Scrubbing is a term used by UserReplay to describe either completely excluding content from capture or masking textual content by obfuscating the characters.
It is essential that no personal data such as passwords or payment details are sent to UserReplay.
To facilitate this, UserReplay has implemented a whitelist approach to scrubbing. This means we attempt to scrub pages using a masking technique on all user input elements. By default, the values of the following page elements are automatically scrubbed from capture and not processed by UserReplay:
• Form field values
• XHR post parameters
• JSON in xhr postdata
In addition, all XHR response text is excluded by default as this often contains personal data.
To override default scrubbing the UserReplay client-side library provides an API for whitelisting the following page elements:
• Input fields by Id, name, CSS Selector
• XHR post parameters by key
• JSON in xhr postdata by key
• XHR response text by target URL
UserReplay have automated monitoring to ensure we are not processing personal data, in addition to this we regularly audit our environment manually.
For further technical implementation details, please see the UserReplay Client Capture guide.