Query string dimension
The query string is the part of a URL after the '?': key-value parameters such as ?q=shoes&page=2. Analytics tools can surface it as a dimension, but it is double-edged — useful for understanding filters and search, dangerous for cardinality and privacy. This page explains how it is derived and how to handle it safely.
What this means
The query string is the component of a URL after the '?', made up of ampersand-separated key=value pairs. The browser exposes it as URL.search; analytics tools that store the full location can derive a query-string dimension or parse individual parameters into custom dimensions.
It is where structured request context lives: which filters were applied, which page of results, which internal search term. That makes it valuable when the parameters drive the content the visitor saw.
- Query string = parameters after '?', key=value pairs
- Exposed by the browser as URL.search
- Carries filters, pagination, and search context
Cardinality and privacy hazards
The same hazards that affect page_location concentrate in the query string: tracking parameters (utm_*, gclid) and session tokens explode cardinality and pollute reports without describing the page.
The privacy risk is sharper here. Query strings routinely carry search terms, order IDs, and sometimes personal identifiers. The safe pattern is an allowlist: keep the handful of parameters that genuinely matter (for example a site-search key), drop or hash everything else, and never store raw query strings that may contain personal data.
- Tracking params and tokens inflate cardinality
- Query strings can carry search terms and personal IDs
- Allowlist safe params; drop or hash the rest
How it appears in analytics and logs
A query string value reveals the parameters in play on a URL. A long tail of unique query values usually means tracking or session tokens leaked into the dimension and need stripping.
Diagnostic use case
Read query parameters when they change page content — site search, filters, pagination — while excluding tracking and personal parameters.
What WebmasterID can help detect
WebmasterID can parse and allowlist query parameters first-party, keeping useful ones (like search terms you choose to keep) and dropping tokens that carry personal data.
Common mistakes
- Storing raw query strings that include personal data.
- Letting tracking parameters bloat the dimension's cardinality.
- Treating every parameter as equally safe to report.
Privacy and accuracy notes
Query strings frequently contain search terms, email addresses, or IDs. Allowlist only safe parameters before storage and redact the rest. This is educational, not legal advice.
Related pages
- Page location (full URL) dimension
Page location is the complete URL of a page — scheme, host, path, and query string — captured by GA4 as page_location. It is more granular than page path and is the raw input from which path, hostname, and query dimensions are derived. This page explains its composition and why high cardinality demands normalization.
- Site search term dimension
The site search term dimension records the queries visitors type into your website's own search box — not what they searched on Google. GA4 captures it through the view_search_results event and a search_term parameter, typically read from a URL query string such as ?q=. It reveals intent in your own words, but it is distinct from external search keywords, which are largely '(not provided)'.
- Custom dimension
A custom dimension lets you report on an attribute GA4 does not collect by default — author, plan tier, content type — by registering an event or user parameter as a dimension. It must be defined before data flows, has event-scoped and user-scoped variants with quota limits, and is vulnerable to high cardinality: registering a near-unique value collapses reports into '(other)' and can edge toward identifying users.
- Privacy-first analytics
Allowlist query parameters and redact the rest.
Sources and verification notes
- MDN — URLSearchParamsDefines how query-string parameters are parsed.
- Google Analytics Help — [GA4] Exclude unwanted referrals / URL settingsBackground on managing URL/query handling in GA4.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.