Open
Description
According to the specification - https://github.com/open-telemetry/semantic-conventions/blob/main/docs/http/http-spans.md, url.full MUST NOT contain credentials passed via URL in form of https://username:password@www.example.com/. In such case username and password SHOULD be redacted and attribute's value SHOULD be https://REDACTED:REDACTED@www.example.com/.
url.full SHOULD capture the absolute URL when it is available (or can be reconstructed).
Sensitive content provided in url.full SHOULD be scrubbed when instrumentations can identify it.
Query string values for the following keys SHOULD be redacted by default and replaced by the value REDACTED:
- [AWSAccessKeyId]
- [Signature]
- [sig]
- [X-Goog-Signature]
This list is subject to change over time.