Meet your users where they’re at. In-product prompts allow you to ask for in-the-moment feedback using a popover on your website that links to your maze.
In this article:
- Who can use this feature?
- Connect your website to Maze
- Current limitations
- Create an in-app prompt
- Check the status of your prompt
- Edit a prompt or remove it from your website
- Security and performance FAQs
Who can use this feature?
Prompts are available for all plans.
There are currently no role restrictions for who can create an in-product prompt.
Connect your website to Maze
Before enabling Maze Prompts on your live website for the first time, you’ll need to install a tracking code that enables this feature to run on your website.
- Mazes can't be answered directly within your website. The prompt is a popover on your website that links to your maze on a separate tab.
- The design of the prompt is not yet customizable (i.e. branding, size, or position on the page).
- The 'Display when' field is not editable. All prompts are displayed at page load.
If you'd be interested in any of the features listed above, please let us know!
Create an in-product prompt
To add a Maze Prompt to your website, open the Share page for your live maze, and click In-Product Prompt.
You'll be able to come back to the editor and make changes to both content and audience after publishing. Learn more in the section 'Edit an existing prompt'
First, you’ll set up the content of the popover:
- Internal prompt name
- Title (100 characters limit)
- Description (280 characters limit)
- Button/CTA (25 characters limit)
If the character limit is exceeded, you won't be able to move forward.
It isn't currently possible to preview the popover directly on your website before publishing it. However, on the right-hand side of the editor, you'll see a preview of how the popover will look like.
When you’re happy with the content, click Next.
Then, you’ll choose where and to whom the prompt will be displayed.
- Connected website: Select one of the websites you’ve previously connected, or connect a new one.
Display on: Choose whether you want to display the prompt on every page of the selected website or on specific pages. Learn more about URL patterns
URL parameters aren't currently supported, and will be stripped when the prompt is published. As a result, information from the page and/or tester can't be passed on to the maze results with URL parameters. If you need to identify the page or the tester, you need to ask them for that information directly in the maze.
- Users: Select All users to show the prompt to every visitor on that page, or Specific users to show it to a specific Amplitude cohort. Learn how to connect Maze to Amplitude
- Device type: Choose on which devices the prompt should be displayed: users visiting your website on desktop, tablet, and/or mobile devices.
Once you’re ready, click Create Prompt to make it available on your website.
Check the status of your prompt
Every prompt you create will be listed on the Share page. Click the prompt to see more details.
Edit an existing prompt
At the bottom of the details panel, under 'Prompt actions', click Edit prompt to edit the content and audience of the prompt. This will take you back to the prompt editor.
Remove the prompt from your website
At the bottom of the details panel, under 'Prompt actions', click Pause collection to disable the prompt on your website.
To make the prompt visible again on your website, click Activate collection.
Is the prompt automatically localized?
All the text within the popover (title, body, CTA) needs to be manually set. This text is not automatically translated into your tester's browser language.
As a workaround, if the website where the prompt is displayed has different URLs for different languages, you can create multiple prompts targeted at specific URLs, with text in each of the languages you're targeting.
For instance, if you're targeting Spanish-speaking users, set up the content of a prompt in Spanish. Then, when defining the audience, select Specific pages under 'Display on', and enter the specific URL that targets Spanish-speaking users — e.g.
Can I customize the prompt?
At the moment, the design of the prompt isn't yet customizable (i.e. branding, size, position on the page).
What happens if a prompt is enabled on one specific page, and then added to another?
Prompts are specific to a domain. Once the prompt is live for a domain, testers can interact with it only once. Even if you enable prompts for separate pages, users who clicked the CTA or dismissed the prompt will not see it again.
Security and performance FAQs
Will the Maze script slow down my website?
The Maze script is designed to have a very minimal impact on the performance of your website. It shouldn't take more than a few milliseconds to load, and this shouldn't be noticeable at all to your website users.
The Maze script loads asynchronously. Your website will continue to load while the Maze script is being executed.
This means that, even if the script fails to load (which is unlikely), your website will still continue to render as expected without the script.
The Maze tracking code you install on your website is used to dynamically run a loader that powers the testing on your website. The tracking code is less than 1KB.
The dynamic loader is less than 10KB and only runs in specific circumstances:
- the loader only runs if the API has a valid response;
- the API keys are only valid for each domain you configure;
- the code for either live website testing or the in-product prompt is only triggered if the destination site is opened on a new tab. If this first check is passed, we send a post message to the tab that opened the site, and attach an event listener to wait for the response. The rest of the live website testing code is only triggered if we get the proper response in the first minute. Otherwise, it will have no further impact.
If either of the conditions above is not met, the script is not loaded at all.
Content Delivery Network (CDN)
The dynamic loader is served by a Content Delivery Network (CDN).
A CDN is a distributed network of servers that delivers content based on a user's geographic location. It does this by storing copies of the content on servers located in different places around the world. When someone visits a website using a CDN, the content is delivered to their device from the server closest to them, reducing the distance it needs to travel and making it load faster.
Using a CDN allows us to serve the loader faster, more reliably, securely, and with reduced data usage.
The script uses session-based caching. The script is loaded only once, even when the user navigates through multiple pages.
Content Security Policy (CSP) directives
A Content Security Policy (CSP) is a security feature that helps protect websites from security threats and vulnerabilities. It does this by specifying the type of content (e.g. scripts, images, videos) that can be loaded on a website, and from which sources they can be loaded. This helps mitigate certain types of malicious attacks, such as cross-site scripting (XSS), clickjacking, and data injection attacks.
If you have a CSP implemented, you'll need to add a directive that allows files to be loaded from Maze in order to allow the Maze script to work on your website.
Default: If using a default CSP, we recommend adding the Maze domain as a trusted source in the default-src rules:
Stricter: If your organization requires stricter restrictions, we recommend the settings below:
script-src https://*.maze.co/ font-src https://*.maze.co/ style-src https://*.maze.co/ connect-src https://*.maze.co/ img-src https://*.maze.co/ style-src https://*.maze.co/
Strictest: If your CSP requires additional granularity, the following are the minimum rules required for the Maze script to work. Please note that this list is subject to change as this feature evolves. In that case, you'll need to update your CSP directives so that the snippet can continue to work.
script-src https://snippet.maze.co/ font-src https://snippet.maze.co/ style-src https://snippet.maze.co/ img-src https://snippet.maze.co/ style-src https://snippet.maze.co/ connect-src https://api.maze.co/ https://prompts.maze.co/
What measures are in place to ensure the security of the script?
Any changes to the script are subject to Maze’s change control policy.
Access to code changes is restricted to authorized employees only. All changes must go through code review and testing before deployment.
The script is hosted as part of our general platform infrastructure, with access restricted to authorized employees.
Is the script open-source?
The Maze tracking script is closed-source. By keeping the source code closed, Maze controls how the script is developed and distributed.
What data does Maze collect from my testers?
Still need help?
If you have any questions or concerns, please let our Support team know — we'll be happy to help!