Concealing sensitive data recorded by the App Visibility agents
App Visibility agents record information received in HTTP requests, some of which might include sensitive information about end users, such as account numbers, passwords, or a personal home address.
For example, your application might include a page with the following URL:
In the example, the App Visibility agent records the parameters and values, and App Visibility users can see the
secret parameter in the Application Flow and Code Level tabs of the Trace Details page.
To prevent sensitive information from being displayed, you can mask the information recorded from HTTP parameters and headers.
Add the parameter name (for example,
secret) to the list, as in the following example:
persisting.param.names.to.mask=password, j_password, pass, pswd, authorization, passwordInput, j_id_id3:passwordInput, passwd, vpasswd, secret
The next time such a request is collected by the App Visibility agents, the
secret parameter will be masked with 5 asterisks (
In the same way, this property can be used to mask whole HTTP header values collected by the App Visibility agent.