From 3dcc6cfcde67478445d627e367f76efaf861fb58 Mon Sep 17 00:00:00 2001 From: Lukas Stracke Date: Wed, 3 Jun 2026 11:39:22 +0200 Subject: [PATCH 1/2] docs(js): Update "Scrubbing Data" guide for span streaming, logs and metrics --- .../data-management/sensitive-data/index.mdx | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/docs/platforms/javascript/common/data-management/sensitive-data/index.mdx b/docs/platforms/javascript/common/data-management/sensitive-data/index.mdx index 71236d1438685..679139dfe84d2 100644 --- a/docs/platforms/javascript/common/data-management/sensitive-data/index.mdx +++ b/docs/platforms/javascript/common/data-management/sensitive-data/index.mdx @@ -36,9 +36,23 @@ If you _do not_ wish to use the default PII behavior, you can also choose to ide ## Scrubbing Data -### & +### `beforeSend`, `beforeSendSpan`, & `beforeSendTransaction` -SDKs provide a hook, which is invoked before an error or message event is sent and can be used to modify event data to remove sensitive information. Some SDKs also provide a hook which does the same thing for transactions. We recommend using and in the SDKs to **scrub any data before it is sent**, to ensure that sensitive data never leaves the local environment. +SDKs provide various `beforeSend*` hooks, which are invoked before an errors, messages, spans, logs or metrics are sent and can be used to modify event data to remove sensitive information. The following hooks are available: + +- `beforeSend` applies to error and message events +- `beforeSendSpan` applies to spans +- `beforeSendLog` applies to logs +- `beforeSendMetric` applies to metrics +- `beforeSendTransaction` applies to transactions (only in transaction mode) + + + +If you're using Span Stream Mode, `beforeSendTransaction` has no effect. Instead, use `beforeSendSpan` with the `withStreamedSpan` helper to modify streamed spans directly. + + + +We recommend using these hooks in the SDKs to **scrub any data before it is sent**, to ensure that sensitive data never leaves the local environment. @@ -50,6 +64,7 @@ Sensitive data may appear in the following areas: - HTTP context → Query strings may be picked up in some frameworks as part of the HTTP request context. - Transaction Names → In certain situations, transaction names might contain sensitive data. For example, a browser's pageload transaction might have a raw URL like `/users/1234/details` as its name (where `1234` is a user id, which may be considered PII). In most cases, our SDKs can parameterize URLs and routes successfully, that is, turn `/users/1234/details` into `/users/:userid/details`. However, depending on the framework, your routing configuration, race conditions, and a few other factors, the SDKs might not be able to completely parameterize all of your URLs. - HTTP Spans → Most SDKs will include the HTTP query string and fragment as a data attribute, which means the HTTP span may need to be scrubbed. +- Attributes → Attributes can be scrubbed using the `beforeSendSpan`, `beforeSendLog`, and `beforeSendMetric` hooks for the respective telemetry types. For more details and data filtering instructions, see Filtering Events. From 897a068acd2ca5fed785716b6026eeca8f16845a Mon Sep 17 00:00:00 2001 From: Lukas Stracke Date: Wed, 3 Jun 2026 11:48:31 +0200 Subject: [PATCH 2/2] Update docs/platforms/javascript/common/data-management/sensitive-data/index.mdx --- .../javascript/common/data-management/sensitive-data/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/platforms/javascript/common/data-management/sensitive-data/index.mdx b/docs/platforms/javascript/common/data-management/sensitive-data/index.mdx index 679139dfe84d2..14541f6d6b231 100644 --- a/docs/platforms/javascript/common/data-management/sensitive-data/index.mdx +++ b/docs/platforms/javascript/common/data-management/sensitive-data/index.mdx @@ -36,7 +36,7 @@ If you _do not_ wish to use the default PII behavior, you can also choose to ide ## Scrubbing Data -### `beforeSend`, `beforeSendSpan`, & `beforeSendTransaction` +### Scrubbing in `beforeSend*` SDK hooks SDKs provide various `beforeSend*` hooks, which are invoked before an errors, messages, spans, logs or metrics are sent and can be used to modify event data to remove sensitive information. The following hooks are available: