--- title: Session Replay Browser Privacy Options description: >- Describes privacy controls available in Session Replay and how to set privacy options breadcrumbs: >- Docs > Session Replay > Browser Session Replay > Session Replay Browser Privacy Options --- # Session Replay Browser Privacy Options ## Overview{% #overview %} Session Replay provides privacy controls to ensure organizations of any scale do not expose sensitive or personal data. Data is stored on Datadog-managed cloud instances and encrypted at rest. Default privacy options for Session Replay are designed to protect end user privacy and prevent sensitive organizational information from being collected. By enabling Session Replay, you can automatically mask sensitive elements from being recorded through the RUM Browser SDK. When data is masked, that data is not collected in its original form by Datadog's SDKs and thus is not sent to the backend. ## Configuration{% #configuration %} {% alert level="danger" %} `defaultPrivacyLevel` and `mask-user-input` are available in the SDK v3.6.0+. {% /alert %} To enable your privacy settings, set `defaultPrivacyLevel` to `mask`, `mask-user-input`, or `allow` in your JavaScript configuration. **Note:** If the privacy setting is not specified when enabling Session Replay, `mask` is enabled by default. ```javascript import { datadogRum } from '@datadog/browser-rum'; datadogRum.init({ applicationId: '', clientToken: '', site: '', // service: 'my-web-application', // env: 'production', // version: '1.0.0', sessionSampleRate: 100, sessionReplaySampleRate: 100, trackResources: true, trackLongTasks: true, trackUserInteractions: true, defaultPrivacyLevel: 'mask' | 'mask-user-input' | 'allow' }); ``` After updating your configuration, you can override elements of your HTML documents with the below privacy options. ### Mask mode{% #mask-mode %} Setting `defaultPrivacyLevel` to `mask` mode masks all HTML text, user input, images, links and [`data-*` attributes](https://developer.mozilla.org/en-US/docs/Learn/HTML/Howto/Use_data_attributes). Text on your application is replaced with `X`, rendering the page into a wireframe. {% image source="https://docs.dd-static.net/images/real_user_monitoring/session_replay/browser-privacy-mask-all.828d42fbb8e33a86f125b6202fcec774.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/real_user_monitoring/session_replay/browser-privacy-mask-all.828d42fbb8e33a86f125b6202fcec774.png?auto=format&fit=max&w=850&dpr=2 2x" alt="Mask mode" /%} **Note**: Masked data is not stored on Datadog servers. ### Mask user input mode{% #mask-user-input-mode %} Masks most form fields such as inputs, text areas, and checkbox values while recording all other text as is. Inputs are replaced with three asterisks (`***`) and text areas are obfuscated with space-preserving `x` characters. {% image source="https://docs.dd-static.net/images/real_user_monitoring/session_replay/browser-privacy-mask-input.80289b90f35e95329b97d63a9284bd33.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/real_user_monitoring/session_replay/browser-privacy-mask-input.80289b90f35e95329b97d63a9284bd33.png?auto=format&fit=max&w=850&dpr=2 2x" alt="Mask user input mode" /%} ### Allow mode{% #allow-mode %} Records everything unmasked. {% image source="https://docs.dd-static.net/images/real_user_monitoring/session_replay/browser-privacy-allow-all.ba74087045421cc5f7b74593cbe8b81a.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/real_user_monitoring/session_replay/browser-privacy-allow-all.ba74087045421cc5f7b74593cbe8b81a.png?auto=format&fit=max&w=850&dpr=2 2x" alt="Allow mode" /%} ## Privacy options{% #privacy-options %} ### Override an HTML element{% #override-an-html-element %} You can set an application-wide default and tag the privacy level of an individual HTML element using one of two methods: 1. An HTML attribute such as `data-dd-privacy="allow" | "mask" | "hidden" | "mask-user-input"` or 1. An HTML class name such as `class="dd-privacy-allow" | "dd-privacy-mask-user-input" | "dd-privacy-mask" | "dd-privacy-hidden"`. The example below demonstrates how you can override certain elements in your HTML to customize your obfuscation: ```
Order Value
$50.00
``` The dollar amount in the cart is replaced with asterisks. {% image source="https://docs.dd-static.net/images/real_user_monitoring/session_replay/example-mask.9024148ee2795cfbdafa7e54090a6635.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/real_user_monitoring/session_replay/example-mask.9024148ee2795cfbdafa7e54090a6635.png?auto=format&fit=max&w=850&dpr=2 2x" alt="Example of mask mode obfuscating dollar amount" /%} ## Privacy restrictions{% #privacy-restrictions %} In order to protect end-user privacy, regardless of your privacy configuration, the following HTML elements are **always masked**: - Input elements of type `password`, `email`, and `tel` - Elements with `autocomplete` attributes such as credit card numbers, expiration dates, and security codes ## Advanced privacy options{% #advanced-privacy-options %} ### Completely hide an element{% #completely-hide-an-element %} `hidden` is an advanced privacy setting that completely hides specific elements instead of obscuring the text. If you are concerned about the number of visible elements in sensitive fields, enable `hidden` for your specific elements. These HTML elements are replaced with a gray block at the time of recording. In this example replay session, the username in the Datadog navigation is obfuscated. {% image source="https://docs.dd-static.net/images/real_user_monitoring/session_replay/hidden.f79a48a8adc6311644d18ddd2117591c.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/real_user_monitoring/session_replay/hidden.f79a48a8adc6311644d18ddd2117591c.png?auto=format&fit=max&w=850&dpr=2 2x" alt="Example of hidden mode obfuscating a username" /%} ### Override the action name{% #override-the-action-name %} To obscure the default action name and update the naming convention for individual actions, set the override for your individual action names. You can rename the default action name by overriding the name of a specific HTML element with a more general name. By default, Datadog displays the custom override name. For example, override the following name with `
→ Action: "Click on Address"`. Additional use cases to override the default action name include masking sensitive data in the RUM Explorer and streamlining your analytics and search with custom naming conventions. ### Mask action names{% #mask-action-names %} By default, if you wish to mask all action names, you can use the `enablePrivacyForActionName` option in conjunction with the `mask` privacy setting. This operation automatically substitutes all non-overridden action names with the placeholder `Masked Element`. This setting is also designed to be compatible with existing HTML override attributes. {% alert level="info" %} Datadog is working to add more privacy features to RUM & Session Replay. Have something in mind that you would like to see? [Contact Datadog support.](https://docs.datadoghq.com/help) {% /alert %} ## Further Reading{% #further-reading %} - [Session Replay](https://docs.datadoghq.com/session_replay.md) - [Obfuscate user data with Session Replay default privacy settings](https://www.datadoghq.com/blog/default-privacy-session-replay/)