diff --git a/src/main/java/org/owasp/webgoat/session/ParameterParser.java b/src/main/java/org/owasp/webgoat/session/ParameterParser.java
index ba0e19ae7..6d64f1024 100644
--- a/src/main/java/org/owasp/webgoat/session/ParameterParser.java
+++ b/src/main/java/org/owasp/webgoat/session/ParameterParser.java
@@ -41,7 +41,7 @@ import org.owasp.webgoat.util.HtmlEncoder;
 public class ParameterParser
 {
 
-	private final static String ALLOWED_CHARACTERS = "$()-?.@!,:;=//+"; // Don't
+	private final static String ALLOWED_CHARACTERS = "_$()-?.@!,:;=//+"; // Don't
 	// allow
 	// #&
 	// specifically