“B2B attribution is broken” is one of the most repeated claims in marketing — and one of the least measured. So we measured it at the source: do public B2B demo forms actually carry the campaign data (the UTM and the Google click-ID) into the lead they submit? We submitted real test leads to 20 forms by hand and read the actual network request each one sent.
The answer surprised us, and it reverses the usual story. Most forms do capture the campaign data — and the automated scanners people use to check are undercounting it by roughly 3x.
Key Takeaways
- Capture is the rule, not the exception. 17 of 20 hand-verified B2B forms (≈85%) put the UTM and/or click-ID into the lead record. Only 3 genuinely dropped it.
- Automated form audits undercount capture by ~3x. Our read-only detector found only 47% of the real captures (8 of 17). When it did flag capture it was right every time (8 of 8) — but it missed 9 forms that capture invisibly.
- The data hides at submit. Of the 17 captures, 13 used hidden form fields, 3 injected the values into the submission payload via JavaScript at submit, and 1 forwarded them from a first-party cookie after the visible URL had gone clean.
- Even attribution vendors aren’t special. Companies that sell attribution/analytics software captured at ≈82% (9 of 11) — no better than general SaaS at ≈88% (7 of 8).
- The practical rule: a form scanner is trustworthy when it says “captured” and unreliable when it says “not captured.” Use its positives; verify its negatives by hand.
The finding, in one sentence
Among 20 B2B demo forms we submitted real test leads to and inspected by hand, 17 (about 85%) carried the campaign data into the actual submitted lead. An automated scanner reading the same forms detected only 29%. The scanner was undercounting real capture by roughly 3x, because most forms capture the data at the instant of submission — exactly where a read-only scan cannot see.
WHY THIS MATTERS TO YOU
If you have ever run a form scanner — or paid for an “attribution audit” — and concluded your tracking is broken, this is your second opinion. The scan almost certainly undercounts, and your leads are probably carrying the campaign data after all, just where the scan can’t look. Before you rebuild a working setup, check the three places capture actually hides (named below).
Why this study exists
UTMs and click-IDs are how a B2B company knows which campaign produced a lead. If a demo form drops them, the lead lands in the CRM with no source, and the campaign that paid for it gets no credit. “Attribution is broken” is a popular claim — but almost nobody has measured, form by form, whether the data actually survives into the submitted lead. We set out to measure it. The trap we walked into first — and the reason this report is interesting — is that the obvious way to measure it is wrong.
How we measured it (and why the easy method lies)
We started with an automated audit of 150 public B2B demo, contact, and signup forms. A read-only script loaded each form carrying a test UTM and click-ID, then inspected the page’s form fields, cookies, and dataLayer. It produced a tidy number: 29% (44 of 150) capture the UTM into an actual form field.
We did not trust it, for a simple reason: a script reading the page can only see what is in the page. It cannot see what a form adds to the network request at the instant you hit submit. So we hand-validated a stratified sample of 23 forms the only way that settles the question — by submitting one real test lead to each and reading the actual submission request.
The protocol, applied identically to every form:
- One submission per form, from a single dedicated address on our own domain, then stop. No automation, no resubmission.
- Each form was reached through a unique tagged URL (
utm_source=ivris-research … gclid=ivrisHAND-<n>), so any captured value is unambiguously ours. - We read the actual submission POST body and searched it for our sentinel values.
- Capture counts only if the value is in the submission payload. Analytics pixels, request headers, the
Referer, first-party cookies, and the page URL do not count — they are not the lead record. - Where the real payload could not be observed (server-rendered, third-party iframe, or a blocked route), the form is recorded as unverifiable and excluded — never guessed.
Three of the 23 were unverifiable (AgencyAnalytics, Customer.io, Buildertrend), leaving 20 forms with a definitive answer.
What the hand pass found
Among those 20 forms, 17 captured the campaign data into the submitted lead and 3 did not — a capture rate of about 85%, versus the 29% the scanner reported on the full set.
What the scanner sees vs. what the form actually does
Capture rate among forms where the answer is definitive (hand-read: 17 of 20). The scan figure (44 of 150) is the read-only floor — the gap between the bars is the capture that happens off-page, at submit.
