blocks/reviews-carousel-2.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/featherlight.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/acf-blocks/hp-header.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/icheck.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/app.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/jquery-3.6.1.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/fancybox/jquery.fancybox.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/jquery-ui-1.12.1.js*
Tracking script
TRACK
*www.smartlook.com/wp-includes/js/wp-emoji-release.js*
Tracking script
TRACK
*www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/session-cookie/session-cookie-bundle.*.js*
Tracking script
TRACK
rec.smartlook.com
Tracking script
TRACK
www.smartlook.com/wp-content/plugins/activecampaign-subscription-forms/site_tracking.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/jquery-3.6.1.min.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/jquery-migrate-1.2.1.min.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/jquery-ui-1.12.1.min.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/icheck.min.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/fancybox/jquery.fancybox.min.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/slick/slick.min.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/jquery.form.min.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/app.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/library/featherlight.min.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/acf-blocks/hp-header.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/acf-blocks/reviews-carousel-2.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-includes/js/wp-emoji-release.min.js
Auto-extracted from scan
TRACK
www.smartlook.com/wp-content/themes/webite-smartlook/assets/js/session-cookie/session-cookie-bundle.c3d30b7789d1f61cdb9b.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Session replay vendor competing against FullStory, Hotjar, and LogRocket in crowded product analytics market. Part of behavioral analytics category where UX tools double as comprehensive surveillance infrastructure.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

107 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details