password, username, zip zipcode,plz,email,name,lastname,firstname,billing,login,pass, orderid, ...
In Heatmaps plugin we have around 160 search keywords that we can use. Of course we wouldn't want to break any existing installation and we'd need to see how much it impacts performance to exclude that many URL parameters and would need to make it more efficient if needed... (the
If we were to put them in the config or "Global list of Query URL parameters to exclude" then this might be quite a long list. Could also add a new option that when enabled adds these parameters on demand.
That PII is collected by accident without realising is otherwise a big risk for users.