Frequently asked questions

No. All sanitization runs entirely in your browser. Your logs, HAR files, and cURL commands are never sent to our servers. You can verify this by inspecting network traffic in DevTools; no payload is transmitted on sanitize.

Common patterns include Authorization headers, Bearer tokens, API keys, cookies, JWT tokens, email addresses, IPv4 addresses, payment card-like values, AWS credentials, and database connection strings. You can also add custom header names and JSON key names via Rule Packs for provider-specific fields.

No. Automated matching covers common patterns but can miss custom or obfuscated secret formats. Always review the sanitized output and the Redaction Report before sharing externally. The tool provides Review Warnings to flag potential leftovers.

• HAR Sanitizer: .har and .json files
• cURL Sanitizer: cURL command strings (paste or type)
• Log Sanitizer: plain text, JSON logs, structured log output

You can paste content directly or upload files via the upload button.

Yes. Use Rule Packs to save custom header names and JSON keys, then export a rules JSON file or generate a share link. Your teammates can import the rules file or open the share link to apply the same configuration instantly.

The Copy dropdown lets you export sanitized output formatted for: GitHub Issues, Zendesk tickets, Slack messages, Jira comments, Linear issues, and Notion pages. You can also download a Markdown incident handoff bundle.

No. All core tools are available without sign-up or login. Custom presets and rules are stored in your browser's localStorage; nothing is sent to our servers.

Use the Contact page or the Contribute workflow to submit examples (with fake data only; never real secrets). Security-impacting corrections are prioritized and documented in the public changelog.