Fullstory takes deliberate steps to ensure the privacy of your end users. One of these steps is to detect and block URL query parameters which are known to contain sensitive information.
As such, customers may notice that some query parameters in the URLs of their sessions show as --blocked--
. The following parameters are blocked by default for all Fullstory customers:
- Any query parameter will be blocked if it contains:
password
token
- The following parameters are blocked as matched:
jwt
code
An example of a blocked password in the Session Replay view.
Fullstory admins can configure URL Component Privacy Rules to prevent any unwanted or sensitive data within captured URLs from reaching your Fullstory instance.
Learn more other ways to protect your users' privacy within Fullstory.