Documentation

Appearance

Redacting data

By default, Capture collects user interactions and network requests to help debug issues. Depending on your application, some of this data might include sensitive information that you don't want to log.

Some types of data are never captured:

  • Authentication tokens and cookies in network requests
  • Information entered in forms

Note, the information on this page only refers to captured events and logs. Visual information in screenshots and screen recordings is not automatically redacted.

Customizing privacy settings

Use the privacyOptions option when initializing the widget to control what data gets recorded.

js
window.captureOptions = {
  captureKey: "YOUR_CAPTURE_KEY",
  privacyOptions: {
    requestBody: "all",
    responseBody: "all",
    requestHeader: "all",
    responseHeader: "all",
    elementName: "auto",
  },
};

When data is redacted, it appears in the Capture UI with a "redacted" badge so your team knows information was intentionally filtered out.

Common use cases

Protecting authentication flows - Redact request and response bodies for your authentication endpoints to keep credentials out of bug reports.

Hiding payment processing - Filter network traffic to payment providers to ensure payment details never appear in logs.

Securing API keys - Use key-only for headers to see which headers were sent without exposing API keys or tokens in their values.

Compliance requirements - Redact specific endpoints that handle PII or other regulated data to meet your compliance obligations.

Configuration options

requestBody

Controls whether the body of network requests is captured.

Possible values:

  • all (default) – Request bodies are captured for all network requests
  • none – Request bodies are never captured
  • on-error-only – Captured only for requests that return an error status code

Custom filtering function:

You can pass a function that filters request bodies based on the URL. Return false to redact the request body, or true to capture it:

js
window.captureOptions = {
  captureKey: "YOUR_CAPTURE_KEY",
  privacyOptions: {
    requestBody: (url) => {
      // Redact requests to authentication endpoints
      if (url.startsWith("https://auth.mydomain.com")) {
        return false;
      }
      // Redact payment processing requests
      if (url.includes("/api/payments")) {
        return false;
      }
      // Capture all other requests
      return true;
    },
  },
};

responseBody

Controls whether the body of network responses is captured.

Possible values:

  • all (default) – Response bodies are captured for all network requests
  • none – Response bodies are never captured
  • on-error-only – Captured only for responses with an error status code

Custom filtering function:

You can pass a function that filters response bodies based on the URL. Return false to redact the response body, or true to capture it:

js
window.captureOptions = {
  captureKey: "YOUR_CAPTURE_KEY",
  privacyOptions: {
    responseBody: (url) => {
      // Redact responses from authentication endpoints
      if (url.startsWith("https://auth.mydomain.com")) {
        return false;
      }
      // Redact user profile data
      if (url.includes("/api/users/profile")) {
        return false;
      }
      // Capture all other responses
      return true;
    },
  },
};

requestHeader

Controls which headers from network requests are included.

Possible values:

  • all (default) – Header names and values are captured
  • key-only – Only header names are captured, not values (useful for seeing which headers were sent without exposing API keys or tokens)
  • none – No headers are captured
  • on-error-only – Captured only for requests with an error status code

Example:

js
window.captureOptions = {
  captureKey: "YOUR_CAPTURE_KEY",
  privacyOptions: {
    // Capture header names but hide values to protect API keys
    requestHeader: "key-only",
  },
};

responseHeader

Controls which headers from network responses are included.

Possible values:

  • all (default) – Header names and values are captured
  • key-only – Only header names are captured, not values
  • none – No headers are captured
  • on-error-only – Captured only for responses with an error status code

elementName

Controls how Capture labels user interactions with UI elements.

Possible values:

  • auto (default) – Capture generates friendly names based on the element's content. For example, a button labeled "Account settings" appears in bug reports as "Account settings button"
  • tag-only – Use only the HTML tag name like "button" or "input", without any descriptive text

Example:

js
window.captureOptions = {
  captureKey: "YOUR_CAPTURE_KEY",
  privacyOptions: {
    // Use generic tag names instead of button text that might contain sensitive info
    elementName: "tag-only",
  },
};

This is useful if your UI elements contain sensitive information you don't want appearing in bug reports.

Next steps

Want to add application-specific context to bug reports while keeping sensitive data out? Learn how to use custom context to include relevant debugging information.

Need to identify users in bug reports? Check out the identify API to link reports to specific users in your application.