Privacy tab

The Privacy tab in property settings allows you to configure privacy settings on a property.

Set Cookies

DXA sets cookies on the visitor's browser to detect return visits and to stitch together sessions for the same visitor.

OptionDescription
Set CookiesWhether or not to set cookies on the visitors browser. Disabling cookies means DXA cannot automatically detect return visits and stitch together sessions for the same visitor.
Cookie DomainDomain to set the cookies too. Use this to set cookies to a subdomain, such as docs.medallia.com. When not defined, DXA sets cookies to the highest domain, such as medallia.com.

IP Address Handling

Some locales consider IP addresses to be personally identifying information (PII). Use this options to specify how DXA retains IP addresses.

OptionDescription
StoreThe IP address is stored with the session details and can be used to search for individual sessions.
AnonymizeThe IP address is anonymized after detecting the country where the session occurred.
DropAfter accepting the connection from the visitor's device, the IP address is dropped, and it is not possible to detect the visitor's country.

Masking

Masking shields personally identifiable information (PII) entered on forms, such as email addresses and credit card numbers, from DXA. Masked information is not visible in session replays.

Restriction: Masking is not reversible. Changes to masking are not retroactive and will only apply to session recordings going forward.

By default, all email addresses, credit card details, and <input> fields entered in forms and captured in sessions are masked. Where you require fields not containing PII to be visible for behavioral analysis, you can configure unmasking to display this information.

Note: Decibel supports proactive and reactive masking. For more information about each masking method, see Proactive and reactive masking.

The following settings are available under Masking on the Privacy tab in property settings:

SettingDescription
Mask Email AddressesSelect to mask all email addresses entered in forms
Note: This does not apply to unmasked form fields.
Mask Social Security NumbersSelect to mask all social security numbers entered in forms
Mask Credit Card Numbers(Mandatory) Credit card numbers entered in forms are always masked in DXA.
Mask PlaceholdersMask any field that has an HTML placeholder attribute. A placeholder defines the text displayed in a field when the field has no value.
Note: This does not apply to unmasked form fields.
Personal Data RegexEnter any custom regular expressions to mask consistently formatted personal information on the page.

For example, to mask contract IDs, such as "D77-GH2-5D8", enter the regular expression

[A-Z0-9]{3}-[A-Z0-9]{3}-[A-Z0-9]{3}.
Personal Data Selector CSS selectors of elements to mask. Note that this does not apply to unmasked form fields. For more information, see Reactive masking.
Note: This does not apply to unmasked form fields.
Recursive maskingWhen enabled, Personal Data Selector masks matching contents and their children. Otherwise, only the matching elements are masked.

Disabled this option when a CSS "widerange" :not() selector is used in Personal Data Selector.

Un-mask Field SelectorEnter a CSS selector defining the fields you want to unmask.
For example, the CSS selector [name="company"],.noPII would unmask any fields with a name attribute matching "company" and a class matching "noPII". This applies to all forms being tracked on the property.
[data-di-unmask-field],[name="company"],.noPII
You can also add the attribute data-di-unmask-field to any fields in the HTML.
Note: As the DXA masking algorithm isn't reversible, any changes to masking will not be retroactive and will only apply to session recordings going forward.