Landing

Sanitize HAR Files for Vendor and Support Escalations

Clean HAR exports by masking credentials and sensitive payload fields while retaining request/response context.

Updated: 2026-02-24

Problem

HAR files are useful for reproducing issues, but they can contain cookies, API tokens, and sensitive request bodies.

Sending raw HAR files to vendors can increase compliance risk and slow down approvals.

HAR sanitizer applies rule-based masking to headers, params, and JSON keys while keeping trace structure intact.

You can also preload custom rules for cloud, vendor, or product-specific workflows.

Category	Examples	Replacement
Authorization headers	`Authorization` `Proxy-Authorization`	`[REDACTED:AUTH] / Bearer [REDACTED:BEARER] / Basic [REDACTED:BASIC]`
API key headers	`x-api-key` `x-rapidapi-key` `x-amz-security-token` `cf-access-jwt-assertion`	`[REDACTED:API_KEY]`
Cookie + Set-Cookie values	`Cookie: sessionid=...` `Set-Cookie: session=...`	`[REDACTED:COOKIE_VALUE]`
Token-like query params	`token` `access_token` `client_secret` `password` `signature` `session`	`[REDACTED:QP] / [REDACTED:PARAM]`
JSON keys with secrets	`authorization` `secret` `password` `api_key`	`[REDACTED:KEY]`
Custom headers/keys	`x-internal-token` `private_key`	`[REDACTED:CUSTOM_HEADER] / [REDACTED:CUSTOM_KEY]`
Large request/response bodies	`body exceeds max size`	`[REDACTED:SKIPPED_LARGE_TEXT]`

Yes. The tool keeps HAR structure and metadata while replacing sensitive values.

Yes. Rule packs and share links help teams reuse consistent sanitization settings.

If your support process depends on HAR exports, this page helps teams keep technical context without sharing secrets.