How is the IP address of an event determined?

I’ve been having some issues collecting the real IP address for error events sent to sentry using the python sentry_sdk package with the Django integration.

According to the function will check 3 headers for the IP address.

But then suggests it’s not actually used unless the PII setting is set to True.

So my follow up question is what IP address is stored under the “Affected Users” section of an event? See the screenshot:

My goal is:

  1. Collect the IP address for each unique visitor (so that we can count distinct affected users, the IP is only a proxy for that metric).

  2. Not collect sensitive data like cookies and auth headers. In this case, I don’t consider IP address as sensitive.

Personally, it’d be helpful if there were a list of PII attributes you could specifically opt in or out from, rather than a big PII umbrella that’s all or nothing.

What we ended up doing was setting send_default_pii=True in the init call, but then blacklisting the sessionid key in the Additional Sensitive Fields configuration of the project (and globally).