Query parameters are a way to pass data to a website through the URL. They can be used to track user behavior, customize content, or provide input for web applications.
In the example below, query parameters are everything that comes after the ?
separator.
www.yourwebsite.com/search?city=milan&start_date=20230101&end_date=20230203
As of April 28, 2023, query parameters are supported in live website testing. This means that, for any mazes created after this date:
- Query parameters aren’t stripped out when entering the start URL, and
- parameter changes are registered as a new step in the success path of the website test.
Results and reporting
Each parameter change counts as a new screen, and is therefore counted towards success classification.
For example, if you’ve defined the following success path:
1. yourwebsite.co/ (initial screen)
2. yourwebsite.co/search?k=tokyo (success screen)
The following path will be classified as an indirect success:
1. yourwebsite.co/ (initial screen)
2. yourwebsite.co/search?k=london
3. yourwebsite.co/search?k=tokyo (success screen)
Learn more about setting success paths on your website tests
Ignored parameters
Certain parameters are used to pass along information that’s specific to each user — e.g. OAuth tokens or other forms of user identification. These parameters may contain sensitive/identifying information about your users.
In the context of website testing, such parameters can also result in tests getting misclassified and aggregated incorrectly. For example, yourwebsite.co?utm_source=newsletter
and yourwebsite.co?utm_source=blog
would be considered separate screens, skewing the analysis.
For these reasons, there’s a set of parameters that’s ignored by Maze. These parameters are entirely stripped from the results analysis, and aren’t registered in our database.
'access_token', // A token that provides access to a protected resource. Excluding this parameter can prevent unauthorized access to your resources. 'account', // An identifier for the user's account or organization. Excluding this parameter can prevent unauthorized access to your accounts or organizations. 'apikey', // An API key that provides access to an API. Excluding this parameter can prevent unauthorized access to your APIs. 'auth', // An authentication token or credentials. Excluding this parameter can prevent unauthorized access to your resources. 'auth_key', // An authentication key. Excluding this parameter can prevent unauthorized access to your resources. 'auth_token', // An authentication token. Excluding this parameter can prevent unauthorized access to your resources. 'callback', // The name of a function to be called with the API response. Excluding this parameter can prevent cross-site scripting (XSS) attacks. 'client_id', // An identifier for the client application or service. Excluding this parameter can prevent unauthorized access to your client applications or services. 'client_secret', // A secret that authenticates the client application or service. Excluding this parameter can prevent unauthorized access to your client applications or services. 'code', // An authorization code that is exchanged for an access token. Excluding this parameter can prevent unauthorized access to your resources. 'email', // The user's email address. Excluding this parameter can prevent unauthorized access to your users' email addresses. 'fbclid', // A Facebook click ID that is used for tracking. Excluding this parameter can prevent tracking by Facebook. 'gclid', // A Google click ID that is used for tracking. Excluding this parameter can prevent tracking by Google. 'grant_type', // The type of grant used in an OAuth flow. Excluding this parameter can prevent unauthorized access to your resources. 'id_token', // A JSON Web Token (JWT) that contains identity information. Excluding this parameter can prevent unauthorized access to your identity information. 'jwt', // A JSON Web Token (JWT) that is used for authentication and authorization. Excluding this parameter can prevent unauthorized access to your resources. 'oauth', // A parameter used in an OAuth flow. Excluding this parameter can prevent unauthorized access to your resources. 'oauth_token', // An OAuth token. Excluding this parameter can prevent unauthorized access to your resources. 'openid', // An OpenID Connect ID token. Excluding this parameter can prevent unauthorized access to your identity information. 'password', // The user's password. Excluding this parameter can prevent unauthorized access to your users' passwords. 'refresh_token', // A token used to refresh an access token. Excluding this parameter can prevent unauthorized access to your resources. 'session', // A session identifier. Excluding this parameter can prevent unauthorized access to your users' sessions. 'session_id', // A session identifier. Excluding this parameter can prevent unauthorized access to your users' sessions. 'signature', // A signature used to verify the authenticity of a message. Excluding this parameter can prevent unauthorized access to your resources. 'state', // A parameter used to maintain state in an OAuth flow. Excluding this parameter can prevent unauthorized access to your resources. 'token', // A token that provides access to a resource. Excluding this parameter can prevent unauthorized access to your resources. 'uid', // The user's unique identifier. Excluding this parameter can prevent unauthorized 'user', // The user's username or login name. Excluding this parameter can prevent unauthorized access to your users' usernames or login names. 'userid', // The user's unique identifier. Excluding this parameter can prevent unauthorized access to your users' unique identifiers. 'username', // The user's username or login name. Excluding this parameter can prevent unauthorized access to your users' usernames or login names. 'utm_source', // A parameter used in Google Analytics to track the source of website traffic 'lwt', // Parameter used to start the LWT snippet