(This article is a list of user data that Hawk’s data masking hides by default. For a comprehensive overview of our robust custom data masking feature, see here.)
Note: Data masking only hides data from Hawk. Your website’s own traffic is unmodified.
We hide the values of these elements:
<input type="password">
<input> and <textarea> that match:
- placeholder attribute (all case-insensitive)
- contains: “social security number”
- contains: “card number”
- equals: “CVC”
- equals: “CVV”
- equals: “CVC2”
- equals: “CVV2”
- equals: “CSC”
- name, id or ng-model attribute that matches (after removing the text “confirm”, if present) these regexes:
/\bssn\d*\b/i/\bsocialsecuritynumber\d*\b/i/\bcv[cv]\d*\b/i/\bcsc\b/i/\bcardnum(?:ber)?\b/i/\bcreditcardnum(?:ber)?\b/i
- autocomplete attribute that equals any of
- cc-number
- cc-csc
- cc-exp
- cc-exp-month
- cc-exp-year
Default data masking in XHR and Fetch error reports:
Request & response headers where the name matches:
/password/i/\bssn\d*\b/i/\bsocialsecuritynumber\d*\b/i/\bcv[cv]\d*\b/i/\bcsc\b/i/\bcardnum(?:ber)?\b/i/\bcreditcardnum(?:ber)?\b/i
If the request or response body is either:
- Valid JSON
- Valid JSON with the string
)]}'prepended.Example:)]}'{"this":"that"} - Or the content-type header is application/x-www-form-urlencoded and the body is url-encoded form data
Then we hide the values of any fields that match:
/password/i/\bssn\d*\b/i/\bsocialsecuritynumber\d*\b/i/\bcv[cv]\d*\b/i/\bcsc\b/i/\bcardnum(?:ber)?\b/i/\bcreditcardnum(?:ber)?\b/i
In page URLs:
The query string parameters of URLs are processed according to the same rules as XHR and Fetch error reports, described above.