Why do I see blocked query parameters in Fullstory?

Fullstory takes deliberate steps to ensure the privacy of your end users. One of these steps is to detect and block URL query parameters which are known to contain sensitive information.

As such, customers may notice that some query parameters in the URLs of their sessions show as --blocked--. The following parameters are blocked by default for all Fullstory customers:

  • Any query parameter will be blocked if it contains:
    • password
    • token
  • The following parameters are blocked as matched:
    • jwt
    • code


An example of a blocked password in the Session Replay view.

If you use other query parameters which you would like to block to protect your users' privacy, reach out to Support here, and we’ll be happy to help. It is important to note that any blocked custom parameters will not be retroactive.

Learn more other ways to protect your users' privacy within Fullstory.

Need to get in touch with us?

The Fullstory Team awaits your every question.

Ask the Community Technical Support