How to Tell If a Website Uses Smartlook
Smartlook records web and mobile sessions with heatmaps and funnels. Detect it via the web-sdk.smartlook.com recorder script, the global smartlook object and its cloud endpoints.
Smartlook is a session-replay and heatmap platform notable for covering both websites and native mobile apps. To tell whether a site uses it, the fastest checks are to look for the web-sdk.smartlook.com recorder script or to type smartlook into the browser console. Here is the complete detection guide and what the find means.
What is Smartlook?
Smartlook is a qualitative-analytics tool in the same category as Hotjar, FullStory, Microsoft Clarity and Lucky Orange. It records user sessions, builds heatmaps, and tracks event-based funnels — but its distinguishing feature is cross-platform coverage, with SDKs for web and for iOS, Android and popular mobile frameworks. That makes it appealing to companies that run both a website and a mobile app and want consistent session analytics across them.
Detecting Smartlook therefore often points to a product or growth team at a SaaS or app company that values qualitative replay and wants a single tool spanning web and mobile.
How Smartlook loads and sends data
A Smartlook install loads the recorder from web-sdk.smartlook.com/recorder.js (older installs used rec.smartlook.com/recorder.js) and initialises it with a project key via the global smartlook('init', '<key>') call. Once running, the recorder serialises the session and streams it to Smartlook's cloud at manager.smartlook.cloud and related smartlook.cloud/smartlook.com endpoints, continuously throughout the visit.
Recording continuity and visitor identity are stored in first-party cookies such as SL_C and SL_GWPT. The recorder script host and the smartlook global are the cleanest signals.
How to tell if a website uses Smartlook
1. View the page source. Search for smartlook. You will find the recorder script reference and a smartlook('init', '<project-key>') call.
2. Check the Network tab. Filter for smartlook. You will see web-sdk.smartlook.com/recorder.js load and streamed data to manager.smartlook.cloud. The continuous requests are characteristic of a replay tool.
3. Use the console. Type smartlook and press Enter. The global function/object used to control recording confirms the install.
4. Inspect cookies. Look for SL_C and SL_GWPT (and other SL_-prefixed cookies).
5. Note the project key. The key passed to smartlook('init', ...) identifies the account and confirms a live configuration.
What the Smartlook signals look like
GET https://web-sdk.smartlook.com/recorder.js
POST https://manager.smartlook.cloud/... (streamed session data)
smartlook('init', 'a1b2c3d4e5f6...')
Cookie: SL_C_xxxx = "..."
The combination of the web-sdk.smartlook.com recorder, the smartlook global and the SL_ cookies is conclusive.
Smartlook versus similar tools — avoiding false positives
Match the exact fingerprint within the replay category. Smartlook uses web-sdk.smartlook.com/smartlook.cloud and the smartlook global; Hotjar uses static.hotjar.com and hj; FullStory uses edge.fullstory.com and FS; Microsoft Clarity uses clarity.ms and clarity; Lucky Orange uses tools.luckyorange.com and __lo_site_id. They share a purpose but not a fingerprint. Smartlook can be loaded via GTM or a CMS plugin, so the recorder may appear after other scripts — check the live page. And because Smartlook also has mobile SDKs, a company may use it on an app even where the website does not show it.
How reliable is each Smartlook signal?
Active streaming to manager.smartlook.cloud is definitive, as is the recorder.js load from web-sdk.smartlook.com. The smartlook global is strong confirmation. The SL_ cookies are reliable secondary evidence. A consent-gated install may load the recorder only after opt-in, so a missing recorder on first load is not proof of absence — re-check after accepting cookies. Prefer the streamed requests or the recorder script as your primary evidence.
What a Smartlook install reveals about a company
Smartlook's cross-platform focus means its presence often signals a company with both a website and a mobile app, and a team that wants unified qualitative analytics across them — common in fintech, marketplaces and consumer SaaS. As a session-replay tool, it also indicates investment in understanding individual user journeys and friction, typically by a product, UX or growth function. If you sell UX research, CRO, or analytics tooling, a Smartlook install marks a buyer who already values replay and may have multi-platform needs you can address.
Smartlook in a modern measurement stack
Smartlook complements quantitative tools rather than replacing them: expect Google Analytics 4 for acquisition and a product-analytics tool for behavioural metrics alongside Smartlook's replays. Because replay tools capture potentially sensitive input, a careful Smartlook deployment coincides with field masking and a consent-management platform — a maturity signal worth noting. For an auditor, record the project key, whether consent gating is present, whether a mobile app likely shares the account, and which analytics tools coexist; together they show how the company blends quantitative and qualitative measurement.
A quick Smartlook detection checklist
- Filter the Network tab for
smartlook; theweb-sdk.smartlook.com/recorder.jsload andmanager.smartlook.cloudstream are conclusive. - Search the source for
smartlookand thesmartlook('init', ...)call. - Type
smartlookin the console to confirm the global. - Check cookies for
SL_CandSL_GWPT. - Note the project key from the init call.
- Re-check after accepting cookies if the recorder is consent-gated.
