Phloz
Sign inStart free
conversion tracking4 min readBy Phloz team

Heatmaps and session recordings: the qualitative half of measurement

GA4 tells you where users drop off; it can't tell you why. Heatmaps and session recordings are the qualitative layer that explains the numbers — how to use them, where they mislead, and how to keep them compliant.

TL;DR

Analytics like GA4 are quantitative — they tell you what happened and how many (this page has a 70% drop-off). They cannot tell you why. Heatmaps (click, scroll, and movement maps) and session recordings (replays of real visits) are the qualitative layer that answers the why: users aren't scrolling to the CTA, they rage-click a non-button, the form's third field makes them quit. The right workflow is a loop: GA4 finds where the problem is → recordings/heatmaps show whya CRO test proves the fix. Tools range from free (Microsoft Clarity) to paid (Hotjar, FullStory). The cautions: they're qualitative, not statistically significant on their own, and they can capture PII — so mask sensitive inputs and respect consent. Below: how to use them, where they mislead, and how to stay compliant.

You can stare at a GA4 funnel showing a 70% drop on the checkout page for a week and never learn anything actionable, because the number describes the symptom, not the cause. Watch five recordings of that page and you'll often see the cause in minutes — a broken coupon field, a shipping cost that appears too late, a mobile layout that hides the button. Quantitative tells you where to look; qualitative tells you what you're looking at.

Heatmaps: where attention goes

Heatmaps aggregate behaviour across many visitors into a visual:

  • Click maps — where people click (and where they click things that aren't clickable, a sign of confusion).
  • Scroll maps — how far down the page people get; if your CTA is below where 80% of people stop scrolling, that's your conversion problem in one image.
  • Move maps — where cursors travel (a rough proxy for attention).

Heatmaps are great for a fast read on a single page's layout. They're aggregate, so they're directional, not diagnostic of any individual journey.

Session recordings: why it happened

Recordings replay individual sessions so you can watch the friction:

  • Rage clicks — repeated frustrated clicks on something that isn't responding.
  • Dead clicks — clicks that do nothing (users expect an element to be interactive; it isn't).
  • Form abandonment — exactly which field someone hits before they quit (pair with form analytics).
  • Confusion loops — back-and-forth, hesitation, mis-navigation.

Watching ten recordings of users who dropped off a key page is one of the highest-insight-per-minute activities in all of analytics.

The loop that makes them worth it

Qualitative tools are a hypothesis engine, not a verdict. The workflow:

  1. GA4 finds the where. A report shows an unexpected drop-off, a low-converting page, a high-exit step.
  2. Heatmaps + recordings show the why. You watch and form a specific hypothesis ("the coupon field makes people leave to hunt for a code and never return").
  3. A CRO test proves it. You change the thing and A/B test whether conversions actually rise.

Skipping step 3 is the classic mistake — acting on a handful of recordings as if they were statistically significant. Five sessions are a story, not a sample. Use them to generate the test, then let the experiment decide.

Where they mislead

  • Small-sample over-reading. Watching three users do something is not evidence it's common. Quantify the pattern in GA4 before you commit.
  • Survivorship in heatmaps. A scroll map only includes people who didn't bounce first; don't mistake "engaged users scroll" for "everyone does."
  • They don't replace quantitative. Recordings can't tell you how many; GA4 can't tell you why. You need both, in the loop above.

Compliance: this is recording real people

Session recordings can inadvertently capture PII — anything typed into a form, names, emails, payment fields. That's a real privacy obligation:

  • Mask sensitive inputs by default (most tools block form-field content unless you opt in — keep it blocked).
  • Respect consent. Recording is tracking; it belongs behind the same consent gate as your other tags, and it should appear in the client's privacy policy.
  • Don't record payment/auth pages with sensitive data.

Treat it with the same care as any other data collection, because it is.

Where this fits

Qualitative tools are another instrument in the client's measurement stack — and another thing to install correctly, gate behind consent, and actually use rather than set up and forget. Phloz models each client's analytics stack, including the qualitative tools and their consent posture, as part of the tracking-infrastructure map, so the why-layer is documented alongside the what. The CRM for CRO agencies and pricing pages cover the workflow — but the habit is the payoff: when GA4 surprises you, don't theorise — go watch.