This document aims to provide an understanding of the architecture of session replay and its security aspects in the Requestly app.
When auto-recording a particular website, the extension adds a JavaScript library in the website - request-web-sdk.
js - which observes the mouse movement, console logs, and network logs. The recorded data is locally stored in the page’s context (an in-memory JS variable).
Please note, as soon as the page navigates or refreshes, the local context is cleared by the browser, and data recorded so far is lost. In Network logs, request headers are NOT captured as they are more likely to hold sensitive information like authorization tokens, auth id, session id, resource id, cookies, etc.
Once the session is recorded on the website, you can review it, add details, save online or download the session file locally by clicking on Save
. The Requestly UI retrieves the session data and renders the session player and other details.
While saving the session, you can choose if Console logs and Network logs are to be included in the replay. If not included, they will not be saved on the Requestly server.
The security of session replay in Requestly is ensured by the following measures:
Save
> Download File.
Requestly takes several measures to ensure the security of session replay, including local storage of data, not capturing sensitive information, and secure storage of configuration.