Learning Objectives
- You will understand what TrustedForm Certify is and its role in lead generation.
- You will see how the tool captures user interactions and associated metadata.
- You will be able to explain its benefits in ensuring compliance and protecting business interests.
Overview
Summary:
TrustedForm Certify is ActiveProspect’s JavaScript solution that captures a webpage’s Document Object Model (DOM) and user interactions during a lead event, generating a unique certificate URL that serves as verifiable proof of consumer consent.
Why It Matters:
It provides an independent, third‑party record of what a consumer saw and did during the form submission process. This documentation is critical for regulatory compliance (such as TCPA and CASL), helps defend against lead fraud and legal challenges, and bolsters trust between publishers, brokers, and advertisers.
Practical Examples
Example 1: Single-Page Lead Form
A real estate website uses TrustedForm Certify on its contact form. When a visitor accesses the page, the script captures the DOM and records their mouse clicks and scrolling. It then receives a unique certificate URL which is inserted as a hidden field (commonly named “xxTrustedFormCertUrl”). When the form is submitted, this URL accompanies the lead data as evidence that the user was shown the appropriate consent language.
Example 2: Multi-Step Application Process
A banking website integrates TrustedForm Certify into its multi-step loan application. The script begins recording user interactions once the page loads and continues throughout the various stages. Upon final submission, the complete certificate, along with detailed metadata (IP address, browser information, session replay data), is sent along with the lead data—providing a full audit trail of the consumer experience.
Implications & Applications
Key Takeaways:
- TrustedForm Certify provides verifiable, independently stored proof of consumer consent.
- It plays a crucial role in reducing legal risk by ensuring compliance with consent regulations.
- It functions seamlessly with other TrustedForm products (like Retain, Verify, and Insights) to create a comprehensive lead management and audit trail.
Practical Applications
- Embed TrustedForm Certify on lead forms to automatically capture consumer interactions and consent evidence.
- Use lead matching techniques to verify that the contact information submitted by the consumer aligns with what was captured in the certificate.
- Retain certificates for long-term storage to support audits and legal defense.
- Integrate with performance monitoring to ensure that the script’s asynchronous loading preserves fast page load times and overall user experience.
Timing the Launch of the TrustedForm Certify Web SDK
The placement and execution timing of the TrustedForm Certify Web SDK can affect how accurately the consumer’s session is captured. In most implementations, the SDK can simply be added to the page without special handling, but certain environments may require more precise control.
Recommended placement (most common):
Place the TrustedForm script just before the closing </body> tag.
This ensures that the page has fully rendered before the SDK begins scanning the DOM and recording user interactions.
<!-- ... page content ... -->
<script src="https://api.trustedform.com/certify.js"></script>
</body>
Using defer When Needed
If your site loads many scripts or experiences render delays, adding the defer attribute can help ensure that TrustedForm loads after the page is parsed, without blocking other resources:
<script src="https://api.trustedform.com/certify.js" defer></script>
This allows the script to download immediately but wait to execute until after the DOM is ready.
When TrustedForm Should Load Earlier
In rare cases, customers report that consumers begin typing before the SDK loads. If this happens, you may delay other scripts (using their own defer attributes) to ensure TrustedForm initializes first—without blocking the initial form load.
This configuration should be tested carefully, as TrustedForm must start after the form and required elements are present.
Advanced Control
For more complex environments—such as dynamic rendering or multi-step forms—consider using a controlled execution pattern (see “Manually Triggering TrustedForm”) to launch recording only after the form and consent language are fully visible.
These approaches ensure that TrustedForm captures the entire consumer interaction accurately, regardless of how the page is built.
Manual Stop for Single-Page Applications (SPAs)
By default, the TrustedForm Certify Web SDK records user interactions until the page unloads—typically when the user submits a form and is redirected to a confirmation page.
In Single-Page Applications (SPAs), form submission often does not unload the page. To support this, TrustedForm provides a global function that allows you to manually stop the recording when your flow is complete:
trustedFormStopRecording()
Calling this function immediately finalizes the certificate and stops all further recording.
Important: Once stopped, the recording cannot be restarted during the same session.
Manually Triggering TrustedForm (Delayed Execution)
In some implementations, you may want TrustedForm to begin recording only after a specific event—such as when a consent modal is accepted, when the form is fully loaded, or to reduce impact on page performance.
To do this, wrap the TrustedForm Certify snippet inside a function and trigger it manually:
function beginTrustedFormRecording() {
// Paste the TrustedForm Certify snippet here
}
You can call this function from any user action or application event (e.g., clicking a button, focusing a field, opening a modal).
Best practices:
- Give the SDK enough time to load before the form is submitted (usually under one second).
