From 32a2480ea243dab325cb809c3d2d10f2d39a7b80 Mon Sep 17 00:00:00 2001
From: geoffg-sentry <165922362+geoffg-sentry@users.noreply.github.com>
Date: Wed, 13 May 2026 14:09:49 -0400
Subject: [PATCH 1/4] (data-collected): add clarification for request query
string
---
.../apple/common/data-management/data-collected.mdx | 6 ++++++
.../dart/common/data-management/data-collected.mdx | 2 ++
.../dart/guides/flutter/data-management/data-collected.mdx | 2 ++
.../dotnet/common/data-management/data-collected.mdx | 2 ++
docs/platforms/go/common/data-management/data-collected.mdx | 2 ++
.../java/common/data-management/data-collected.mdx | 2 ++
.../common/data-management/data-collected/index.mdx | 2 ++
.../native/common/data-management/data-collected.mdx | 6 ++++++
.../platforms/php/common/data-management/data-collected.mdx | 2 ++
.../php/guides/laravel/data-management/data-collected.mdx | 2 ++
.../php/guides/symfony/data-management/data-collected.mdx | 2 ++
docs/platforms/python/data-management/data-collected.mdx | 2 ++
.../ruby/common/data-management/data-collected.mdx | 2 ++
13 files changed, 34 insertions(+)
diff --git a/docs/platforms/apple/common/data-management/data-collected.mdx b/docs/platforms/apple/common/data-management/data-collected.mdx
index a9ded0dea981b..9b58367a36076 100644
--- a/docs/platforms/apple/common/data-management/data-collected.mdx
+++ b/docs/platforms/apple/common/data-management/data-collected.mdx
@@ -34,6 +34,12 @@ Network breadcrumbs and HTTP Client Errors, both enabled by default, send a sani
When you enable tracing, which is disabled per default, network tracing sends a sanitized URL for outgoing HTTP requests.
+## Request Query String
+
+When tracing is enabled, the `http.query` span attribute captures the query string of outgoing HTTP requests and is **always sent to Sentry**. Depending on your application, this could contain PII data.
+
+Please note that `sendDefaultPii` is not considered for a request query string. We recommend utilizing your own redactions in `beforeSend` or similar hooks.
+
## Source Context
You can upload your source code to Sentry, which can then used to show the lines of code where an error happened in the Issue Details page, via the sentry-cli or the Sentry Fastlane plugin.
diff --git a/docs/platforms/dart/common/data-management/data-collected.mdx b/docs/platforms/dart/common/data-management/data-collected.mdx
index 31cb749320421..f5c71c1e01d85 100644
--- a/docs/platforms/dart/common/data-management/data-collected.mdx
+++ b/docs/platforms/dart/common/data-management/data-collected.mdx
@@ -36,6 +36,8 @@ The full request URL of outgoing and incoming HTTP requests is **always sent to
The full request query string of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data.
+Please note that `sendDefaultPii` is not considered for a request query string. We recommend utilizing your own redactions in `beforeSend` or similar hooks.
+
## Request Body
The request body of incoming HTTP requests can be sent to Sentry. Whether it's sent or not, depends on the type and size of request body as described below:
diff --git a/docs/platforms/dart/guides/flutter/data-management/data-collected.mdx b/docs/platforms/dart/guides/flutter/data-management/data-collected.mdx
index 6129e0ce1e4c9..f0f1a4d119719 100644
--- a/docs/platforms/dart/guides/flutter/data-management/data-collected.mdx
+++ b/docs/platforms/dart/guides/flutter/data-management/data-collected.mdx
@@ -36,6 +36,8 @@ The full request URL of outgoing and incoming HTTP requests is **always sent to
The full request query string of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data.
+Please note that `sendDefaultPii` is not considered for a request query string. We recommend utilizing your own redactions in `beforeSend` or similar hooks.
+
## Request Body
The request body of incoming HTTP requests can be sent to Sentry. Whether it's sent or not, depends on the type and size of request body as described below:
diff --git a/docs/platforms/dotnet/common/data-management/data-collected.mdx b/docs/platforms/dotnet/common/data-management/data-collected.mdx
index dc389452c5e06..cc86da6df5468 100644
--- a/docs/platforms/dotnet/common/data-management/data-collected.mdx
+++ b/docs/platforms/dotnet/common/data-management/data-collected.mdx
@@ -50,6 +50,8 @@ Depending on your application, this could contain PII data.
