Data Collected
See what data is collected by the Sentry SDK.
Sentry takes data privacy very seriously and has default settings in place that prioritize data safety, especially when it comes to personally identifiable information (PII) data. When you add the Sentry SDK to your application, you allow it to collect data and send it to Sentry during the runtime of your application.
The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. Here's a list of data categories the Sentry PHP SDK collects:
By default, the Sentry SDK doesn't send any HTTP headers.
To start sending HTTP headers, set the send_default_pii option to true.
By default, the Sentry SDK doesn't send cookies. Sentry tries to remove any cookies that contain sensitive information, (such as the Laravel Session, Remember Token and CSRF Token cookies).
If you want to send cookies, set the send_default_pii option to true.
By default, the Sentry SDK doesn't send any information about the logged-in user, (such as email address, user id, or username).
To start sending logged-in user information, set the send_default_pii option to true.
By default, the Sentry SDK doesn't send the user's IP address.
To enable sending the user's IP address, set the send_default_pii option to true.
The full request URL of outgoing and incoming HTTP requests is always sent to Sentry. Depending on your application, this could contain PII data.
The full request query string of outgoing and incoming HTTP requests is always sent to Sentry. Depending on your application, this could contain PII data.
The request body of incoming HTTP requests can be sent to Sentry. Whether it's sent or not, depends on the type and size of request body as described below:
- The type of the request body: -JSON and form bodies are sent -Raw request bodies are always removed -Uploaded files in the request bodies are never sent to Sentry
- The size of the request body: There's a max_request_body_sizeoption that's set tomediumby default. This means that larger request bodies aren't sent to Sentry.
If you want to prevent bodies from being sent to Sentry altogether, set max_request_body_size to 'never'.
When an unhandled exception is sent to Sentry, a snapshot of the source code surrounding the line where the error originates is sent with it.
To opt out of sending this source context to Sentry, set the context_lines option to 0.
When unhandled errors and exceptions are sent to Sentry, the names and values of local variables that were set when the errors occurred, are sent at the same time.
You can stop sending local variables to Sentry by setting zend.exception_ignore_args=1 in your php.ini. On some distributions, this setting is already set to 1 by default and if you want to include local variables set zend.exception_ignore_args=0 instead.
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) or suggesting an update ("yeah, this would be better").