diff --git a/instrumentation-client.ts b/instrumentation-client.ts
index 4f3c5e367..b6283f4e3 100644
--- a/instrumentation-client.ts
+++ b/instrumentation-client.ts
@@ -1,5 +1,37 @@
 import posthog from 'posthog-js'
 
+/**
+ * Strips sensitive parameters from URLs before sending to PostHog.
+ * Claim link passwords (p=) in hash fragments could be used to steal funds.
+ * Also strips from query params and referrer as defense-in-depth.
+ */
+function sanitizeUrl(url: string): string {
+    if (!url) return url
+    try {
+        const parsed = new URL(url, window.location.origin)
+        // Strip 'p' from hash fragment (claim link password)
+        if (parsed.hash) {
+            const hashContent = parsed.hash.slice(1) // remove leading #
+            const hashParams = new URLSearchParams(hashContent)
+            if (hashParams.has('p')) {
+                hashParams.set('p', 'REDACTED')
+                parsed.hash = '#' + hashParams.toString()
+            }
+        }
+        // Defense-in-depth: also strip from query params
+        if (parsed.searchParams.has('p')) {
+            parsed.searchParams.set('p', 'REDACTED')
+        }
+        return parsed.toString()
+    } catch {
+        // Fallback regex if URL parsing fails
+        return url.replace(/([#?&])p=[^&#]*/g, '$1p=REDACTED')
+    }
+}
+
+/** URL property keys that PostHog may capture */
+const URL_PROPERTIES = ['$current_url', '$pathname', '$referrer', '$initial_referrer'] as const
+
 if (typeof window !== 'undefined' && process.env.NODE_ENV !== 'development') {
     posthog.init(process.env.NEXT_PUBLIC_POSTHOG_KEY!, {
         api_host: '/ingest',
@@ -8,5 +40,13 @@ if (typeof window !== 'undefined' && process.env.NODE_ENV !== 'development') {
         capture_pageview: true,
         capture_pageleave: true,
         autocapture: true,
+        sanitize_properties: (properties, _event) => {
+            for (const key of URL_PROPERTIES) {
+                if (typeof properties[key] === 'string') {
+                    properties[key] = sanitizeUrl(properties[key])
+                }
+            }
+            return properties
+        },
     })
 }
diff --git a/src/content b/src/content
index 1741a4f2c..e74450380 160000
--- a/src/content
+++ b/src/content
@@ -1 +1 @@
-Subproject commit 1741a4f2cb356e39e081f3bdcaac557f154926a8
+Subproject commit e744503800584b7007b2b5193907e44f2c9b0609