The three genuine misses were Dreamdata (a Squarespace form that posted only its visible fields), HockeyStack (the UTM field names were present but the values were blank, and the tag was lost on a redirect), and Attio (a custom API that posted a clean, contact-only body). The interesting part is how the other 17 captured:
How the 17 captures carried the data
JS-injected at submit — 3 (invisible to a scan)
Cookie-forwarded — 1 (invisible to a scan)
The bottom two methods — 4 of the 17 — add the campaign data to the request only at the moment of submit, in a platform context object or forwarded from a first-party cookie. A read-only audit is structurally blind to both.
The headline: automated form audits undercount capture ~3x
Lining up the scanner’s prediction against the hand-read truth, form by form, on the 20 verifiable cases:
Scanner prediction vs. hand-read ground truth (n = 20)
CAPTURED
NOT capture
“captured”
“no capture”
Precision 8/8 (100%) — when the scanner said “captured,” it was always right. Recall 8/17 (47%) — it found fewer than half of the real captures. The nine it missed: Adjust, Crazy Egg, Adverity, Branch, CallRail, Aircall, AppFolio, BambooHR, and Cal.com.
So the 29% an automated audit reports is a floor, not the truth. The real rate, read from the actual lead payloads, was roughly three times higher. The practical inversion worth remembering: a form scanner is reliable when it says “yes, captured” and unreliable when it says “no.” Use its positives; verify its negatives by hand.
Even attribution vendors aren’t special
We tagged every company with whether it sells attribution, analytics, or martech tooling — the “do they eat their own cooking” control. The result is undramatic in an interesting way:
Capture rate by whether the company sells attribution tooling
Attribution specialists: 9 of 11 captured. General SaaS: 7 of 8. No meaningful gap — once you read the real payload instead of a scan, capture is simply widespread. The vendors who sell attribution are neither better nor worse than everyone else.
The full dataset — all 23 forms
Every form we attempted, the platform behind it, what the automated scanner concluded, and what we found by reading the actual submission. Rows where the scanner said “none” or “cookie-only” but the form did capture are its blind spots.
| # | Company | Sells martech? | Form platform | Scanner verdict | Hand-read result | How it captured |
|---|---|---|---|---|---|---|
| 1 | Adjust | Yes | Pardot | none → | Captured | Hidden field |
| 2 | Crazy Egg | Yes | Custom (signup) | none → | Captured | Hidden field |
| 3 | Dreamdata | Yes | Squarespace | none | Not captured | — |
| 4 | HockeyStack | Yes | HubSpot (Webflow) | none | Not captured | — (UTM fields blank) |
| 5 | Adverity | Yes | HubSpot | cookie-only → | Captured | JS-injected at submit |
| 6 | AgencyAnalytics | Yes | Custom (no POST seen) | cookie-only | Unverifiable | — |
| 7 | Branch | Yes | Custom API | cookie-only → | Captured | Cookie-forwarded |
| 8 | CallRail | Yes | Custom API | cookie-only → | Captured | JS-injected at submit |
| 9 | AppsFlyer | Yes | Marketo | form-field | Captured | Hidden field |
| 10 | Factors.ai | Yes | HubSpot | form-field | Captured | JS-injected at submit |
| 11 | FullStory | Yes | Marketo | form-field | Captured | Hidden field |
| 12 | Funnel | Yes | HubSpot | form-field | Captured | Hidden field |
| 13 | Customer.io | Yes | Custom (no contact fields in POST) | form-field | Unverifiable | — |
| 14 | HubSpot | Yes | HubSpot | form-field | Captured | Hidden field |
| 15 | Airbyte | No | HubSpot | form-field | Captured | Hidden field |
| 16 | Atera | No | WPForms | form-field | Captured | Hidden field |
| 17 | Bloomerang | No | Marketo | form-field | Captured | Hidden field |
| 18 | Aircall | No | Custom JSON (HubSpot-backed) | cookie-only → | Captured | Hidden field |
| 19 | AppFolio | No | Marketo | cookie-only → | Captured | Hidden field |
| 20 | Attio | No | Custom API | cookie-only | Not captured | — |
| 21 | BambooHR | No | Marketo | none → | Captured | Hidden field |
| 22 | Buildertrend | No | Blocked (403) | none | Unverifiable | — |
| 23 | Cal.com | No | Custom | none → | Captured | Hidden field |
The arrow (→) marks the nine forms where the automated scanner predicted “no capture” but the form did capture — its blind spots. The UTM survived the homepage→form journey on 20 of the 22 forms where that was observable (≈91%).
📊 Download the full dataset (CSV)
All 23 rows with vendor, platform, scanner verdict, hand-read result, capture method, journey-survival, and per-vendor observation notes. Released for replication and reuse — please cite Ivris Tech and link this page.
