I think the main problem is that you have the value in the querystring.
Even if you obfuscate the values sent in the analytics payload, the
plaintext version will still be sent in the referrer. We had a similar
issue with email addresses in plaintext in URLs. The only surefire
solution is to stop putting PII in URLs.
There's probably a bunch of ways to do this. Here's one:With custom
code:This assumes you have a "page_title" date element. If not you could
just use:s.prop5 = document.title + ' | ' + event.target.type + ' | ' +
event.target.name + ' | ' + event.target.id;This just sets the prop. You
may also want to fire the beacon here depending on your use case.