Live website testing with Maze allows your team to run usability tests to understand how users are interacting with your live websites.
In this article:
- Before you start
- Who can use this feature
- Install the Maze tracking code on your website
- How to create a live website test in Maze
- Interacting with a live website test
- Results & Reports
- Current limitations when viewing live website test results
- Security and performance FAQs
Before you start
- Free exploration of a website is not currently supported. Similarly to mission blocks, you’ll need to define success paths when testing your website.
- In-page events are not supported yet. As such, the URL must change between different screens for the test to be meaningful.
- Clips are not currently supported on live website blocks.
- CSV exports are not supported yet for live website blocks.
- There are currently some limitations around displaying results data for website testing. Learn more
Who can use this feature?
Live website testing will be available for users on all plans. However, it is currently in a closed beta testing phase.
Install the Maze tracking code on your website
In order to enable usability testing on your live website, you’ll need to install a code snippet that enables this feature to run on your website.
You’ll also be prompted to follow these steps from your draft maze if you haven’t added the code to your URL’s domain yet when creating a live website testing block.
You can either add the Maze tracking code directly to your website, or use your tag management system of choice. To learn more, please see this article: Installing the Maze tracking code on your website
How to create a live website test in Maze
To create a live website test:
- Add a live website testing block to your maze
- Enter the starting URL
- Set the device type
- Define paths
- Add more blocks (if needed) and publish your maze
Add a live website testing block
- Open a draft maze.
- Click Add block, then select Live Website Testing.
- Enter the task title and an optional description. Learn best practices for writing tester prompts
Enter the starting URL
Paste the URL of your website and click Set up. Wait a few moments until we verify that the Maze tracking code is correctly installed on the website.
- The URL you paste will be the starting page/screen of your test.
- The URL must include a valid scheme (e.g.
- A small floating window will open with a preview of your website.
Set the device type
Select the Device type to determine the resolution in which your live website should be opened.
- Desktop: Your website window will open on a desktop resolution (1024px). Testers on smaller screens, such as mobile devices, won’t be able to open the maze at all — in those cases, they’ll see a “This page needs a larger screen” error.
- Mobile: Your website window will open on a mobile resolution (420px). Testers on a desktop will still be able to open the maze; the live website window will simply open on a mobile resolution.
- To start creating your paths, click Create path. A floating window will open with a preview of your website.
- Click through the website to define the path you expect the testers to take in order to complete the task. At the moment, each page change counts as a screen in the path. Learn more about paths
- To add more paths, click + Add new path.
- Once you’re done, click Save and close to save the paths and go back to the draft maze.
Add more blocks (if needed) and publish your maze
You can add multiple live website tests per maze. To add more tasks, simply create a new Live Website Testing block and repeat the steps above.
Once everything is ready, send the maze live to start testing.
Interacting with a live website test
When you add a live website testing block, testing happens on your actual website — any interactions testers make there happen in the “real world”, not on a dummy/test/staging environment.
When setting up a live website block, you’ll set a device type. This will determine the resolution in which your live website task will be opened.
If your testers are on desktop, they’ll be able to open both desktop and mobile tasks.
However, mobile users will only be able to open mobile tasks, not desktop tasks — opening a desktop test on a mobile device will lead to a “This page needs a larger screen” error.
You can test websites in any language and region. However, please note that, during the current beta testing phase, the task interface appears only in English.
Starting the test
The first thing testers will see is an introductory screen with the task and description.
Clicking the Start task button will open your live website in a new window. A modal with the mission task and description will be displayed at the bottom, but minimized once the tester starts interacting with your website.
If the tester returns to the maze before completing the task, they’ll be prompted to finish the task.
Ending the test
Clicking Stop task will give up on the task and return to the maze.
If the tester completes the mission, they will see a success message saying “You completed this task”. Clicking Continue will return the tester to the maze.
Results & Reports
As testers complete your live maze, you will start seeing insights on the Results dashboard. To learn more, check out Understanding your mission and live website results
Current limitations when viewing live website test results
- Due to technical limitations, heatmap screens won’t always capture the live website page in perfect detail.
- Overlays and modals are not captured in heatmaps; only the base page/screen.
- For the time being, you won’t be able to see report slides for live website testing blocks.
Security and performance FAQs
Is the script open-source?
The Maze tracking script is closed-source.
What measures are in place to ensure the security of the script?
- Change control: The script is covered by Maze’s internal change control policy. Access to the code is restricted to authorized employees, and all updates undergo a review process.
- Hosting: The script is hosted as part of our general platform infrastructure, with access restricted to authorized employees. To learn more about the steps Maze takes to keep your data safe, please check out maze.co/security and compliance.maze.co.
Will the Maze script impact the performance of my website?
The Maze script is designed to have minimal impact on the performance of your website. There are two parts of the architecture you need to consider: the Maze tracking code you install on your website, which is used to run dynamically a loader that powers the actual testing on your live website.
Tracking code: The tracking code is less than 1kB.
Loader: The dynamic loader is less than 10kB. It only runs under specific circumstances:
- the loader only runs if the API has a valid response;
- the API keys are only valid for each domain you configure;
- the code for either live website testing or the widget is only triggered if the destination site is opened on a new tab. If this first check is passed, we send a post message to the tab that opened the site, and attach an event listener to wait for the response. The rest of the live website testing code is only triggered if we get the proper response in the first minute. Otherwise, it will have no further impact.
Does the script load asynchronously?
At the moment, the Maze script loads synchronously.
However, it has been designed in a way that shouldn't impact the performance of your website. The small dynamic loader loads first, served by CDN. If the necessary conditions are met, the code for either live website testing or the widget is triggered.
Additionally, the script uses session-based caching: the script loads only once, even if the user navigates through multiple subsequent pages.
Content Security Policy (CSP) directives
A Content Security Policy (CSP) defines which dynamic resources (e.g. scripts) can be loaded on your website. It’s used to mitigate certain types of malicious attacks, such as cross-site scripting (XSS) or data injection.
If you have a CSP implemented, you'll need to add a directive that allows files to be loaded from Maze in order to allow the Maze script to work on your website.
If using a default CSP, we recommend adding the Maze domain as a trusted source in the default-src rules:
If your organization requires stricter restrictions, we recommend the settings below:
script-src https://*.maze.co/ font-src https://*.maze.co/ style-src https://*.maze.co/
If your CSP requires additional granularity, the following are the minimum rules required for the Maze script to work. Please note that this list is subject to change as this beta feature evolves. In that case, you'll need to update your CSP directives so that the snippet can continue to work.
script-src https://snippet.maze.co/ font-src https://snippet.maze.co/ style-src https://snippet.maze.co/
What measures are in place to ensure the privacy of my testers when testing live websites?
When you add a live website testing block, testing happens on your actual website — any interactions made there happen in the “real world”; Maze doesn’t create a dummy/test/staging environment for you.
You should therefore be mindful that you may be collecting personally identifiable information from your testers. For instance, if you ask users to log in to their account as part of your test, the screenshots on your Results dashboard will include anything they’ve entered when logging in, as well as any data on their personal area that they’ve previously input.
In these cases, we’d suggest setting up your own staging environment, and/or giving users test credentials to avoid having them reveal their personal data.
If your mazes generally collect or capture personally identifiable information, either through questions or by using Clips or live website testing, we also recommend you refer to this article: How to honor your GDPR obligations when testing with Maze
Do you have any feedback?
This feature is currently in a beta testing phase. If you have any questions, feedback, or issues, please let our team know!