id,company,form_url,category_family,sells_martech,martech_subtype,form_platform,scraper_verdict,scraper_predicted_capture,hand_journey_utm_survived,hand_payload_has_utm,hand_payload_has_gclid,hand_capture_confirmed,capture_method,scraper_matched_truth,evidence_ref,collection_date,notes
1,Adjust,https://www.adjust.com/request-a-demo/,Marketing/Sales-tech,Y,attribution/analytics/measurement,Pardot,none,N,Y,Y,Y,Y,hidden-field,N,available on request,2026-06-17,"Tagged form URL redirected to /request-a-demo/see-adjust with query parameters preserved. Submission POSTed through embedded Pardot form at go.adjust.com; POST body contained utm_source=ivris-research, utm_medium=audit, utm_campaign=handcheck, and gclid=ivrisHAND-1."
2,Crazy Egg,https://www.crazyegg.com/signup,Marketing/Sales-tech,Y,attribution/analytics/measurement,Custom (account signup),none,N,Y,Y,Y,Y,hidden-field,N,available on request,2026-06-17,"Cloudflare challenge completed manually. Multi-step signup required email and password. The account-creation POST body contained utm_source=ivris-research, utm_medium=audit, utm_campaign=handcheck, and gclid=ivrisHAND-2, then redirected to /pricing. No paid plan was selected."
3,Dreamdata,https://dreamdata.io/request-demo,Marketing/Sales-tech,Y,attribution/analytics/measurement,Squarespace,none,N,Y,N,N,N,none,Y,available on request,2026-06-17,"Squarespace SaveFormSubmission POST contained only submitted form fields and form metadata. No UTM or gclid values appeared in the POST body. The full tagged URL appeared only in the HTTP Referer header, confirming the tags reached the form page but not the submitted lead payload. Visitor had accepted necessary cookies only; capture behavior with statistics/marketing consent was not tested. Form displayed an email-confirmation message after submission."
4,HockeyStack,https://www.hockeystack.com/get-demo,Marketing/Sales-tech,Y,attribution/analytics/measurement,HubSpot (Webflow),none,N,N,N,N,N,none,Y,available on request,2026-06-17,"Accepted all cookies. Tagged /get-demo URL redirected to clean /contact-sales URL. HubSpot-on-Webflow submission POST contained UTM field names, but all UTM values were blank; no gclid value was present. Submitted contact fields were present, confirming the correct form POST was inspected."
5,Adverity,https://www.adverity.com/book-a-demo,Marketing/Sales-tech,Y,attribution/analytics/measurement,HubSpot,cookie/dl-only,N,Y,Y,Y,Y,JS-injected-at-submit,N,available on request,2026-06-17,"Original prepared /book-a-demo URL returned 404, so the current live HubSpot form URL was identified and tested in a fresh Incognito session with the same sentinel tags. Submission POST contained utm_campaign=handcheck and utm_medium=audit as explicit form fields. HubSpot hs_context also contained pageUrl/urlParams with utm_source=ivris-research, utm_medium=audit, utm_campaign=handcheck, and gclid=ivrisHAND-5. The explicit gclid_field itself was blank, but the gclid value was present in the submitted hs_context JSON."
6,AgencyAnalytics,https://agencyanalytics.com/signup,Marketing/Sales-tech,Y,attribution/analytics/measurement,Custom (no observable POST),cookie/dl-only,N,Y,unverifiable,unverifiable,unverifiable,unverifiable,n/a,available on request,2026-06-17,"Account was created successfully and the tagged parameters survived into onboarding. No identifiable account-creation POST payload was observable in the preserved Network log. A HubSpot tracking GET to track.hubspot.com/__ptq.gif contained account details and signup_referrer UTM values, including ivris-research and handcheck, plus ivrisHAND-6 inside _gcl_aw, but analytics tracking is not accepted as proof that the campaign values entered the submitted account/lead record. Result recorded as no observable submission POST — unverifiable."
