Web browser – what part of this request can be logged?

I noticed strange behavior when testing a website. When the password is reset, a POST request with blank text is generated. The request is as follows:

POST /reset/token/[token]/passwhord-hash

Now my question is: If Google or a third party intercepts this request, can it also log the password hash and reset the token?