Skip to Content
Security

Security

Miniback is designed with privacy and security in mind.

Domain Restrictions

  • Restrict which domains can use your widget (set in dashboard)
  • Configure allowed domains with wildcard support
  • Secure your widget from unauthorized use

๐Ÿ“– Complete Domain Management Guide โ†’

API Keys

  • Generate project-level API keys for programmatic access
  • Never expose API keys in client-side code
  • Use environment variables and secure storage
  • Regenerate keys if compromised

๐Ÿ“– Complete API Security Guide โ†’

Network Log Redaction

When network capture is enabled, Miniback automatically redacts sensitive data before logs are stored:

  • Sensitive headers (e.g. authorization, cookie, x-api-key) are stripped by default
  • Sensitive body keys (e.g. password, token, accessToken) are stripped by default
  • You can add your own custom header and body-key rules per project

๐Ÿ“– Bug Context Capture Guide โ†’ Redaction Rules

Privacy

  • No user tracking, no session replay
  • Interaction breadcrumbs mask input values and redact sensitive URL parameters
  • Screenshots are optional and only captured when the user chooses to add one
  • GDPR compliant

Last updated on