---
title: Do Not Pass Sensitive Data In Query String
impact: HIGH
impactDescription: prevents credential leakage in logs and history
tags: url, query-string, sensitive-data, leakage, security
---

## Do Not Pass Sensitive Data In Query String

Query strings appear in server logs, browser history, referrer headers, and can be cached by proxies and CDNs.

**Incorrect (sensitive data in URL):**

```go
// Tokens in URL
http.Get(fmt.Sprintf("https://api.example.com/data?token=%s", accessToken))

// Password in URL
http.Post(fmt.Sprintf("https://api.example.com/login?user=admin&pass=%s", password), "application/json", nil)
```

**Correct (sensitive data in body/headers):**

```go
// Token in header
req, _ := http.NewRequest("GET", "https://api.example.com/data", nil)
req.Header.Set("Authorization", "Bearer "+accessToken)
client.Do(req)

// Credentials in body
payload := map[string]string{"user": "admin", "pass": password}
jsonPayload, _ := json.Marshal(payload)
http.Post("https://api.example.com/login", "application/json", bytes.NewBuffer(jsonPayload))
```

**Where query strings leak:**
- Server access logs
- Browser history
- Referrer headers
- Proxy/CDN logs

**Tools:** Semgrep, Manual Review, Proxy log scanner