7,Branch,https://www.branch.io/contact/,Marketing/Sales-tech,Y,attribution/analytics/measurement,Custom API,cookie/dl-only,N,N,Y,Y,Y,cookie-forwarded,N,available on request,2026-06-17,"Tagged parameters disappeared from the visible URL after clicking Request a demo and arriving at /contact-sales-2/. The leadCapture POST to www2.branch.io contained Most_Recent_UTM_Source__c=ivris-research, Most_Recent_UTM_Medium__c=audit, Most_Recent_UTM_Campaign__c=handcheck, and Google_Click_ID__c=ivrisHAND-7. Because the values reappeared in the submitted payload after the URL was clean, capture was classified as cookie-forwarded."
8,CallRail,https://www.callrail.com/request-a-demo,Marketing/Sales-tech,Y,attribution/analytics/measurement,Custom API,cookie/dl-only,N,Y,Y,Y,Y,JS-injected-at-submit,N,available on request,2026-06-17,"The CallRail form_capture.json POST contained the submitted contact fields and included the full tagged landing/current URL in both landing and url metadata fields. Those values contained utm_source=ivris-research, utm_medium=audit, utm_campaign=handcheck, and gclid=ivrisHAND-8. Because the campaign data was added to the submitted request as JavaScript-generated capture metadata rather than explicit visible form fields, capture was classified as JS-injected-at-submit."
9,AppsFlyer,https://www.appsflyer.com/start/demo/,Marketing/Sales-tech,Y,attribution/analytics/measurement,Marketo,form-field,Y,Y,Y,Y,Y,hidden-field,Y,available on request,2026-06-17,"Marketo leadCapture POST contained explicit hidden attribution fields: HSUTMSource__c=ivris-research, HSUTMMediu__c=audit, HSUTMCampaign__c=handcheck, and Google_ID_gclid__c=ivrisHAND-9. The full tagged URL was also present in formLandingPageURL and _mktoReferrer. Phone field deviated from protocol in the submitted payload: it appeared as +(91) 202-555-014 rather than +1 202-555-0147. No resubmission was made."
10,Factors.ai,https://www.factors.ai/book-a-demo,Marketing/Sales-tech,Y,attribution/analytics/measurement,HubSpot,form-field,Y,Y,Y,Y,Y,JS-injected-at-submit,Y,available on request,2026-06-17,"HubSpot formsnext submission POST contained the submitted contact fields and included the full tagged page URL plus urlParams inside hs_context. The submitted hs_context contained utm_source=ivris-research, utm_medium=audit, utm_campaign=handcheck, and gclid=ivrisHAND-10. The UTM/gclid values were not rendered as ordinary form fields, so capture was classified as JS-injected-at-submit."
11,FullStory,https://www.fullstory.com/demo/,Marketing/Sales-tech,Y,attribution/analytics/measurement,Marketo,form-field,Y,Y,Y,Y,Y,hidden-field,Y,available on request,2026-06-17,"Marketo leadCapture POST contained explicit hidden attribution fields: utm_source_2=ivris-research, utm_medium_2=audit, utm_campaign_2=handcheck, and GCLID__c=ivrisHAND-11. The full tagged URL was also present in formUrl and _mktoReferrer. Optional marketing consent remained unchecked."
12,Funnel,https://funnel.io/book-demo,Marketing/Sales-tech,Y,attribution/analytics/measurement,HubSpot,form-field,Y,Y,Y,Y,Y,hidden-field,Y,available on request,2026-06-17,"The first-step HubSpot demo-request submission contained explicit attribution fields: utm_source=ivris-research, utm_medium=audit, utm_campaign=handcheck, and gclid=ivrisHAND-12. The full tagged page URL and urlParams were also included inside hs_context. No calendar date or time was selected after the email submission."
13,Customer.io,https://customer.io/demo,Marketing/Sales-tech,Y,automation/lead-capture/forms,Custom (no contact fields in POST),form-field,Y,Y,Y,Y,unverifiable,unverifiable,n/a,available on request,2026-06-17,"The selected Customer.io demo document POST showed Query String Parameters utm_source=ivris-research, utm_medium=audit, utm_campaign=handcheck, and gclid=ivrisHAND-13. The evidence does not show submitted contact fields in the same request, so under the locked validation rule this is not sufficient proof that the campaign values entered the lead record. The form was not resubmitted; capture is recorded as unverifiable rather than guessed."
