FullStory takes deliberate steps to ensure the privacy of your end users. One of these steps is to detect and redact URL query parameters which are known to contain sensitive information.
As such, customers may notice that some query parameters in the URLs of their sessions show as --blocked--. The following parameters are blocked and redacted by default for all FullStory customers:
- Any query parameter will be blocked if it contains:
passwordtoken
- The following parameters are blocked as matched:
jwtcode
An example of a redacted password in the Session Replay view.
If you use other query parameters which you would like to redact to protect your users' privacy, reach out to Support here, and we’ll be happy to help. It is important to note that any custom parameter redactions will not be retroactive.
Learn more other ways to protect your users' privacy within FullStory.