ContentSquare

ContentSquare

Enterprise digital experience analytics platform that captures every user interaction — clicks, hovers, scrolls, and form interactions — to generate journey maps and zone-based heatmaps. The ContentSquare tag injects a session recording script and sends behavioral telemetry to its analytics platform.

Back to Vendor Library

Overview

Contentsquare is an enterprise digital experience analytics platform that captures and analyzes every user interaction on a website — mouse movements, clicks, taps, scroll depth, hover patterns, and form interactions. It reconstructs individual and aggregated user journeys into visual heatmaps, session replays, and zone-based engagement metrics. Enterprise teams in retail, financial services, and travel use it to diagnose conversion friction and optimize digital experiences.

What This Script Does

Contentsquare Tag

The Contentsquare tag (t.contentsquare.net/uxa/cs.js) is a large JavaScript library that instruments the entire DOM of the host page. It attaches event listeners to capture user interactions at a high temporal resolution and streams interaction data to Contentsquare's ingestion infrastructure.

Session Replay Engine

The replay engine uses DOM serialization and MutationObserver to record a complete sequence of DOM states across the session. This produces a full playback capability that allows analysts to watch individual user sessions as video-like recordings. Input masking is configurable to exclude sensitive fields, but by default the script captures all user interactions.

Heatmap Aggregation

Click and hover events are tagged with XPath-based element selectors and viewport-relative coordinates, then aggregated server-side into click density heatmaps and move heatmaps. Scroll depth tracking records how far down each page users scroll before leaving.

Cookies Set

  • _cs_id — First-party persistent cookie. Stores the Contentsquare visitor identifier. Duration: 13 months (to comply with CNIL guidance).
  • _cs_s — First-party session cookie. Stores the current session identifier. Duration: 30 minutes of inactivity.
  • _cs_ex — First-party persistent cookie. Stores experiment exposure data for A/B testing segments. Duration: 13 months.
  • _cs_c — First-party persistent cookie. Stores the consent state passed by the site's CMP to Contentsquare. Duration: 13 months.
  • _cs_vars — First-party session cookie. Stores custom variables defined by the site operator. Duration: session.

Domains Contacted

  • t.contentsquare.net — Serves the primary cs.js tracking library.
  • api.contentsquare.net — Event ingestion endpoint. All interaction events are streamed here in batched payloads.
  • replay.contentsquare.net — Session replay data upload endpoint.

Data Collected Per Interaction

  • Complete DOM snapshot at page load and incremental DOM mutation diffs throughout the session
  • Mouse cursor X/Y coordinates at configurable sampling rates
  • All click events with target element XPath, CSS selector, and text content
  • Scroll position in pixels and percentage at regular intervals
  • Form field focus and blur events (field values are masked by default)
  • Page URL, page title, and referrer
  • Session entry source (direct, organic, paid, referral)
  • Viewport dimensions and device pixel ratio
  • Rage clicks, error clicks, and dead clicks automatically flagged

Consent & Compliance

GDPR / ePrivacy: Contentsquare captures detailed behavioral data — including mouse movements and DOM state — that constitutes personal data when associated with a persistent visitor identifier. The French data protection authority CNIL has specifically addressed session replay tools and requires consent before deployment. Contentsquare's own CNIL-compliant mode limits cookie duration to 13 months and requires CMP integration. Under ePrivacy, the _cs_id persistent cookie requires prior consent.

CCPA / CPRA: Contentsquare collects behavioral data tied to persistent identifiers. This constitutes "personal information" under CCPA. Depending on whether Contentsquare uses this data for its own purposes (benchmarking, product improvement), it may not qualify as a pure service provider, which affects the CCPA sale analysis.

EU-US Data Privacy Framework: Contentsquare is headquartered in France with US infrastructure. EU-to-US transfers are covered by Contentsquare's Standard Contractual Clauses available in their DPA.

Consent Category: Analytics. IAB TCF purposes: Purpose 1 (Store and/or access information on a device), Purpose 8 (Measure content performance), Purpose 9 (Apply market research to generate audience insights).

Should You Block This Without Consent?

Yes. Contentsquare is a session replay and behavioral analytics tool that captures continuous interaction data including cursor position, click targets, and scroll depth. It sets persistent first-party cookies and streams detailed behavioral telemetry. CNIL and other EU DPAs have specifically ruled that analytics tools of this type require prior consent. Do not load the Contentsquare tag until the user has accepted analytics cookies.

Visit website

Consent Categories

Analytics

Also Known As

ContentSquareContentsquaresession recordingheatmap analyticsdigital experience analyticszone analyticsjourney mapping

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (1)

contentsquare.netAnalytics

Frequently Asked Questions

Does ContentSquare require cookie consent?

Yes. Contentsquare captures continuous behavioral data — cursor position, click targets, scroll depth, and DOM state — via session replay. CNIL has specifically ruled that session replay tools of this type require prior consent. The _cs_id persistent cookie requires ePrivacy consent before the tag loads.

What does Contentsquare track?

Contentsquare sets _cs_id (13-month visitor ID), _cs_s (30-min session cookie), _cs_ex (13-month A/B segment data), and _cs_c (consent state). It streams complete DOM snapshots, mouse coordinates, all click events with element selectors, and scroll depth to api.contentsquare.net and replay.contentsquare.net.

How does ConsentStack manage Contentsquare consent?

ConsentStack classifies Contentsquare as analytics and blocks cs.js from t.contentsquare.net until analytics consent is granted. This prevents session replay recording, heatmap data collection, and persistent visitor identification. ConsentStack passes consent state via the _cs_c cookie once the visitor opts in.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for ContentSquare

ConsentStack automatically detects and manages ContentSquare trackers so your site stays compliant with global privacy regulations.

Get started free