Typeform

Typeform

Typeform is an interactive form and survey platform known for its conversational, one-question-at-a-time UX. Scripts embed responsive form widgets on websites and track completion and drop-off rates for each question. Response data is stored in Typeform and can be forwarded to connected integrations like HubSpot or Google Sheets.

Back to Vendor Library

Overview

Typeform is an interactive form and survey platform that uses a conversational, one-question-at-a-time format to increase completion rates. It is widely used for lead generation forms, customer satisfaction surveys, product feedback collection, and event registrations, with native integrations to HubSpot, Salesforce, Slack, and Google Sheets.

What This Script Does

Typeform can be embedded in three modes: full-page (redirecting to typeform.com), iframe embed, or via the Typeform JavaScript Embed SDK which injects the form as an inline widget, popup, slider, or popover.

Script Files and Domains

  • embed.typeform.com/next/embed.js — The Typeform Embed SDK. Approximately 40–80KB minified. Handles widget rendering, form state, and communication between the host page and the Typeform iframe.
  • form.typeform.com — The form iframe origin delivering the form UI and question logic.
  • api.typeform.com — Backend API receiving responses and returning conditional logic decisions for complex forms.
  • images.typeform.com — CDN delivering media assets embedded in forms (background images, logos).

Cookies Set

  • __cf_bm — Cloudflare Bot Management cookie set on typeform.com domains. Expires in 30 minutes. Used for bot mitigation, not user tracking.
  • _hjid — Hotjar cookie may appear if Typeform has Hotjar enabled on its own form pages. Persists 1 year.
  • Form session state is maintained via localStorage within the iframe context to allow users to resume partially completed forms across page reloads.
  • No persistent first-party tracking cookies are set on the host website's domain by the embed.

Data Collected Per Interaction

  • All question responses (text, multiple-choice selections, ratings, file uploads)
  • Question-level metrics: time spent per question, response edits, back-navigation events
  • Form-level metrics: start time, completion time, drop-off question (where user abandoned)
  • Hidden fields: the embed SDK supports passing URL parameters (UTM values, user IDs) as hidden fields, which are stored alongside the response
  • Browser metadata and IP address (captured server-side at submission)

Third-Party Integrations on Submission Typeform's native integrations forward response data automatically: HubSpot (create/update contacts), Salesforce (create leads), Mailchimp (add subscribers), Google Sheets (append rows), Slack (post notifications), and Zapier/Make for custom workflows. Each integration is a downstream data processor.

Analytics Features The Typeform analytics dashboard shows drop-off rates, completion rates, and response trends. No cross-site tracking of users outside the Typeform context is performed.

Consent & Compliance

Consent category: Functional

  • GDPR: Typeform acts as a data processor under GDPR. A Data Processing Agreement is available and required. Form responses containing personal data require a lawful basis — typically contract performance (contact forms), legitimate interest (feedback surveys), or explicit consent (marketing lead generation). The embed itself does not require a consent banner, but the data collected must be disclosed in the site's privacy policy, especially if responses are forwarded to HubSpot, Salesforce, or other marketing platforms.
  • ePrivacy: The Typeform embed uses localStorage (not cookies) for form state on the host site. The Cloudflare __cf_bm cookie is a security cookie. Under strict ePrivacy interpretation, loading a third-party iframe always requires disclosure, but functional form embeds are generally accepted without prior consent when they serve a user-initiated purpose.
  • CCPA/CPRA: Form responses are voluntarily provided by users and do not constitute a sale. Hidden field UTM tracking should be disclosed. Downstream integrations (Salesforce, Marketo) represent data sharing that must be disclosed.
  • EU-US Data Privacy Framework: Typeform is incorporated in Spain (EU company), so primary processing is within the EU. US-based integrations (HubSpot, Salesforce) require SCCs or DPF reliance.

Should You Block This Without Consent?

No. Typeform embeds serve a functional purpose initiated by the user interacting with the form. They do not perform cross-site tracking, advertising attribution, or behavioral profiling outside the form context. When used for marketing lead capture with UTM tracking, the form falls partially under marketing purposes, but the embed itself does not need to be blocked — ensure your privacy policy discloses the data collection and downstream integrations.

Visit website

Consent Categories

Functional

Also Known As

TypeformTypeform embedTypeform surveyinteractive formTypeform GDPRTypeform integrations

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Tracked Domains (2)

embed.typeform.comFunctional
renderer-assets.typeform.comFunctional

Frequently Asked Questions

Does Typeform require cookie consent?

No. Typeform embeds serve a functional purpose initiated by the user interacting with the form. They perform no cross-site tracking or advertising attribution. The Cloudflare __cf_bm cookie is a security cookie, and form state uses localStorage within the iframe. No persistent tracking cookies are set on the host site's domain.

What does Typeform track?

Typeform collects all question responses, time spent per question, back-navigation events, and the drop-off question where users abandoned. Hidden fields capture UTM parameters. Scripts load from embed.typeform.com and form.typeform.com, with API calls to api.typeform.com. IP and browser metadata are captured server-side at submission.

How does ConsentStack handle Typeform?

ConsentStack classifies Typeform as functional and does not block form embeds. Detected via embed.typeform.com/next/embed.js loads. When used for marketing lead capture with UTM tracking, ConsentStack notes the partial marketing purpose but does not block the embed. Disclose downstream integrations like HubSpot or Salesforce in your privacy policy.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Typeform

ConsentStack automatically detects and manages Typeform trackers so your site stays compliant with global privacy regulations.

Get started free