Configure data privacy settings for web frontends
- Latest Dynatrace
- How-to guide
- Published Jan 15, 2026
Ensuring compliance with GDPR and other data privacy regulations is essential for the success of your digital business. The New RUM Experience provides a comprehensive set of options that help you protect the privacy of your customers’ personal data when monitoring web frontends.
To access the data privacy settings for web frontends
- Go to
Experience Vitals > Overview. - Select Web to view all web frontends.
- Select the frontend you want to configure.
- On the Settings tab, select Data privacy.
Check the sections below for the detailed description of each setting.
Mask personal data in URIs
To access this setting, select Data Privacy > General.
🔴 Disabled by default
Dynatrace captures full URIs of requests that are sent from desktop and mobile browsers, as well as URIs of requests that are sent and received within monitored server-side processes. URIs may contain personal data, such as user names, passwords, or IDs.
When Mask personal data in URIs is turned on, Dynatrace detects personal data—email addresses, IBANs, payment card numbers, IP addresses, UUIDs, and other IDs—in URIs, headers, exception messages, and data captured for request attributes. It masks this data at storage by replacing it with the <masked> string. It also replaces query parameter values with the <masked> string. IDs and numbers must have at least 5 decimal or hexadecimal digits to be masked.
URI masking examples
Type of personal data
Example before masking
Example after masking
Email address
https://example.com/user/john.doe@example.com/profile
https://example.com/user/<masked>/profile
Query parameter value
https://example.com?country=Austria&city=Linz
https://example.com?country=<masked>&city=<masked>
Payment card number
https://example.com/checkout?card=4111111111111111
https://example.com/checkout?card=<masked>
IP address
https://192.168.10.25/dashboard
https://<masked>/dashboard
As a result, personal data appearing in URIs is masked in user events.
Use persistent cookies for user tracking
To access this setting, select Data Privacy > General.
🔴 Disabled by default
The Use persistent cookies for user tracking setting allows you to enable or disable the use of persistent cookies for identifying returning users.
When turned on, the RUM JavaScript sets a persistent cookie in end-user browsers that indicates that the browser has been used previously to access your frontend. When turned off, RUM Classic is no longer able to associate sessions with the same user across browser restarts. Learn how we store this cookie.
Data-collection and opt-in mode
To access this setting, select Data Privacy > General.
🔴 Disabled by default
To give your end users the ability to decide whether their activities should be tracked or not, enable opt-in mode.
By default, RUM automatically creates cookies. When Data-collection and opt-in mode is turned on, neither OneAgent nor the RUM JavaScript sets cookies, and the RUM JavaScript doesn't capture any data. After an end user accepts your cookie policy, you can activate RUM for that user via the dtrum.enable() JavaScript API call. Using the dtrum.disable() API call, you can implement a dialog that allows end users to stop sending monitoring data to Dynatrace even after they've previously agreed to it and dtrum.enable() has already been called.
Both API calls are effective for RUM Classic and the New RUM Experience, therefore the new JavaScript API does not provide equivalents at this point.
Comply with "Do not Track" browser settings
To access this setting, select Data Privacy > General.
🟢 Enabled by default
Another technique for protecting end-user privacy is the "Do Not Track" feature. When a user enables this feature, their browser adds the DNT HTTP request header to all outgoing web requests. This header specifies that the user prefers not to be tracked.
After you turn on Comply with "Do Not Track" browser settings, you can select between two options:
- Capture anonymous user sessions for "Do Not Track"-enabled browsers: When the
DNTheader is detected, Dynatrace captures RUM data but excludes all personal information that could lead to the identification of the user.- The IP address is masked.
- In RUM Classic, no user tag information is sent.
- In the New RUM Experience, no user identifier is sent if it was added using the RUM Classic JavaScript API. Note that the user identifier will still be sent if it was added using the new JavaScript API
With the User tracking setting enabled, Dynatrace still sets a persistent cookie to detect returning users.
- Turn Real User Monitoring off for "Do Not Track"-enabled browsers: When the
DNTheader is detected, Dynatrace doesn't capture any data from browsers that have the "Do Not Track" setting enabled.
If you turn off Comply with "Do Not Track" browser settings, Dynatrace ignores the browser's "Do Not Track" setting and the DNT header.
The Comply with "Do Not Track" browser settings — Capture anonymous user sessions for "Do Not Track"-enabled browsers option is enabled by default for all environments and frontends.
Mask end-user IP addresses and GPS coordinates
To access this setting, select Data privacy > IP masking.
🟢 Enabled by default
To determine the region from which end users access web and mobile frontends, Dynatrace captures their IP addresses. GPS coordinates are captured only for mobile frontends.
When the Mask end-user IP addresses and GPS coordinates option is turned on, IP addresses are masked on the beacon endpoint. The last octet of monitored IPv4 addresses and the last 80 bits of IPv6 addresses are replaced with zeros. Geolocation lookups are performed using masked IP addresses.