Skip to main content
Version: 3.7.0

Data Obfuscation

The Network Request Desensitization feature refers to obfuscating sensitive information (such as user identity, account passwords, bank card numbers, ID card numbers, etc.) contained in collected Network Request data. While retaining the request structure and the analyzability of non-sensitive information, it prevents the leakage of sensitive data, balancing the needs of experience analysis with data security and compliance requirements.

If you need to obfuscate user input content (such as passwords, phone numbers, etc.) in replay sessions, see Data Collection.

Usage Scenarios

  • Data Protection for Payment-Related Requests: In e-commerce and financial applications, Network Requests during the user payment process (such as order submission, payment confirmation) often contain highly sensitive information like bank card numbers and payment passwords.
  • Compliant Handling of User Identity Information: Requests for login and personal information submission in social and medical applications contain private data such as phone numbers, ID card numbers, and medical record numbers.
  • Filtering of Sensitive Parameters in Internal Interfaces: In enterprise-level applications, some internal interfaces (such as employee permission verification, customer management system interfaces) may contain sensitive data like internal codes, permission identifiers, and customer confidential information in their requests.
  • Preventing Sensitive Data from Interfering with Analysis: If some sensitive fields (such as user-defined private notes, chat content) are fully collected, they not only pose privacy risks but may also interfere with normal analysis (such as log retrieval, anomaly troubleshooting) due to disorganized content.

Getting Started

Filter which Network Requests require desensitization based on the original request address and domain name. Users can customize whether the filtering conditions are combined using "AND" or "OR" logic.

Desensitization is supported for URL, RequestHeader, and ResponseHeader parameters. You can mask all parameters or specify specific parameters to mask.

Two Data Obfuscation methods are supported:

  • Do Not Collect: This parameter is not collected at all.
  • Obfuscated Collection: The parameter is obfuscated during collection, and the obfuscated part is displayed as "**" on the frontend.

If the same Network Request matches multiple rules, the "Do Not Collect" method takes priority.

image-20251010144842314

Example

Original URL: https://example.com/pay?orderId=P20230915001&cardNo=6222021234567890123&amount=999

Obfuscation TargetObfuscation MethodObfuscated Result
All URL parametersDo Not Collecthttps://example.com/pay
Specified URL parameters orderId, cardNoObfuscated Collectionhttps://example.com/pay?orderId=**&cardNo=**&amount=999
Specified URL parameter amountDo Not Collecthttps://example.com/pay?orderId=P20230915001&cardNo=6222021234567890123