Why do I see blocked query parameters in Fullstory?

Fullstory takes deliberate steps to ensure the privacy of your end users. One of these steps is to detect and block URL query parameters which are known to contain sensitive information.

As such, customers may notice that some query parameters in the URLs of their sessions show as --blocked--. The following parameters are blocked by default for all Fullstory customers:

  • Any query parameter will be blocked if it contains:
    • password
    • token
  • The following parameters are blocked as matched:
    • jwt
    • code

redacted_query_params.png

An example of a blocked password in the Session Replay view.

Fullstory admins can configure URL Component Privacy Rules to prevent any unwanted or sensitive data within captured URLs from reaching your Fullstory instance.

Learn more other ways to protect your users' privacy within Fullstory.


Was this article helpful?

Got Questions?

Get in touch with a Fullstory rep, ask the community or check out our developer documentation.