How to mask elements
- Customer Success Team
- 2 days ago
- 2 min read
When you record a session or sample a heatmap Extellio may record user-sensitive data with is displayed on your website. To avoid recording personal data you can mask elements from being recorded by adding the data-matomo-mask attribute around the element in the website’s code.
You can mask individual elements like this:
<span data-matomo-mask>Firstname lastname</span>
or you can mask a set of elements
<div data-matomo-mask><p> <span>Firstname</span><span>Lastname</span> </p> </div>
Before sending the data to Extellio, any masked content will have each character replaced by an asterisk (*). Additionally, content displayed in the title, alt, label, or placeholder attributes will also be masked.
The following fields are always masked in session recordings:
Any input field with the type password, tel, or email.
No value is recorded for hidden form elements.
When a user enters between 7 and 21 digits in sequence, Extellio assume it is a credit card number or similar and mask it.
When a user enters an @ symbol, Extellio assume it is an email address and don't record it.
Form fields within iframes won't be recorded at all.
Extellio ignores any form field when it has an id, name, or autocomplete with one of these values (any dashes, underscores, or whitespace in the name are ignored):
'creditcardnumber', 'off', 'kreditkarte', 'debitcard', 'kreditkort', 'kredietkaart', ' kartakredytowa', 'cvv', 'cc', 'ccc', 'cccsc', 'cccvc', 'ccexpiry', 'ccexpyear', 'ccexpmonth', 'cccvv', 'cctype', 'cvc', 'exp', 'ccname', 'cardnumber', 'ccnumber', 'username', 'creditcard', 'name', 'fullname', 'familyname', 'firstname', 'vorname', 'nachname', 'lastname', 'nickname', 'surname', 'login', 'formlogin', 'konto', 'user', 'website', 'domain', 'gender', 'company', 'firma', 'geschlecht', 'email', 'emailaddress', 'emailadresse', 'mail', 'epos', 'ebost', 'epost', 'eposta', 'authpw', 'token_auth', 'tokenauth', 'token', 'pin', 'ibanaccountnum', 'ibanaccountnumber', 'account', 'accountnum', 'auth', 'age', 'alter', 'tel', 'city', 'cell', 'cellphone', 'bic', 'iban', 'swift', 'kontonummer', 'konto', 'kontonr', 'phone', 'mobile', 'mobiili', 'mobilne', 'handynummer', 'téléphone', 'telefono', 'ssn', 'socialsecuritynumber', 'socialsec', 'socsec', 'address', 'addressline1', 'addressline2','billingaddress', 'billingaddress1', 'billingaddress2','shippingaddress', 'shippingaddress1', 'shippingaddress2', 'vat', 'vatnumber', 'gst', 'gstnumber', 'tax', 'taxnumber', 'steuernummer', 'adresse', 'indirizzo', 'adres', 'dirección', 'osoite', 'address1', 'address2', 'address3', 'street', 'strasse', 'rue', 'via', 'ulica', 'calle', 'sokak', 'zip', 'zipcode', 'plz', 'postleitzahl', 'postalcode', 'postcode', 'dateofbirth', 'dob', 'telephone', 'telefon', 'telefonnr', 'telefonnummer', 'password', 'passwort', 'kennwort', 'wachtwoord', 'contraseña', 'passord', 'hasło', 'heslo', 'wagwoord', 'parole', 'contrasenya', 'heslo', 'clientid', 'identifier', 'id', 'consumersecret', 'webhooksecret', 'consumerkey', 'keyconsumersecret', 'keyconsumerkey', 'clientsecret', 'secret', 'secretq', 'secretquestion', 'privatekey', 'publickey', 'pw', 'pwd', 'pwrd', 'pword', 'paword', 'pasword', 'paswort', 'pass’.