Sensitive data
From ClickTale Wiki
Please note that according to our Privacy policy, password fields are never recorded by default and no action is required to prevent their recording.
ClickTale can be configured to not record data that is typed in certain fields of your choosing. There are several ways to record a page without recording sensitive data such as credit card information:
Contents |
[edit] ClickTaleSensitive
The easiest way to prevent user input from being recorded in a field is by adding a class called ClickTaleSensitive to the input element of the matching field. This is normally used for fields such as credit card numbers, social security numbers and email addresses.
If you have an input element that looks like this:
<input id="CCNum" type="text">change it to be:
<input id="CCNum" type="text" class="ClickTaleSensitive">If you already have a class attribute defined on the input element then just add ClickTaleSensitive separated by a space to the previous value.
The characters that will be typed in the protected field will be masked on the client. Only asterisks will be transferred and recorded. The masking is not done on the server which is less secure.
[edit] JavaScript
If you are unable to add the ClickTaleSensitive class attribute directly to an elements with HTML code you can consider doing it with JavaScript code. This will allow you to mark nodes as sensitive in the same block of code where you execute your ClickTale command. Here is an example of what you can do:
var n=document.getElementById('sensitiveElementID'); if(n) n.className+=n.className?' ClickTaleSensitive':'ClickTaleSensitive';
[edit] ClickTaleEventsMask
The ClickTaleEventsMask variable allows you to customize the type of data that is recorded by ClickTale.
By default all options are enabled. Subtract the following values before the call to ClickTale() to disable various features:
- ClickTaleEventsMask-=1 - Disables the recording of mouse movements (mousemove)
- ClickTaleEventsMask-=2 - Disables the recording of low level mouse clicks (mouseup, mousedown)
- ClickTaleEventsMask-=8 - Disables the recording of high level mouse clicks (click, context)
- ClickTaleEventsMask-=4 - Disables the recording of key strokes (keydown, keyup, keypress)
- ClickTaleEventsMask-=16 - Disables the recording of coordinate correction data
- ClickTaleEventsMask-=32 - Disables the recording of client javascript errors
For example, ClickTale can be configured not to record any keyboard input by adding the following line in your bottom tracking code:
ClickTaleEventsMask-=4;
Right before the call to the ClickTale function. When configured this way, the tracking script will not do any monitoring of keyboard events.
[edit] ClickTaleExcludeBlock
You can use ClickTaleExcludeBlock to block any part of a website from being recorded. This method can be useful in masking sensitive data in the event that the data is not based on visitor actions, i.e. it allows you to block parts of your site which your server displays. This is particularly useful in case your server automatically fills out data (e.g. if a visitor returns to a form he has previously filled out). That data might appear during playback (even if the ClickTaleEventsMask or the ClickTaleSensitive methods were employed). Therefore it is recommended that in that case you also use a ClickTaleExcludeBlock for the relevant form field in order to prevent it from being recorded completely, and use ClickTaleExcludeBlock’s alternative content feature to place an input field instead of the one you would like to mask.