14,HubSpot,https://www.hubspot.com/products/get-started,Marketing/Sales-tech,Y,automation/lead-capture/forms,HubSpot,form-field,Y,Y,Y,Y,Y,hidden-field,Y,available on request,2026-06-17,"The actual HubSpot lead-submission POST contained the submitted contact fields and hs_context in the same Form Data payload. Inside hs_context, pageUrl and urlParams contained utm_source=ivris-research, utm_medium=audit, utm_campaign=handcheck, and gclid=ivrisHAND-14. The tagged values also survived into the offers.hubspot.com thank-you URL. Because the campaign values were present inside the same actual lead request—not merely an analytics request—capture is confirmed. The form was submitted exactly once."
15,Airbyte,https://airbyte.com/talk-to-sales,Dev/Infra & Data,N,,HubSpot,form-field,Y,Y,Y,Y,Y,hidden-field,Y,available on request,2026-06-17,"The actual HubSpot lead-submission POST contained the submitted contact fields and hs_context in the same Form Data payload. Inside hs_context, pageUrl and urlParams contained utm_source=ivris-research, utm_medium=audit, utm_campaign=handcheck, and gclid=ivrisHAND-15. An explicit utm_campaign field also contained handcheck, while utm_medium___first was blank. Because all three UTMs and gclid were present inside the same actual lead request, capture is confirmed and classified as hidden-field. The form was submitted exactly once."
16,Atera,https://www.atera.com/get-demo/,"Commerce, Logistics & IT",N,,WPForms,form-field,Y,Y,Y,Y,Y,hidden-field,Y,available on request,2026-06-17,"The prepared tagged /get-demo/ URL returned an Atera 404 page, but its Request a demo modal remained functional and the query string stayed in the browser URL. The actual WPForms submission request contained the submitted contact fields and hidden field wpforms[fields][23]=utm_source=ivris-research&utm_medium=audit&utm_campaign=handcheck&gclid=ivrisHAND-16 in the same Form Data payload. wpforms[fields][15] and page_url contained the clean /get-demo/ URL, but the complete attribution query string was separately submitted as a hidden field. Therefore UTM and gclid capture are confirmed. The submitted job title was Researcher rather than the earlier suggested Founder; no resubmission was made. The form was submitted exactly once."
17,Bloomerang,https://bloomerang.com/learn/demo-live,Vertical SaaS,N,,Marketo,form-field,Y,Y,Y,Y,Y,hidden-field,Y,available on request,2026-06-17,"The actual Marketo form-submission POST contained the submitted contact fields and explicit hidden attribution fields in the same Form Data payload: utm_source__c=ivris-research, utm_medium__c=audit, utm_campaign__c=handcheck, and GCLID__c=ivrisHAND-17. The payload also included formid=1273, munchkinId=618-WGI-459, formSubmissionURL=https://bloomerang.com/learn/demo-live, and _mktoReferrer with the full tagged entry URL. A separate Bizible onSubmit beacon also associated the email with the tagged URL, but capture is confirmed from the actual Marketo lead request, not from that analytics beacon. The form was submitted exactly once."
18,Aircall,https://aircall.io/get-started/,Support & Comms,N,,Custom JSON (HubSpot-backed),cookie/dl-only,N,Y,Y,Y,Y,hidden-field,N,available on request,2026-06-17,"The prepared tagged /demo/ URL returned an Aircall 404 page, so the current live /get-started/ form was tested in the same form-18 pass using the same sentinel tags. The actual JSON form-submission request contained the submitted contact and qualification fields together with explicit attribution fields: utmsource=ivris-research, utmmedium=audit, utmcampaign=handcheck, and GCLID__c=ivrisHAND-18. The same payload also contained formSubmissionUrl with the complete tagged /get-started/ URL, formId=2441, and formGuid=1e05cd42-c8d3-4c69-9cde-d07ac8d846a8. Because the UTM values and gclid were present inside the actual lead-submission payload, capture is confirmed and classified as hidden-field. The form was submitted exactly once."
