---
title: "Data Collected"
description: "See what data is collected by the Sentry SDK."
url: https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected/
---

# Data Collected | Sentry for Cloudflare

Sentry takes data privacy very seriously and has default settings in place that prioritize data safety, especially when it comes to personally identifiable information (PII) data. When you add the Sentry SDK to your application, you allow it to collect data and send it to Sentry during the runtime and build time of your application.

The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. This page lists data categories that the Sentry JavaScript SDK collects.

Many of the categories listed here require you to enable the [sendDefaultPii option](https://docs.sentry.io/platforms/javascript/guides/cloudflare/configuration/options.md#sendDefaultPii).

## [HTTP Headers](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#http-headers)

By default, the Sentry SDK sends HTTP response or request headers.

## [Cookies](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#cookies)

By default, the Sentry SDK doesn't send cookies.

If you want to send cookies, set `sendDefaultPii: true` in the `Sentry.init()` call. This will send the cookie headers `Cookie` and `Set-Cookie` from fetch and XHR requests.

## [Information About Logged-in User](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#information-about-logged-in-user)

By default, the Sentry SDK doesn't send any information about the logged-in user, such as email address, user ID, or username.

The type of logged-in user information you'll be able to send depends on the integrations you enable in Sentry's SDK. Most integrations won't send any user information. Some integrations (e.g. [User Feedback](https://docs.sentry.io/platforms/javascript/guides/cloudflare/user-feedback.md)) make it possible to send data like the user ID, username, and email address.

## [Users' IP Address and Location](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#users-ip-address-and-location)

By default, the Sentry SDK doesn't send the user's IP address.

To enable sending the user's IP address and infer the location, set [`sendDefaultPii: true`](https://docs.sentry.io/platforms/javascript/guides/cloudflare/configuration/options.md#sendDefaultPii). In some integrations such as [`handleRequest`](https://docs.sentry.io/platforms/javascript/guides/cloudflare/guides/astro.md#customize-server-instrumentation) in Astro, you can send the user's IP address by enabling `trackClientIp`.

If sending the IP address is enabled we will try to infer the IP address or use the IP address provided by `ip_address` in [`Sentry.setUser()`](https://docs.sentry.io/platforms/javascript/guides/cloudflare/apis.md#setUser). If you set `ip_address: null`, the IP address won't be inferred.

## [Request URL](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#request-url)

The full request URL of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data. For example, a URL like `/users/1234/details`, where `1234` is a user id (which may be considered PII).

## [Request Query String](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#request-query-string)

The full request query string of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data. For example, a query string like `?user_id=1234`, where `1234` is a user id (which may be considered PII).

However, Sentry has some default [server-side data scrubbing](https://docs.sentry.io/security-legal-pii/scrubbing/server-side-scrubbing.md) in place to remove sensitive data from the query string. For example, the `apiKey` and `token` query parameters are removed by default.

## [Request Body](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#request-body)

By default, Sentry sends the size of the body content of incoming HTTP requests. This is inferred from the `content-length` header. Sentry does not send the request body itself on the client-side.

## [Server-Side Request Data](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#server-side-request-data)

On the server-side, the [RequestData Integration](https://docs.sentry.io/platforms/javascript/guides/cloudflare/configuration/integrations/requestdata.md) captures incoming request data including cookies, headers, query strings, request body (`data`), URL, and user information. By default, most of these fields are captured (except IP address).

##### Upcoming Changes in v11

In version 11, the default behavior of the RequestData integration will likely change to be more privacy-conscious. Fields like `cookies`, `data`, `headers`, `query_string`, and `user` will default to `false` instead of `true`. To continue capturing this data after upgrading to v11, you'll need to either explicitly configure the [RequestData Integration](https://docs.sentry.io/platforms/javascript/guides/cloudflare/configuration/integrations/requestdata.md) or set [`sendDefaultPii: true`](https://docs.sentry.io/platforms/javascript/guides/cloudflare/configuration/options.md#sendDefaultPii).

## [Response Body](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#response-body)

By default, the Sentry SDK doesn't send the body content of responses received from outgoing requests. By default, the SDK will send the response body size based on the `content-length` header.

## [Source Context](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#source-context)

By default, SDKs set up by the Sentry CLI Wizard (`@sentry/wizard`) will enable uploading source maps to Sentry.

To disable source map upload, see [the Source Maps documentation](https://docs.sentry.io/platforms/javascript/guides/cloudflare/sourcemaps.md).

## [Local Variables In Stack Trace](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#local-variables-in-stack-trace)

The Sentry SDK does not send local variables in the error stack trace in client-side JavaScript SDKs.

## [Device, Browser, OS and Runtime Information](https://docs.sentry.io/platforms/javascript/guides/cloudflare/data-management/data-collected.md#device-browser-os-and-runtime-information)

By default, the Sentry SDK sends information about the device and runtime to Sentry.

In browser environments, this information is obtained by the User Agent string. The User Agent string contains information about the browser, operating system, and device type.

In server-side environments, the Sentry SDK uses the `os` module to get information about the operating system and architecture.