OpenReplay

OpenReplay

OpenReplay is an open-source session replay and product analytics platform. Browser scripts record user interactions including clicks, scrolls, and form inputs to replicate browser sessions for UX debugging. Behavioral data and session recordings are stored for product analysis and optimization.

Back to Vendor Library

Overview

OpenReplay is an open-source session replay and product analytics platform. Teams deploy it to record user interactions in their web applications — capturing clicks, scrolls, input events, and errors — to reproduce user-reported issues and analyze user behavior. Operators may self-host OpenReplay on their own infrastructure or use OpenReplay's cloud offering.

What This Script Does

The OpenReplay tracker script records detailed user session data. Captured events include mouse clicks and coordinates, scroll positions and depth, keyboard input events (with configurable sanitization for sensitive fields), page navigation, network requests and responses (with configurable redaction), and JavaScript console output. DOM snapshots are taken to reconstruct the visual state of the page at any point during the session for replay. An anonymous session identifier is assigned per recording session, stored in __or_id (or equivalent) as a first-party cookie or localStorage item. If user identity is explicitly passed to the tracker via setUserID(), sessions become linked to authenticated user accounts. Scripts transmit data in real-time to OpenReplay's ingestion endpoint (self-hosted or api.openreplay.com). Error monitoring captures stack traces, browser environment, and the state of the DOM at the time of exception.

Consent & Compliance

Session replay scripts collect detailed behavioral data — mouse movements, scroll patterns, and interaction sequences — that constitutes personal data under GDPR because it can be used to identify individuals or reveal sensitive interactions. The EDPB and multiple national DPAs have specifically scrutinized session replay tools, noting that keystroke capture and form interaction recording raises particular concerns. Under ePrivacy, setting cookies or accessing storage for session recording requires prior informed consent. GDPR Article 6(1)(a) (consent) is the most defensible lawful basis; legitimate interest requires a DPIA and may be difficult to justify given the granularity of behavioral capture. For self-hosted deployments, data stays within the operator's infrastructure, which simplifies the transfer analysis. Cloud deployments involve OpenReplay (US) receiving EU personal data, requiring SCCs. Under CCPA/CPRA, session recordings may capture sensitive information and must be disclosed. Consent category: analytics.

Should You Block This Without Consent?

Yes. Session replay scripts capture detailed behavioral and interaction data that regulators have specifically flagged as requiring consent. Do not load OpenReplay's tracker until the user has affirmatively consented to analytics. Implement input masking and field sanitization regardless of consent status to prevent inadvertent capture of passwords or payment card data that may appear in form fields.

Visit website

Consent Categories

Analytics

Also Known As

openreplay consentopenreplay session replay privacyopenreplay cookiesopenreplay gdpropenreplay tracking opt outopen replay data collection

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (1)

openreplay.comAnalytics

Frequently Asked Questions

Does OpenReplay require cookie consent?

Yes. OpenReplay is a session replay and product analytics platform that records user interactions including clicks, scrolls, and navigation paths. This constitutes personal data processing under GDPR, requiring prior consent. CCPA opt-out rights apply to California residents.

What does OpenReplay record on websites?

OpenReplay captures session replays with DOM snapshots, user input interactions (sensitive fields are masked by default), network requests, console logs, and performance metrics. Recordings are tied to session identifiers and may be enriched with user identity if configured.

How does ConsentStack detect OpenReplay on my site?

ConsentStack detects the OpenReplay tracker script and assigns it to the analytics consent category. When visitors deny consent, ConsentStack blocks OpenReplay from initializing, preventing session capture. Recording begins only after a visitor grants analytics consent.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for OpenReplay

ConsentStack automatically detects and manages OpenReplay trackers so your site stays compliant with global privacy regulations.

Get started free