Protection of sensitive visitor data

Protection of sensitive visitor data

If visitors enter sensitive data (e.g. credit card numbers, visible passwords) on your website, you should exclude this data from the recording by masking forms and inputs

By default passwords are not recorded. The same goes for credit cards because most payment gates are 3rd party apps where customer gets redirected to another site or these payment gates are usually in an iframe which we block as well.


Disable page recording

<script> smartlook('disable', true); </script>

Disable element recording

Use attribute data-recording-disable on the element you do not want to record. None of its content or sub-elements will be recorded. This can be used for elements like p, div, etc. that contain sensitive information.

<div data-recording-disable> Customer sensitive text that won't be recorded </div>


Ignore recording of some parts of your page by adding attribute data-recording-ignore to the element you want to protect. Attribute has 2 supported values:

  • mask - all user inputs are recorded as '*'. Inputs with "password" type are automatically masked.
  • events - ignore recording of all events in matched element. Typing is not recorded.

Masking forms

When form has an attribute data-recording-ignore="mask", all characters typed into inputs are recorded and stored as *. When watching the recording, you see that user is typing, but you can see only * instead of origin text.

<!-- Mask all fields in form --> <form data-recording-ignore="mask"> <div> <label>Card number</label> <input type="text" placeholder="Card number"> </div> <div> <label>Card year</label> <input type="text" placeholder="YYYY-MM"> </div> </form>
<form> <div data-recording-ignore="mask"> <!-- Mask only fields in this div --> <label>Card number</label> <input type="text" placeholder="Card number"> </div> <div> <!-- Field is not masked --> <label>Card year</label> <input type="text" placeholder="YYYY-MM"> </div> </form>