Several analytics vendors (e.g. Google Analytics) will record a user's active page URL as a data point. As a result, unwanted sensitive data or PII can make its way into those platforms. In most instances this can be resolved by removing this sensitive data directly from the code on a site. However, there are cases where this data either unable to be removed from the URL or the data needs to be removed immediately.

In those cases, we can strip PII fields from the querystring simply using an extension.

Redacting Email Addresses

If email addresses are coming in under a number of parameters in the query string, the following steps leverage a regular expression that replaces any email address (in any field) with

Step 1: Create a Set Data Values extension scoped to All Tags - Before Load Rules or All Tags - After Load Rules.

Step 2: In the "Set" field, click on the + button to create a new variable, and call it "clean_url".

Step 3: Set the value using the following code: 

b['dom.pathname']+"?"+b['dom.query_string'].replace(/=([^&]+@[^\.]+)\./g, '=xxx@xxx.') ;

Removing Named Parameters from the Query String

There are instances where several known parameters need to be removed from the URL. In this case we can loop through the querystring parameters and remove them as needed.

Step 1: Create a new variable from the Data Layer tab called "clean_url".

Step 2: Create a JavaScript Code extension in the Extensions tab. Make sure it is scoped to All Tags or the specific tag in question. Paste the following code into the code editor and edit line 1 with the names of parameters to be removed:

var pii_data = ["card_number", "email"]; // Strip these selected fields from query string

var params = decodeURIComponent(b["dom.query_string"]);
var query_params = params.split(/&|;/);
var clean_query = [];

function validate(field) {
  for (var i = 0; i < pii_data.length; i++) {
    var regexp = new RegExp("^" + pii_data[i] + "=");
    if (regexp.test(field)) {
      return false;
  return true;

for (var i = 0; i < query_params.length; i++) {
  var field = query_params[i];
  if (validate(field)) {

b.clean_url = b["dom.pathname"] + "?" + clean_query.join("&");

Step 3: Select the publish environments by clicking Approve for publish....

Step 4: Save and publish.

Tags (1)
Version history
Last update:
‎10-23-2020 02:24 PM
Updated by: