This project is not covered by Drupal’s security advisory policy.

A webform component for Social Security Numbers.

The module adds a new component to Webform components list which provides an option to define SSN (Social Security Number).

The default setting masks the entries, like password fields. It could be changed in component settings page to have plain text fields instead.

Due to confidentiality of Social Security Numbers, SSN field value is masked every time it is displayed, including results table and download. i.e. ***-**-1234


Use this module ONLY if you really have to collect Social Security Numbers.

Since, the native Webform components exposes the full value, it is not really safe to use it as is for Social Security Numbers.

That is why I created this module. With Webform SSN, the complete value is never displayed. Only the roles with following permissions can edit and then see the full number: edit all webform submissions and edit own webform submissions.

It is highly recommended to install Webform Encrypt and enable it for all the SSN fields to keep SSN field values encrypted in the database.

It is also recommended to assign only the necessary roles to view the results and enable Private checkbox at the component settings page.

Check out the state laws regarding the confidentiality of Social Security Numbers at

Please test this module internally, and understand how it works before deciding to use on a production website.





This project is developed by Osman Gormus and sponsored by Project6 Design, Inc., a leading Drupal design firm in the San Francisco Bay Area. Visit us at or contact us at

Project information

  • caution Minimally maintained
    Maintainers monitor issues, but fast responses are not guaranteed.
  • caution Maintenance fixes only
    Considered feature-complete by its maintainers.
  • Module categories: Content, Fields
  • chart icon24 sites report using this module
  • shield alertThis project is not covered by the security advisory policy.
    Use at your own risk! It may have publicly disclosed vulnerabilities.