- Avoid triggering both “start recording” and “submit form” in the same event—this may prevent certificate creation.
- Use separate actions (e.g., start recording on field focus, then submit normally).
This approach provides greater control over when recording begins, especially for dynamic forms, multi-step flows, and SPA environments.
Frequently Asked Questions (FAQ)
Q: What exactly does TrustedForm Certify do on my website?
A: It executes a JavaScript snippet upon page load that captures the webpage’s DOM and user interactions, then generates a unique certificate URL. This URL, embedded as a hidden field, serves as independent proof that the consumer viewed and consented to the necessary information on your form.
Q: When does TrustedForm stop recording and generate the certificate?
A: TrustedForm records activity from the moment the script loads until the consumer either submits the form or leaves the page (both count as abandonment). When the browser disconnects, TrustedForm saves everything captured during the session and generates the final TrustedForm certificate. You can see this in action using the TrustedForm demo, which shows a live certificate and session replay.
Q: Will implementing TrustedForm Certify affect my website’s performance?
A: No. The script is optimized for asynchronous loading, which ensures it does not block page rendering or significantly impact load times.
Q: What data is collected by TrustedForm Certify?
A: It collects the full DOM (HTML, CSS, images, etc.), user interaction events (clicks, keystrokes, scrolls), and metadata such as IP address, browser type, operating system, and timing metrics like time on page.
Q: How long are TrustedForm certificates available?
A: By default, certificates are available for 72 hours. If a form submission is detected, the retention period may extend up to 90 days. For long-term storage, use the TrustedForm Retain process, which typically stores certificates for up to 5 years.
Q: How is the data collected by TrustedForm Certify secured from unauthorized access?
A: All data is transmitted over HTTPS and stored in a secure data warehouse. Sensitive fields can be flagged to be encrypted or masked, and access is restricted through strict authentication controls.
Q: How does TrustedForm Certify work?
A: When a visitor loads a page with the script, TrustedForm Certify captures the page’s DOM and logs relevant user events. It sends this information securely to TrustedForm’s servers, which return a unique certificate URL. This URL is then automatically inserted into a hidden field on the form. Upon submission, the certificate URL travels along with the lead data, providing a digital record of the consumer session.
Q: Why does my site traffic go up when TrustedForm Certify is on my website?
A: As part of generating reliable documentation of a lead event, TrustedForm Certify creates a snapshot of your webpage. This involves a server-side request that may appear as a visit to your website. If you have assets—such as tracking pixels—that you prefer not to be requested, please file a support ticket and our team can add them to our block list.
Q: Can I download a TrustedForm certificate?
A: No, TrustedForm certificates cannot be downloaded. They can only be viewed within the TrustedForm application, which prevents tampering and removes the burden of storing certificates yourself.
Q: Will I be charged for certified leads I generate?
A: No, you won’t be charged for the certified leads you generate. Creating certificates is free—ActiveProspect only charges when certificates are retained for long-term record keeping.
Q: How can I view the certificates I create?
A: You can view your certificate by confirming you own the domain it was generated from in your ActiveProspect account. If you certifciate wasn’t generated from a website you own then you will have to retain it in order to view it.
Q: Can TrustedForm Certify record chat bots?
A: TrustedForm Certify can record a chat bot only if the bot’s technology allows custom JavaScript to be added to its source code, since the Web SDK must run directly on the page. Because chat bots are built in many different ways and no third party bots have native support, you will need to work with your chat bot developer to test the SDK and verify whether certificates generate accurately.
Glossary
| Term | Definition |
|---|---|
| TrustedForm Certify | A JavaScript solution by ActiveProspect that captures webpage content and user events to generate a unique certificate URL as proof of consumer consent. |
| Certificate URL | A unique link generated by TrustedForm Certify that points to the archived record (certificate) documenting the consumer’s session and consent. |
| DOM (Document Object Model) | The in-memory representation of a webpage’s structure (HTML, CSS, etc.) used by browsers to render page content. |
| Session Replay | A feature that reconstructs a consumer’s interactions on the webpage using captured event data and DOM snapshots. |
| Retain | The process of storing a TrustedForm certificate long term (typically up to 5 years) for auditing and legal purposes. |
| Lead Matching | The method of verifying that the contact details (e.g., email, phone) submitted by the consumer match those captured during the session. |
| data‑tf‑sensitive | An attribute used to flag form fields or page elements containing sensitive data so that they are masked or encrypted before storage. |
| Asynchronous Loading | A technique that allows scripts to load in parallel with page content, ensuring that user experience and page speed remain optimal. |
Comments
0 comments
Please sign in to leave a comment.