Data Scrubbing
Data handling is the standardized context in how we want SDKs to help users filter data.
Data collection and scrubbing: The canonical spec for what data SDKs collect, default denylists (headers, cookies, query params), request body and cookie scrubbing, user-set data, and beforeSend is Data Collection. That spec supersedes the sensitive-data and cookie sections below for SDK behavior. This page retains Structuring Data and Variable Size and the legacy send_default_pii context for reference.
The normative rules for sensitive data, PII, cookies, request bodies, and user-set data are in Data Collection. The following is kept for context:
- SDKs should not include PII or other sensitive data in the payload by default. The legacy option send-default-pii is disabled by default; the replacement is
dataCollection.includeUserInfoanddataCollection.collect(see Data Collection). - Certain sensitive data must never be sent through SDK instrumentation: header/cookie/query values matching the default denylist are replaced with
"[Filtered]". User-set data is always attached; only automatically gathered data is scrubbed. Users can usebeforeSend/ event processors to remove or redact any data. - For the exact default denylist (partial, case-insensitive match), PII denylist (
x-forwarded-,-user), cookies when unparsable, and raw request bodies, see Data Collection — Default Denylist and User-Set Data and Scrubbing.
App state can be critical to help developers reproduce bugs. For that reason, SDKs often collect app state and append to events through auto instrumentation.
When attaching data that could potentially include sensitive data or PII, it's important to:
- Add a note on the docs to notify developers.
- Mark that part of the protocol on Relay as such. This allows data scrubbing to run on those fields.
Some examples of auto instrumentation that could attach sensitive data:
- A SQL integration that includes the query. If a user doesn't use parameterized queries, and appends sensitive data to it, the SDK could include that in the event payload.
- Desktop apps including window title.
- A Web framework routing instrumentation attaching route
toandfrom.
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) or suggesting an update ("yeah, this would be better").