Decibel Insight
Knowledgebase

Configuring Masking

Where Personally Identifiable Information (PII) is shown to visitors within the web page HTML (for example login areas or confirmation pages), it is possible to configure Decibel Insight to mask this information.

There are two types of approaches to masking that can be used.

Proactive

Our recommended approach is where a special data-attribute is added to elements which contain on-page PII. For example, let’s say you have an element as follows:

<h1>Welcome Example Name</h1>

You would want to change that to the following, to ensure that the contents are masked in the session replay:

<h1 data-di-mask>Welcome Example Name</h1>

This approach can be incorporated into development and release cycles to ensure that locations where PII may be displayed are masked when captured.

Reactive

An alternative approach is to use our Personal Data Selector, which allows you to provide CSS selectors of elements which contain PII, when the tag encounters a matching element it masks the contents. For example, let’s say you have the following elements on a page:

<h1 id="customer-name">Welcome Example Name</h1>

<div id="billing-address">
  1234 Some Road<br>
  Somecity, 12345<br>
  New York
</div>

You would set the Personal Data Selector in the application to the following: “#customer-name, #billing-address”. This approach allows you to quickly mask contents, but becomes difficult to maintain on large websites – which is why we recommend the first mechanism.

As mentioned above, reactive masking of session replay data can be configured in the Privacy Settings of a property. This can be found by going to Settings > Properties and clicking the Edit icon next to the relevant property and then clicking the Privacy tab. From here, you can configure a number of masking settings, listed below.

Mask Email Addresses

If enabled, any email address shown in the website content will automatically be masked in session replays. Note that this does not apply to unmasked form fields.

Mask Social Security Numbers

If enabled, any Social Security Number shown in the website content will automatically be masked. Note that this does not apply to unmasked form fields.

Mask Credit Card Numbers

This option is mandatory, and cannot be disabled. Any Credit Card Number shown in the website content will automatically be masked.

Personal Data Selector

As mentioned above under Reactive, you can provide CSS selectors of elements which contain PII.

Once you have added these, simply click Apply Changes.

Personal Data Regex

Masking can also be configured by using the Personal Data Regex. In the Personal Data Regex text box, enter any custom regular expressions to mask consistently formatted personal information on the page. For example, to mask Contract IDs like “D77-GH2-5D8”, enter the regular expression “[A-Z0-9]{3}-[A-Z0-9]{3}-[A-Z0-9]{3}”

Please note: As the Decibel Insight masking algorithm is not reversible, any masking changes will not be retroactive and will only apply to session recordings going forward.