Frequently Asked Questions

No. All data submitted through these tools is discarded immediately after processing. Nothing is stored, logged, or retained on any server. The site is designed purely for testing purposes.

No. All sample data provided on this site is entirely synthetic. Credit card numbers use valid Luhn check digits but are not associated with any real accounts. Social Security Numbers, names, addresses, and all other PII are fabricated and do not correspond to real individuals.

This site is intended for security teams, IT administrators, and compliance officers who need to validate that their DLP solutions are correctly configured and capable of detecting sensitive data across various channels and formats.

DLP is traditionally divided into three categories:

Data in Motion (DIM) — Monitors and protects data as it travels across the network, including email, web uploads, FTP transfers, and other network protocols.

Data in Use (DIU) — Protects data being actively used on endpoints, such as clipboard operations, printing, screen captures, and USB transfers.

Data at Rest (DAR) — Discovers and protects sensitive data stored on file servers, databases, cloud storage, and endpoints.

Always start in monitor (audit) mode first. This lets you observe what your DLP solution detects without disrupting business operations. Once you have tuned your policies and reduced false positives to an acceptable level, gradually move to block mode for critical policies.

Most DLP solutions require SSL/TLS inspection (also called SSL decryption or HTTPS interception) to inspect encrypted traffic. Without it, the DLP engine cannot see the contents of HTTPS requests. Ensure your proxy or firewall is configured to decrypt and re-encrypt HTTPS traffic, and that the necessary root CA certificates are deployed to endpoints.

ICAP (Internet Content Adaptation Protocol) is a lightweight protocol defined in RFC 3507 that allows HTTP proxies to offload content scanning to external servers. In the context of DLP, a proxy forwards HTTP/HTTPS request and response bodies to a DLP engine via ICAP for inspection. This allows the DLP solution to analyze content in real time without being inline with the traffic flow.

Endpoint DLP testing typically involves the following steps:

1. Clipboard Test — Copy sensitive data and attempt to paste it into unauthorized applications.
2. USB Transfer Test — Attempt to copy sensitive files to a removable USB drive.
3. Print Test — Send a document containing sensitive data to a printer or PDF printer.
4. Screen Capture Test — Attempt to take screenshots while sensitive data is displayed.
5. Cloud Upload Test — Try uploading sensitive files to cloud storage services like Google Drive or Dropbox.

Regex-based detection uses regular expression patterns to identify sensitive data formats (e.g., credit card numbers, SSNs). It is flexible but can produce false positives because it matches any text fitting the pattern, even if it is not actual sensitive data.

Exact Data Matching (EDM) compares content against a fingerprinted database of known sensitive values (e.g., an actual employee database). It is far more accurate because it only triggers on real data, but it requires maintaining an up-to-date fingerprint database.