You can't avoid showing parameters using "get" unless you encrypt the URL value payloads and filter-decrypt on receipt. However, the usual method is to use POST for sensitive information with SSL around the packet transport (e.g. POST with HTTPS).
I'm gonna try to use POST method with HTTPS...
thx for your advices...