Security compliance includes two meanings: security and compliance. Security refers to the security of user information data storage and transmission, which is not easily intercepted or intercepted. Compliance refers to the legal and compliant collection and use of user information data.

Security: local storage encryption, data collection encryption

Compliance: delayed initialization, dynamic enable/disable data collection

Delayed initialization

Web JS SDK provides delayed initialization starting from version v1.21.1 or later to meet compliance requirements.After the customer agrees to the Privacy Policy, they can initialize the SDK for data collection. Please refer to the following steps:

<script> window.sensors_data_pre_config = { is_compliance_enabled: true } </script> <script charset='UTF-8' src="在 github 下载新版本的 sensorsdata.min.js "></script> if(同意隐私条款){ sensors.init({ server_url: 'http://test-syg.datasink.sensorsdata.cn/sa?token=xxxxx&project=xxxxxx', is_track_single_page:true, // 单页面配置,默认开启,若页面中有锚点设计,需要将该配置删除,否则触发锚点会多触发 $pageview 事件 use_client_time:true, send_type:'beacon', heatmap: { //是否开启点击图,default 表示开启,自动采集 $WebClick 事件,可以设置 'not_collect' 表示关闭。 clickmap:'default', //是否开启触达图,not_collect 表示关闭,不会自动采集 $WebStay 事件,可以设置 'default' 表示开启。 scroll_notice_map:'not_collect' } }); sensors.quick('autoTrack'); } </script>
JS
  1. Set the window global variable sensors_data_pre_config before loading the Web JS SDK.
  2. Compliance does not support the use of callback functions in the Web JS SDK API.
  3. Compliance does not support the asynchronous loading of the Web JS SDK.

Local storage encryption

Currently, the cookies saved by the SDK contain user information and attribute information set with register, which can be deeply encrypted to ensure security

To use the encryption feature, all SDKs on all pages must be the latest version; otherwise, if some pages use the encrypted cookie feature, the cookie will be encrypted. If the SDK used on some pages is an older version without decryption function, it will cause the cookie to be unable to be parsed, resulting in the generation of new users and inability to unify them

Version requirements

  • Web JS SDK 1.16.10 and above versions

Feature configuration

 <script charset="UTF-8"> var sensors = window["sensorsDataAnalytic201505"]; // 初始化SDK sensors.init({ server_url: "数据接收地址", // 开启 cookie 加密配置,默认 false encrypt_cookie: true }); sensors.quick("autoTrack"); </script>
JS


Encryption of event tracking data

To enhance the security of event tracking data, Sensosr Analytics supports encrypting the event tracking data and storing and sending the data in ciphertext form.

This function requires the cooperation of the server, you can contact the customer success/project manager to help open the server decryption function.

After encryption is enabled, if the server does not support decryption, the data cannot be stored and will be lost, and there will be no error reported in the buried point management.

Version Requirement

  • Web JS SDK 1.19.9 and above
  • Edge v0.3.0 and above
  • SDF 2.3 and above

Enable AES encryption for event tracking data

Refer to the Plugin Integration (Web) documentation for integration with the AES Encryption Plugin.

Enable custom asymmetric encryption for event tracking data

If you need to use custom asymmetric encryption, such as SM encryption, for the sent data, refer to the Plugin Integration (Web) documentation for integration with the Custom Encryption Plugin.

Support dynamic disabling/enabling of SDK API tracking

// 禁用 API 执行 sensors.disableSDK() // 恢复 API 执行 sensors.enableSDK()
CODE

Note: This must be called after initialization. For more details, refer to the disableSDK documentation.