less than a minute read • Updated 2 hours ago
Hide sensitive custom field data from receipts and emails
How to use the h: field name prefix to keep sensitive custom checkout field data out of emails.
By default, every custom checkout field is included in the email receipt sent to both the customer and your store. For information you don’t want emailed — like an account ID number — prefix the field’s name with h: to keep it out of emails.
Steps
Please enter your Secret Account ID: <input type="text" name="h:secret_account_id" value="{{ _context['h:secret_account_id'] }}" />
Notes
Sensitive fields still appear in the admin’s transaction view and are included in the XML datafeed — the
h:prefix only removes them from emails.Don’t use custom fields to collect passwords. Foxy stores custom field values in cleartext, not hashed, so they should never hold sensitive credentials.