Session replay is for Web only. Native mobile (Android, iOS) session replay is not currently supported but is on our roadmap.
Session replay is an add-on feature for paying customers only. You may try the feature for free for 14 days or 10,000 sessions (whichever comes first), after which you must contact Sales to continue use.
After you have enabled session replay, go through the following list to ensure all your Heap settings are configured correctly.
1. Set your CSP directives
This step requires changes to your website’s code.
Content Security Policies (CSPs) are a “trusted list” of content providers for a website. These directives prevent malicious actors from attacking your website, but it can interfere with session replay unless properly configured.
Use this site to check if you have any active CSPs: https://cspvalidator.org, and if so:
- If
connect-srcis used, the following rule must be added to load the configuration and to send the events:connect-src *.auryc.com
- If
worker-srcis used, the following rule is recommended to leverage Web Worker for optimal performance:worker-src blob:
- If
font-srcis used, the following rule is recommended to avoid errors due to harmless font files loaded by the Heap JS snippet (note: we are actively working on removing the code that causes these errors):font-src *.auryc.com
2. Enable target text autocapture
This step may potentially require changes to your website’s code.
Navigate to your Heap Privacy & Security settings and in the Autocapture section toggle Target text autocapture on. If text capture is disabled, replays will only show grey boxes.
For sensitive pages you can still selectively disable text capture using the disableTextCapture API. You should consult with your development team about any pages that already utilize the disableTextCapture configuration option (this is in your website’s code, so it cannot be disabled from the Heap settings screen).
Any pages where disableTextCapture is enabled will result in a big grey box, which is largely useless for session replay.
If you have previously set up disableTextCapture for your website, we strongly advise that you consider a strategy of redacting specific elements instead of entire pages so that you can both protect user privacy and have actionable insights from session replays.
3. Review session replay privacy settings
Navigate to Session replay > Privacy and Security and review your selections. By default, the most conservative settings are selected. Note that if you keep the default settings, no form inputs will be captured.
Many of our customers will instead opt to enable some inputs to be captured, then choose specific elements to exclude.
Troubleshooting
If your replays are not rendering correctly after you have gone through the list above, check out these troubleshooting tips for additional settings that may be hindering the session replay web crawler.