Privacy tab

The Privacy tab in property settings allows you to configure privacy settings on a property.

Set Cookies

DXA sets cookies on the visitor's browser to detect return visits and to stitch together sessions for the same visitor.


Option	Description
Set Cookies	Whether or not to set cookies on the visitors browser. Disabling cookies means DXA cannot automatically detect return visits and stitch together sessions for the same visitor.
Cookie Domain	Domain to set the cookies too. Use this to set cookies to a subdomain, such as `docs.medallia.com`. When not defined, DXA sets cookies to the highest domain, such as `medallia.com`.

IP Address Handling

Some locales consider IP addresses to be personally identifying information (PII). Use this options to specify how DXA retains IP addresses.


Option	Description
Store	The IP address is stored with the session details and can be used to search for individual sessions.
Anonymize	The IP address is anonymized after detecting the country where the session occurred.
Drop	After accepting the connection from the visitor's device, the IP address is dropped, and it is not possible to detect the visitor's country.

Masking

Masking shields personally identifiable information (PII) entered on forms, such as email addresses and credit card numbers, from DXA. Masked information is not visible in session replays.

Restriction: Masking is not reversible. Changes to masking are not retroactive and will only apply to session recordings going forward.

By default, all email addresses, credit card details, and <input> fields entered in forms and captured in sessions are masked. Where you require fields not containing PII to be visible for behavioral analysis, you can configure unmasking to display this information.

Note: Decibel supports proactive and reactive masking. For more information about each masking method, see Proactive and reactive masking.

The following settings are available under Masking on the Privacy tab in property settings:


Setting	Description
Mask Email Addresses	Select to mask all email addresses entered in forms Note: This does not apply to unmasked form fields.
Mask Social Security Numbers	Select to mask all social security numbers entered in forms
Mask Credit Card Numbers	(Mandatory) Credit card numbers entered in forms are always masked in DXA.
Mask Placeholders	Mask any field that has an HTML `placeholder` attribute. A placeholder defines the text displayed in a field when the field has no value. Note: This does not apply to unmasked form fields.
Personal Data Regex	Enter any custom regular expressions to mask consistently formatted personal information on the page. For example, to mask contract IDs, such as "D77-GH2-5D8", enter the regular expression `[A-Z0-9]{3}-[A-Z0-9]{3}-[A-Z0-9]{3}`.
Personal Data Selector	CSS selectors of elements to mask. Note that this does not apply to unmasked form fields. For more information, see Reactive masking. Note: This does not apply to unmasked form fields.
Recursive masking	When enabled, Personal Data Selector masks matching contents and their children. Otherwise, only the matching elements are masked. Disabled this option when a CSS "widerange" `:not()` selector is used in Personal Data Selector.
Un-mask Field Selector	Enter a CSS selector defining the fields you want to unmask. For example, the CSS selector `[name="company"],.noPII` would unmask any fields with a name attribute matching "company" and a class matching "noPII". This applies to all forms being tracked on the property. `[data-di-unmask-field],[name="company"],.noPII` You can also add the attribute `data-di-unmask-field` to any fields in the HTML.

Note: As the DXA masking algorithm isn't reversible, any changes to masking will not be retroactive and will only apply to session recordings going forward.