Skip to content
  • Home
  • Developers
  • API
  • Releases
  • Community
  • University
  • Status
  • Home
  • Developers
  • API
  • Releases
  • Community
  • University
  • Status
Home Data Privacy Privacy Features Capture Controls
Session Replay Getting Started Administration Data Management Definitions Charts Analysis Examples Heap Plays Integrations Heap Connect Data Privacy

Table of Contents

Was this article helpful?

Yes No

Thank you for your feedback!

Capture Controls

In this article you'll learn:

  • How to capture all data on any page where the Heap SDK is installed
  • How to block data from being collected on a site or page
  • How to allow data collection from specific sites or pages
This doc is for: Admins Architects

Overview

Heap’s Capture Controls provide a simple user interface for you to control which sites and/or pages that data is collected from, without needing to write code.

You can view the Capture Controls for your Heap account by navigating to Account > Manage > Privacy & security.

Notes:

  • These settings are applied on a per environment basis. This means settings from one Heap environment do not carry over to another.
  • These settings are only applicable to Heap data analytics data collection. For an overview of the privacy settings specific to Session replay, see Session replay privacy settings. 
  • These settings are only applicable to data collected utilizing the Heap web JavaScript SDK.
  • Block and Allow are mutually exclusive functionality. Review your data collection strategy to determine which works best for you. 
  • Sites and pages requiring data collection must still have the Heap web JavaScript SDK client installed.

Capture All Data

By default, Capture will be selected in the Capture Controls. Heap will autocapture data on any page where the Heap SDK is installed. For an overview of Heap’s data model, see Autocaptured Data.

Block Data Capture

You can block data from being collected on a site or page by selecting the Block radio option in the panel.

This is useful if there are parts of your app, such as an internal testing subdomain, that you don’t want data collected from. Think of this selection as a blocklist that you can control from the Heap app, without using code.

Once this radio option is selected, a textbox will appear. You can input up to 100 different entries within this textbox. In order to add an entry, click inside the box, type the domain, subdomain, and/or pages you wish to block, and then press Enter or Comma on your keyboard. 

The entry will then display in the text box. Additional pages can be added by repeating this process. When finished, click the Save button at the bottom of the form.

It will take between 30 seconds and 1 minute for new settings to be applied and to take effect.

Allow Data Capture

You can choose to only allow data collection from specific sites or pages by selecting the Allow radio option in the panel. This option will prevent data from being captured from any location that is not specified.

This is useful if you are concerned about data integrity and want to ensure bad actors have not set up duplicate versions of your app that could possibly send invalid data (such as fake data generated by bots) to your Heap account. Think of this selection as an allowlist that you can control from the Heap app, without using code.

Once this radio option is selected, a textbox will appear. You can input up to 100 different entries within this textbox. In order to add an entry, click inside the box, type the domain, subdomain, and/or pages you wish to block, and then press Enter or Comma on your keyboard. 

The entry will then display in the text box. Additional pages can be added by repeating this process. When finished, click the Save button at the bottom of the form.

It will take between 30 seconds and 1 minute for new settings to be applied and to take effect.

Syntax Rules

You can specify many different combinations of domains, subdomains, and/or pages within either the Blocklist or Allowlist using flexible syntax rules.

Domains

  • Entering a full domain, such as heap.io will target all data on that domain and any subsequent paths and pages. For example, in this scenario, entering heap.io will target the root domain as well as heap.io/page1
  • Entering a full domain does not target subdomains. For example, entering heap.io in the blocklist will not prevent data from being collected on community.heap.io.
  • In order to target a single subdomain, enter it into the textbox. 

Wildcards

  • If you wish to target all subdomains, use a wildcard asterisk followed by the root domain. For example, *.heap.io would target all heap.io subdomains including community.heap.io and help.heap.io.
  • Wildcard asterisks can also be added within a URL string to target any page which matches a specific url pattern. For example, if you wanted prevent data from being collected within the admin section of your app, you can enter heap.io/admin/* which would target any url pattern which contains that string. 
  • Only one wildcard asterisk can be used within a single entry. For example, heap.io/*/admin/* is not a valid entry.

URLs

  • URLs with trailing slashes are stripped and evaluated the same as those without. For example, entering heap.io/ will be updated and evaluated the same as entering heap.io without a trailing slash
  • URLs containing either https or http will have the protocol stripped and evaluated as the same. For example, entering https://heap.io and http://heap.io will result in an entry of heap.io, which will be applied regardless of whether an https or http protocol is being used on your app. 

Was this article helpful?

Yes No

Thank you for your feedback!

Last updated January 25, 2023.

capture controlsdata privacyprivacy
  • Blog
  • Partners
  • Legal
  • Security
  • Terms
  • About
  • Careers
  • Privacy
  • Contact Us

© 2023 Heap, Inc.