The full request query string of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data.
+Please note that `SendDefaultPii` is not considered for a request query string. We recommend utilizing your own redactions in `BeforeSend` or similar hooks.
+
## Request Body
diff --git a/docs/platforms/go/common/data-management/data-collected.mdx b/docs/platforms/go/common/data-management/data-collected.mdx
index f28cfaf83cb85..b81e93a56cc1c 100644
--- a/docs/platforms/go/common/data-management/data-collected.mdx
+++ b/docs/platforms/go/common/data-management/data-collected.mdx
@@ -35,3 +35,5 @@ The full request URL of incoming HTTP requests is **always sent to Sentry**. Dep
## Request Query String
The full request query string of incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data.
+
+Please note that `SendDefaultPII` is not considered for a request query string. We recommend utilizing your own redactions in `BeforeSend` or similar hooks.
diff --git a/docs/platforms/java/common/data-management/data-collected.mdx b/docs/platforms/java/common/data-management/data-collected.mdx
index 7b89882bfa0b2..378b58752514c 100644
--- a/docs/platforms/java/common/data-management/data-collected.mdx
+++ b/docs/platforms/java/common/data-management/data-collected.mdx
@@ -50,6 +50,8 @@ The full request URL of outgoing and incoming HTTP requests is **always sent to
The full request query string of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data.
+Please note that `sendDefaultPii` is not considered for a request query string. We recommend utilizing your own redactions in `beforeSend` or similar hooks.
+
## Request Body
The request body of incoming HTTP requests can be sent to Sentry. Whether it's sent or not, depends on the type and size of request body as described below:
diff --git a/docs/platforms/javascript/common/data-management/data-collected/index.mdx b/docs/platforms/javascript/common/data-management/data-collected/index.mdx
index 4cfc8c4fdaa10..5901722f8a1a1 100644
--- a/docs/platforms/javascript/common/data-management/data-collected/index.mdx
+++ b/docs/platforms/javascript/common/data-management/data-collected/index.mdx
@@ -50,6 +50,8 @@ The full request query string of outgoing and incoming HTTP requests is **always
However, Sentry has some default [server-side data scrubbing](/security-legal-pii/scrubbing/server-side-scrubbing/) in place to remove sensitive data from the query string. For example, the `apiKey` and `token` query parameters are removed by default.
+Please note that `sendDefaultPii` is not considered for a request query string. We recommend utilizing your own redactions in `beforeSend` or similar hooks.
+
## Request Body
By default, Sentry sends the size of the body content of incoming HTTP requests. This is inferred from the `content-length` header. Sentry does not send the request body itself on the client-side.
diff --git a/docs/platforms/native/common/data-management/data-collected.mdx b/docs/platforms/native/common/data-management/data-collected.mdx
index e6ef56a35fbaa..94da364fc75ae 100644
--- a/docs/platforms/native/common/data-management/data-collected.mdx
+++ b/docs/platforms/native/common/data-management/data-collected.mdx
@@ -18,3 +18,9 @@ At the time of a crash, the stack of each thread is collected and sent to Sentry
These files are not stored by default, but you can [enable Minidump Storage](/platforms/native/guides/minidumps/enriching-events/attachments/#store-minidumps-as-attachments) in the Sentry organization or project settings.
The `inproc` backend stack walks solely in the client and thus only sends the resulting stack traces.
+
+## Request Query String
+
+The `url.query` span attribute captures the query string of HTTP requests and is **always sent to Sentry** when HTTP tracing is enabled. Depending on your application, this could contain PII data.
+
+We recommend utilizing your own redactions in the `before_send` callback or similar hooks to scrub sensitive query string data before it is sent to Sentry.
diff --git a/docs/platforms/php/common/data-management/data-collected.mdx b/docs/platforms/php/common/data-management/data-collected.mdx
index a118996a8ff77..ae814c09b8cdf 100644
--- a/docs/platforms/php/common/data-management/data-collected.mdx
+++ b/docs/platforms/php/common/data-management/data-collected.mdx
@@ -34,6 +34,8 @@ The full request URL of outgoing and incoming HTTP requests is **always sent to
The full request query string of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data.
