Facebook Pixel + Conversion Page + Query Strings = Violating Personal Data


I have an application form, with a confirmation page. I pass the email & name using query strings.



I do this for multiple reasons, including personalizing the confirmation page with the applicant’s name “Thanks, Jayson!” and some other custom reporting.

I know this might seem unethical, but I fully control the website and the only third-party scripts are Facebook and Google Analytics.

Recent Facebook pixel warning:

Potentially violating personal data has been detected. This data may not comply with Facebook’s terms and policies… This issue may impact the performance of any ads optimizing on affected events, including those used in Custom Audiences or custom conversions.

We detected First Name data that appeared as first_name coming from your Lead events in the URL Query Parameter.

I have ideas:

Are there any hooks to base64_encode only the query string portion on the URL? I don’t want to encode the form entry, only the query string.


Pass the entry id through a query string then retrieve the entry and store names in variables to personalize the confirmation page. It works, but curious if there are any 'security issues.

Any suggestions?