Download b2b-form-attribution-capture-2026_dataset_PUBLIC.csv →
Collected 2026-06-17. Among 20 hand-verified B2B forms, 17 captured the
UTM/click-ID into the submitted lead — about 3× what an automated DOM
audit detected. https://ivristech.com/b2b-form-attribution-capture/
Two clean findings from the wider 150-form audit
The capture detector undercounts because capture happens off-page. But the scanner is perfectly reliable for things that are in the page — so these two figures from the full 150-form audit stand as measured:
- Bot protection ≈ 47%. Of 150 forms, 71 use a managed CAPTCHA (56 reCAPTCHA, 13 Cloudflare Turnstile, 2 honeypot); 79 use none. A floor, since silent honeypots are undercounted.
- “How did you hear about us” is rare — ≈15%. Just 23 of 150 forms ask, and only 12 make it required. And 31 of the 40 martech sellers in the sample (78%) don’t ask at all — the companies most equipped to value self-reported attribution mostly skip it.
Methodology and provenance
This page reports a descriptive finding on a small, stratified sample, not a market-wide census. Every figure is “among the forms we audited,” and we report counts beside percentages on purpose.
- Parent sample: 150 public B2B demo/contact/signup forms, automated read-only audit, collected June 2026.
- Hand-validation subsample: 23 forms, stratified across the scanner’s three verdict classes (form-field / cookie-only / none) and deliberately weighted toward suspected false negatives. Submitted and read by hand on 2026-06-17.
- Capture definition: a UTM or click-ID present in the actual submission POST body. Headers, cookies, referrers, analytics pixels, and page URLs explicitly excluded.
- Evidence: a payload screenshot was preserved for every row; per-vendor observation notes are published in the dataset.
LIMITATIONS — READ BEFORE QUOTING ANY NUMBER
The 20 verifiable hand-checks establish direction and prove the scanner undercounts; they are not enough to publish a precise population capture rate, and we don’t. The sample is stratified by scanner verdict, not by platform or industry, and it over-weights suspected false negatives by design. “Captured into the submitted lead” means the data was transmitted in the lead request — not that the vendor stores or acts on it, which is out of scope. We re-ran a novelty search on 2026-06-18 and found no prior published dataset measuring form-level UTM capture or calibrating automated form audits against hand-read payloads.
A note that cuts the same way: we also tried to widen the sample with an automated client that records the full outgoing request body. On three more forms the scanner had scored “none” (Trigger.dev, Replit, Toggl), the lead submission happened server-side, with no campaign data in any client-side request — the sentinel surfaced only in third-party analytics pixels, which we do not count. That independently reinforces the core finding: on the forms a scanner calls “no capture,” capture (or its absence) is decided off the page, where neither an automated scan nor an automated submitter can see. The only instrument that settles it is a human reading the actual submission payload — which is what the 20-form pass above did.
Frequently Asked Questions
It means that when the form was submitted, the campaign values (UTM parameters and/or the Google click-ID) were present in the network request that creates the lead — so they would land on the lead record in the CRM, not just in an analytics tool. We did not count values that appeared only in cookies, headers, the referrer, the page URL, or analytics pixels.
A read-only scan sees the page’s fields, cookies, and dataLayer. It cannot see what JavaScript adds to the submission request at the moment you click submit. In our sample, 9 of 17 captures happened exactly there — invisible to the scan. So a scanner’s “no capture” verdict is unreliable, while its “yes, captured” verdict was right every time (8 of 8).
At the form layer, mostly yes — in our sample the data survived into the lead about 85% of the time. The breakage people see is more often downstream (the CRM ignores the field, or no one maps it to a campaign) than at the point of capture. But measure your own forms by reading the payload before concluding either way.
20 forms with a definitive hand-read answer (out of 23 attempted; 3 were unverifiable), drawn from a 150-form automated audit. It is small by design — a calibration of the automated method, not a population census. Every figure is framed “among the forms we audited.”
Yes. Please cite Ivris Tech and link this page; the full dataset is published as a downloadable CSV above. Suggested citation: Ivris Tech (2026), “The State of B2B Form Attribution Capture 2026” (Pass A), collected 2026-06-17.
Research and analysis by Mahesh Sirvi, Ivris Tech. Methodology, dataset, and per-vendor evidence published in full for replication. Part of The State of B2B Attribution & Tracking Hygiene 2026.
