Scrubbing is a term used by UserReplay to describe either completely excluding content from capture or masking textual content by obfuscating the characters.

It is essential that no personal data such as passwords or payment details are sent to UserReplay.

To facilitate this, UserReplay has implemented a whitelist approach to scrubbing. This means we attempt to scrub pages using a masking technique on all user input elements. By default, the values of the following page elements are automatically scrubbed from capture and not processed by UserReplay:

• Form field values

• XHR post parameters

• JSON in xhr postdata

In addition, all XHR response text is excluded by default as this often contains personal data.

As an extra precaution, the JavaScript tag has added intelligence to prevent it from ever capturing a valid credit card number, it utilises the Luhn algorithm (which is used to create credit card numbers) to identify potential credit card numbers and scrub them as an additional check prior to sending data to the UserReplay environment.

To override default scrubbing the UserReplay client-side library provides an API for whitelisting the following page elements:

• Input fields by Id, name, CSS Selector

• XHR post parameters by key

• JSON in xhr postdata by key

• XHR response text by target URL

UserReplay have automated monitoring to ensure we are not processing personal data, in addition to this we regularly audit our environment manually.

For further technical implementation details, please see the UserReplay Client Capture guide.

Did this answer your question?