19,AppFolio,https://www.appfolio.com/property-manager/free-demo-202512,Vertical SaaS,N,,Marketo,cookie/dl-only,N,Y,Y,Y,Y,hidden-field,N,available on request,2026-06-17,"The original tagged /property-manager/free-demo route redirected to the newer /property-manager/free-demo-202512 form while preserving the complete sentinel query string. The actual Marketo form-submission POST contained the submitted contact and qualification fields together with explicit attribution fields in the same Form Data payload: utmsource=ivris-research, utmmedium=audit, utmcampaign=handcheck, and GCLID__c=ivrisHAND-19. The payload also included formid=3975, munchkinId=895-CGW-711, LeadSource=bizibleoverride, Products__c=Property Manager, and _mktoReferrer with the complete tagged redirected URL. The observed submitted phone value was formatted by the form as (120) 255-5014; the preserved payload is recorded as observed and the form must not be submitted again. Because the UTM values and gclid were present inside the actual lead-submission payload, capture is confirmed and classified as hidden-field. The form was submitted exactly once."
20,Attio,https://attio.com/contact/sales,Marketing/Sales-tech,N,,Custom API,cookie/dl-only,N,Y,N,N,N,none,Y,available on request,2026-06-17,"The tagged /contact/sales URL remained intact through the form journey, and the form was submitted exactly once. The successful actual lead request was POST https://attio.com/api/forms/talk-to-sales with status 200 OK. Its JSON request body contained only the submitted contact and qualification fields: companyEmail, companySize, details, firstName, lastName, phoneNumber, and region. No UTM fields, gclid field, tagged page URL, referrer field, or attribution object was present in the actual submission payload. The same request headers did include a first-party utm_cookie, gclid_cookie, _gcl_aw, and the tagged Referer URL, but the locked protocol explicitly states that cookies, headers, referrers, and page URLs alone do not prove lead capture. Therefore journey survival is Y, payload UTM is N, payload gclid is N, capture is N, and capture_method is none. No resubmission was made."
21,BambooHR,https://www.bamboohr.com/live-demo/,HR/People & L&D,N,,Marketo,none,N,Y,Y,Y,Y,hidden-field,N,available on request,2026-06-17,"The actual Marketo form-submission POST contained the submitted contact and qualification fields together with explicit hidden attribution fields in the same Form Data payload: UTM_Source_Capture__c=ivris-research, UTM_Medium_Capture__c=audit, UTM_Campaign_Capture__c=handcheck, and GCLID__c=ivrisHAND-21. The same payload also contained Full_Query_String_Capture__c with the complete sentinel query string, UTM_Landing_Page_Capture__c and UTM_Conversion_Page_Capture__c set to https://www.bamboohr.com/live-demo/, formid=1325, munchkinId=195-LOZ-515, and _mktoReferrer with the complete tagged live-demo URL. A separate Bizible onSubmit beacon also associated the submitted email with the tagged URL, but capture is confirmed from the actual Marketo lead request, not from that analytics beacon. The form was submitted exactly once."
22,Buildertrend,https://buildertrend.com/demo/,Vertical SaaS,N,,Blocked (403),none,N,unverifiable,unverifiable,unverifiable,unverifiable,unverifiable,n/a,available on request,2026-06-17,"The current tagged Buildertrend /demo/ route returned 403 Forbidden in a fresh Incognito session. The tester could not access a usable replacement form, and no lead form was submitted. Because no form journey or actual submission payload was available, journey survival, payload UTM, payload gclid, capture, and capture method are all recorded as unverifiable. The 403 screenshot and blocked-route note are preserved; no result was guessed."
23,Cal.com,https://cal.com/talk-to-sales,Productivity & Collab,N,,Custom,none,N,Y,Y,Y,Y,hidden-field,N,available on request,2026-06-17,"The current tagged /talk-to-sales form was submitted exactly once. The actual Form Data submission request contained the submitted identity and qualification fields together with explicit attribution fields in the same payload: utm_source=ivris-research, utm_medium=audit, utm_campaign=handcheck, and gclid=ivrisHAND-23. The submitted fields also included name=Ivris Research, email=[owned research address], users=2-10, source=Other — independent research, and the workflow note. A routing response was created with ID 1491705, after which a booking-iframe GET carried the contact details but not the attribution fields. Capture is confirmed from the actual submission payload, not from the later iframe GET, and classified as hidden-field."