Session Replay enables you to replay in a video-like format how users interact with your website to help you understand behavioral patterns and save time troubleshooting. Visibility into user sessions, however, can risk exposing sensitive data and raise privacy concerns. For example, a user session may include typing in a credit card or social security number into an input field. That’s why Datadog Session Replay includes by default configurable privacy settings that provide you with granular control over what data is viewable during a session replay. This means that you can run full analyses on real user behavior across your application while ensuring you keep sensitive data protected and meet security and compliance regulations.
The amount of sensitive data that’s visible in any given page of your website can vary depending on what users are doing and what sort of application you run. For example, a replay of a user browsing through the catalog of an e-commerce site is likely to show less sensitive data than a replay of a checkout workflow that asks for contact and payment information. It makes sense, then, to configure different privacy settings based on the context of a session replay and use case. Datadog provides three obfuscation options—
mask—which you can configure on a per-page basis to determine how much detail to obfuscate in a replay.
By default, Session Replay automatically masks all user inputs using the
Next, we’ll look at each of the three options and when you might want to use them.
The maximum privacy setting for a session replay is
mask. Under this setting, all text will be obfuscated, and any input typed into a form field will be replaced with asterisks. This is especially useful for pages primarily made up of highly sensitive data, such as medical and personal financial records.
mask-user-input setting is the default and only obfuscates what users type into a form field. This is particularly useful for web pages that require users to input private data that should be kept hidden, but where the majority of the text on a page is safe to show. For instance, you may use
mask-user-input on e-commerce or social media sites that ask users to submit phone numbers, email addresses, and credit card information.
Some web pages don’t include sensitive data or require users to log in. For instance, perhaps you’re running a digital media site that relies heavily on public, user-facing content like ads and news stories. In that case, you can use the
allow setting to keep all text and input fields visible as you record user sessions. This provides you with the highest level of visibility, which makes it easier to observe user behavior directly, verify that content appears as expected, and gain quick insights as you troubleshoot.
Session Replay’s privacy settings allow you to fine-tune what data is visible when you capture and replay user behavior, so that you can review and analyze how users interact with your site while keeping their data protected. You can learn more about how to get started with Session Replay here. If you aren’t already using Datadog, sign up today for a 14-day free trial.