+Please note that `send_default_pii` is not considered for a request query string. We recommend utilizing your own redactions in `before_send` or similar hooks.
+
## Request Body
The request body of incoming HTTP requests can be sent to Sentry. Whether it's sent or not, depends on the type and size of request body as described below:
diff --git a/docs/platforms/php/guides/laravel/data-management/data-collected.mdx b/docs/platforms/php/guides/laravel/data-management/data-collected.mdx
index 92c5754fe0140..49436e70b3c98 100644
--- a/docs/platforms/php/guides/laravel/data-management/data-collected.mdx
+++ b/docs/platforms/php/guides/laravel/data-management/data-collected.mdx
@@ -41,6 +41,8 @@ The full request URL of outgoing and incoming HTTP requests is **always sent to
The full request query string of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data.
+Please note that `send_default_pii` is not considered for a request query string. We recommend utilizing your own redactions in `before_send` or similar hooks.
+
## Request Body
The request body of incoming HTTP requests can be sent to Sentry. Whether it's sent or not, depends on the type and size of request body as described below:
diff --git a/docs/platforms/php/guides/symfony/data-management/data-collected.mdx b/docs/platforms/php/guides/symfony/data-management/data-collected.mdx
index 88ad6bd94ef4c..eeb6515be1de1 100644
--- a/docs/platforms/php/guides/symfony/data-management/data-collected.mdx
+++ b/docs/platforms/php/guides/symfony/data-management/data-collected.mdx
@@ -41,6 +41,8 @@ The full request URL of outgoing and incoming HTTP requests is **always sent to
The full request query string of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data.
+Please note that `send_default_pii` is not considered for a request query string. We recommend utilizing your own redactions in `before_send` or similar hooks.
+
## Request Body
The request body of incoming HTTP requests can be sent to Sentry. Whether it's sent or not, depends on the type and size of request body as described below:
diff --git a/docs/platforms/python/data-management/data-collected.mdx b/docs/platforms/python/data-management/data-collected.mdx
index b271e1e9a65e2..607803e57a4f7 100644
--- a/docs/platforms/python/data-management/data-collected.mdx
+++ b/docs/platforms/python/data-management/data-collected.mdx
@@ -44,6 +44,8 @@ The full request URL of outgoing and incoming HTTP requests is **always sent to
The full request query string of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data.
+Please note that `send_default_pii` is not considered for a request query string. We recommend utilizing your own redactions in `before_send` or similar hooks.
+
## Request Body
The request body of incoming HTTP requests can be sent to Sentry. Whether it's sent or not, depends on the type and size of request body as described below:
diff --git a/docs/platforms/ruby/common/data-management/data-collected.mdx b/docs/platforms/ruby/common/data-management/data-collected.mdx
index bd957d54e508c..d2baebe61de1b 100644
--- a/docs/platforms/ruby/common/data-management/data-collected.mdx
+++ b/docs/platforms/ruby/common/data-management/data-collected.mdx
@@ -34,6 +34,8 @@ The request URL (without query string) of outgoing and incoming HTTP requests is
The query string of outgoing and incoming HTTP requests is only sent to Sentry if `send_default_pii = true` since they could potentially contain PII data (such as auth tokens).
+Please note that `send_default_pii` is not considered for a request query string in span attributes. We recommend utilizing your own redactions in `before_send` or similar hooks.
+
## Request Body
The request body of incoming HTTP requests is sent to Sentry only if `send_default_pii = true`.
From 659217e37df429061ca3906c9b5bee2373eec472 Mon Sep 17 00:00:00 2001
From: geoffg-sentry <165922362+geoffg-sentry@users.noreply.github.com>
Date: Wed, 13 May 2026 14:10:14 -0400
Subject: [PATCH 2/4] add a lil more
---
docs/platforms/native/common/data-management/data-collected.mdx | 2 +-
docs/platforms/ruby/common/data-management/data-collected.mdx | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/platforms/native/common/data-management/data-collected.mdx b/docs/platforms/native/common/data-management/data-collected.mdx
index 94da364fc75ae..1d710e8bdc3d2 100644
--- a/docs/platforms/native/common/data-management/data-collected.mdx
+++ b/docs/platforms/native/common/data-management/data-collected.mdx
@@ -23,4 +23,4 @@ The `inproc` backend stack walks solely in the client and thus only sends the re
The `url.query` span attribute captures the query string of HTTP requests and is **always sent to Sentry** when HTTP tracing is enabled. Depending on your application, this could contain PII data.