Privacy, masking and consent with Smartlook
Smartlook records sessions across web and mobile, so privacy handling is integral to a responsible deployment — and informative to anyone auditing the site. Smartlook lets teams mask sensitive elements via the smartlook-hide CSS class and configuration options, and by default obscures input in many fields. When you inspect a site, look for those masking classes around forms, account areas and payment steps: their presence indicates a team that has deliberately scoped what it records. The absence of any masking on a checkout, combined with a recorder that loads before consent, is a privacy gap worth flagging — and a clear opening if you offer compliance or privacy-engineering help.
Consent sequencing is the other thing to check. In compliant EU and UK deployments, recorder.js should only load and stream after the visitor accepts analytics cookies through a consent-management platform. If you see Smartlook streaming to manager.smartlook.cloud regardless of consent, that is both a compliance risk for the owner and a meaningful data point about their data-protection posture. Because Smartlook also has mobile SDKs, remember that a company may record sessions in its app even if the website's consent setup looks conservative — the web view is only part of the picture.
A quick Smartlook confirmation walkthrough
Open the site with developer tools on the Network tab and clear any cookie banner. Filter for smartlook and reload: the recorder load from web-sdk.smartlook.com/recorder.js and streamed data to manager.smartlook.cloud are your primary signals. Switch to the Console and type smartlook — the returned function/object confirms the SDK is present. Then check the Application panel for SL_-prefixed cookies such as SL_C. If the recorder did not appear on first load, accept cookies and reload, because consent gating commonly delays it. Note the project key from the smartlook('init', ...) call to identify the account.
When finding Smartlook matters most
Smartlook's cross-platform coverage makes its presence a strong hint that a company runs both a website and a mobile app and wants unified qualitative analytics — common in fintech, marketplaces and consumer SaaS. For sellers of UX research, CRO or analytics tooling, that signals a buyer who values session replay and may have multi-platform needs you can address in one conversation. For competitive teams, a Smartlook install tells you a rival is studying individual journeys and friction points across surfaces, which is worth weighing when you assess how quickly they can diagnose and fix experience problems.
How Smartlook compares to Hotjar and Microsoft Clarity
Placing Smartlook against the leaders sharpens what its presence means. Hotjar is the mid-market default for web heatmaps, recordings and surveys; Microsoft Clarity is free and web-focused with unlimited recordings. Smartlook's defining difference is true cross-platform coverage: a single platform that records sessions and builds funnels across web and native iOS and Android apps, with event-based tracking rather than purely page-based.
That is the signal to read. A team choosing Smartlook over the free Clarity or the ubiquitous Hotjar has usually done so because it needs consistent qualitative analytics across a website and a mobile app — a requirement Hotjar and Clarity do not serve as well. So a Smartlook find should raise your estimate that the company runs a meaningful mobile app, not just a marketing site, which in turn hints at fintech, marketplace or consumer-SaaS business models. Smartlook is more developer-and-product-oriented than the marketer-friendly Crazy Egg, and more accessible than enterprise Contentsquare. For sellers, that positions the buyer as a product or growth team with multi-surface needs; for competitive analysts, it tells you the rival can study app and web journeys in one place, a capability worth weighing when you assess how fast they iterate on experience.
Detecting Smartlook at scale
One page is a quick console check. To scan a list of sites for session-replay tools, automate it. StackOptic detects Smartlook and thousands of other technologies from a real browser, catching GTM- and plugin-injected installs. See how to find out what analytics a website uses and the Smartlook profile for more.
Frequently asked questions
What is the fastest way to detect Smartlook?
Open the Network tab, reload and filter for 'smartlook'. You will see recorder.js load from web-sdk.smartlook.com and recorded data stream to manager.smartlook.cloud. Either request confirms Smartlook is capturing the session.
How do I confirm Smartlook in the console?
Type smartlook and press Enter. A Smartlook-enabled page returns the smartlook function/object used to initialise and control recording. Its presence, together with the recorder script, confirms the tool.
Where does Smartlook send recorded data?
Smartlook streams session data to its cloud at manager.smartlook.cloud and related smartlook.cloud / smartlook.com endpoints. In the Network tab you will see ongoing requests as the recorder captures the session, characteristic of a replay tool.
What cookies does Smartlook set?
Smartlook sets first-party cookies such as SL_C and SL_GWPT to maintain recording continuity and visitor identity. Spotting SL_-prefixed cookies is a useful secondary confirmation when network requests are missed.
What does it mean if a site uses Smartlook?
Smartlook is a session-replay and heatmap platform that works across both web and mobile apps. Finding it indicates a product or growth team studying qualitative user behaviour, often at a SaaS or app company that wants one tool spanning web and native apps.
Analyse any website with StackOptic
Get the full technology stack, performance, security and SEO report in seconds — free.
Analyse a websiteRelated articles
How to Tell If a Website Uses Heap
Heap (Heap Analytics) autocaptures product events. Detect it via the cdn.heapanalytics.com script, the global heap object, heapanalytics.com beacons and _hp2 cookies.
How to Tell If a Website Uses Foundation
Foundation (by Zurb) is a responsive front-end framework. Detect it via its grid classes (row/columns, grid-x/cell), data-* component attributes and the foundation.css/js files.
How to Tell If a Website Uses Crisp
Crisp is a developer-friendly, affordable live-chat and messaging tool. Detect it via the client.crisp.chat/l.js script, the window.$crisp object and the CRISP_WEBSITE_ID value.