Introducing a new way to fine-tune Session Replay's recording options

At Yandex.Metrica, we are committed to developing effective analytics tools that let our users find insights and increase revenue from their websites. At the same, we strive to do so while safeguarding site users' privacy, which has always been at the core of our efforts. We have released a new option aimed at making usability analytics in Yandex.Metrica even more secure in terms of user privacy. This option lets site owners customize the way our Session Replay tool records any element of a site such as a picture, a chat box, an options menu, or any other block of content.

This option is available in Session Replay version 2.0.


How it works

For example, let’s suppose you have an ecommerce site that sells products. When clients proceed to purchase, they enter their payments credentials and contact information. This data will be automatically masked with asterisks in Session Replay recordings. However, this is not the only place where your clients can enter information about themselves. There is also the customer support chat box where users might provide details about their orders and delivery options.

To make sure that this data does not end up in Session Replay recordings, you can mark the chat box with the ym-hide-content CSS class. Your site developer will be able to help you set this up. More details about using CSS classes for various elements of a site are available in the relevant Help section.

As a result of marking the chat box with the CSS class, content from the chat box will be hidden. You will see the chat box in the Session Replay recording, but all text content will be changed to random symbols. If the same CSS class is applied to a graphic element (such as for a picture), it is going to appear blurred in the Session Replay recording.


What other options aimed at user privacy are available in Session Replay?

Session Replay is a tool that lets site owners record all interactions with a site. These are things like clicks on buttons and links, page scrolling, mouse cursor traces, and the filling out of forms. Yandex.Metrica automatically recognizes form fields that may contain personal details like a person’s name, surname, billing information or delivery address. To do this, our system analyzes the name of a form field and the input format, but not the content that users enter in such fields. This built-in logic provides out-of-the box compliance with the GDPR and helps safeguard user privacy.

However, some fields may not appear to be confidential, but can still contain information that may be considered sensitive. Therefore, site owners may wish to ensure the content of such fields does not get recorded by Session Replay. For example, this could be a comment field on a healthcare site. It is not possible to automatically pick such fields for masking, because there are not any specific criteria to distinguish them from “safe” fields.

Site owners have several options to disable the recording of fields with potentially sensitive data:

  •  If any form field on your site can possibly contain sensitive data, the simplest way to go about it is to disable the recording of all fields in bulk. To do so, go to the Session Replay settings in the Yandex.Metrica interface and switch the toggle marked “Record all fields” to the OFF position. This will disable recording in all form fields – even if it’s a standalone input field like the one used for searching on the site.

This option will not require a site developer's help, as all you will need to do is to switch the toggle. No changes to your site's code are needed.

  •  If most of the form fields on your site can contain sensitive data, you can enable recording only in some fields which are safe. To do so, ask your site developer to mark the fields to be recorded with the special ym-record-keys CSS class. At the same time, switch the "Record all fields" toggle to the OFF position.

  • If only some of the form fields can contain sensitive data, you can disable the recording of their content, and at the same time record data in the rest of the fields that are safe. To do so, ask your site developer to mark sensitive fields with the ym-disable-keys CSS class while keeping the “Record all fields” toggle in the ON position.

A note for developers: when using CSS classes for form fields and arbitrary elements of a site, please pay attention to how they will be affected by both the “Record all fields” toggle and automatic masking of confidential data. Click here to learn more.

How to stop recording the majority of content pertaining to user data

If you prefer to bulk disable the recording of all content pertaining to your site users, follow these steps:

  1. Switch the “Record all fields” toggle to the OFF position. This will disable recording in any text input field on your site.
  1. Pick elements of your site that you want to exclude from recording. They can be any elements your users interact with, such as data pickers, option selectors, drop-down menus, avatar placeholders, and so on. Ask your web developer to mark such elements with the ym-hide-content CSS class. As a result, graphic elements will be blurred out, and text blocks will be changed to random symbols in Session Replay recordings.

If you have any questions about Session Replay settings, please feel free to ask. We'll be happy to help.