FullStory takes deliberate steps to ensure the privacy of your end users. One of these steps is to detect and block URL query parameters which are known to contain sensitive information.
As such, customers may notice that some query parameters in the URLs of their sessions show as --blocked--. The following parameters are blocked by default for all FullStory customers:
- Any query parameter will be blocked if it contains:
passwordtoken
- The following parameters are blocked as matched:
jwtcode
An example of a blocked password in the Session Replay view.
If you use other query parameters which you would like to block to protect your users' privacy, reach out to Support here, and we’ll be happy to help. It is important to note that any blocked custom parameters will not be retroactive.
Learn more other ways to protect your users' privacy within FullStory.