What kind of sensitive data Heap might capture if I choose "Do no redact any data attributes"

  • 8 May 2023
  • 1 reply

Userlevel 1

I was wondering what the implications of choosing “Do not redact any data attributes” could be. Would Heap capture any passwords or any other class of sensitive data that we have to be cautious about?


Best answer by DJ East 9 May 2023, 16:46

View original

1 reply

Userlevel 2
Badge +1

This would depend on how your application was built. Data attributes are ways of storing additional information on semantic HTML elements in a standard way, but what is actually stored in them is up to you. For example you could have an element that stores a value that could be considered PII, such as “data-age”. This setting only controls capture of what you have explicitly populated in the data attributes, so while Heap will not automatically capture, say, the contents of a password field if this setting is set to ‘all’, if your developers have a “data-password” attribute they are populating, we would capture that value. Note you can also selectively exclude data attributes if you know of ones that contain data you do not want to send to Heap. Hope this helps!