-We recommend utilizing your own redactions in the `before_send` callback or similar hooks to scrub sensitive query string data before it is sent to Sentry.
+Please note that there is no PII flag that gates the request query string. We recommend utilizing your own redactions in the `before_send` callback or similar hooks.
diff --git a/docs/platforms/ruby/common/data-management/data-collected.mdx b/docs/platforms/ruby/common/data-management/data-collected.mdx
index d2baebe61de1b..a3d0d0602d195 100644
--- a/docs/platforms/ruby/common/data-management/data-collected.mdx
+++ b/docs/platforms/ruby/common/data-management/data-collected.mdx
@@ -34,7 +34,7 @@ The request URL (without query string) of outgoing and incoming HTTP requests is
The query string of outgoing and incoming HTTP requests is only sent to Sentry if `send_default_pii = true` since they could potentially contain PII data (such as auth tokens).
-Please note that `send_default_pii` is not considered for a request query string in span attributes. We recommend utilizing your own redactions in `before_send` or similar hooks.
+Please note that `send_default_pii` is not considered for a request query string. We recommend utilizing your own redactions in `before_send` or similar hooks.
## Request Body
From a1041853cfa0b5d23b56a24fdfe7572b287a5042 Mon Sep 17 00:00:00 2001
From: geoffg-sentry <165922362+geoffg-sentry@users.noreply.github.com>
Date: Wed, 13 May 2026 15:25:58 -0400
Subject: [PATCH 3/4] remove ruby, irrelevant
---
docs/platforms/ruby/common/data-management/data-collected.mdx | 2 --
1 file changed, 2 deletions(-)
diff --git a/docs/platforms/ruby/common/data-management/data-collected.mdx b/docs/platforms/ruby/common/data-management/data-collected.mdx
index a3d0d0602d195..bd957d54e508c 100644
--- a/docs/platforms/ruby/common/data-management/data-collected.mdx
+++ b/docs/platforms/ruby/common/data-management/data-collected.mdx
@@ -34,8 +34,6 @@ The request URL (without query string) of outgoing and incoming HTTP requests is
The query string of outgoing and incoming HTTP requests is only sent to Sentry if `send_default_pii = true` since they could potentially contain PII data (such as auth tokens).
-Please note that `send_default_pii` is not considered for a request query string. We recommend utilizing your own redactions in `before_send` or similar hooks.
-
## Request Body
The request body of incoming HTTP requests is sent to Sentry only if `send_default_pii = true`.
From 5fb8b43b75392d05658effe9bbd069e8b1571dab Mon Sep 17 00:00:00 2001
From: geoffg-sentry <165922362+geoffg-sentry@users.noreply.github.com>
Date: Wed, 13 May 2026 15:33:56 -0400
Subject: [PATCH 4/4] fix the dead link
---
docs/platforms/apple/common/data-management/data-collected.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/platforms/apple/common/data-management/data-collected.mdx b/docs/platforms/apple/common/data-management/data-collected.mdx
index 9b58367a36076..fbd87db0692a3 100644
--- a/docs/platforms/apple/common/data-management/data-collected.mdx
+++ b/docs/platforms/apple/common/data-management/data-collected.mdx
@@ -18,7 +18,7 @@ The category types and amount of data collected vary, depending on the integrati
## HTTP Headers
-The HTTP Client Errors, which are enabled by default, send the HTTP headers of the failed request and response to Sentry. The SDK uses a [denylist](https://github.com/getsentry/sentry-cocoa/blob/main/Sources/Swift/Tools/HTTPHeaderSanitizer.swift) to filter out any headers that contain sensitive data.
+The HTTP Client Errors, which are enabled by default, send the HTTP headers of the failed request and response to Sentry. The SDK uses a [denylist](https://github.com/getsentry/sentry-cocoa/blob/main/Sources/Swift/Core/Tools/HTTPHeaderSanitizer.swift) to filter out any headers that contain sensitive data.
## Users' IP Addresses