Your security team is noticing that certain privacy-sensitive information such as the URL, HTTP Header...

The likely cause is that Redact HTTP Detection Details is enabled in the prevention policy. Falcon HTTP detections can include privacy-sensitive details such as URLs, raw HTTP headers, and POST bodies when that information is present and relevant to the detection. However, the prevention policy includes a privacy control that redacts these details before they are sent to the CrowdStrike cloud. The documentation states that enabling Redact HTTP Detection Details removes this sensitive HTTP detection data while still allowing HTTP detections to be generated. This means the detection itself can still appear, but the additional context is intentionally absent. Aggressive or cautious ML settings do not explain missing HTTP headers or POST body content. A perimeter firewall block would affect whether the communication occurs, not selectively redact detection details. If HTTP detections were never enabled, the issue would be absent detections, not detections with missing sensitive fields. Reference topics: Policy Application, Prevention Policy Settings, HTTP Detections, Redact HTTP Detection Details.