Production debugging with sanitized cURL
Share reproducible requests without exposing credentials in support channels.
OpencURL / Header Sanitizer
Sanitize cURL commands and headers before sharing in tickets. Runs locally in your browser.
Input cURL / headers
Safe output
Redaction report
Run sanitize to see what changed.
Recommended Next Steps
What this tool does
cURL / Header Sanitizer: Sanitize cURL commands, headers, and query params before sharing tickets.
This tool redacts credentials, tokens, and personal data from pasted cURL commands or raw headers while preserving the request shape.
Use it to keep reproduction steps intact without leaking secrets to support, vendors, or issue trackers.
What we redact
| Category | Examples | Replacement |
|---|---|---|
| Authorization header | Authorization: Bearer …Authorization: Basic … | [REDACTED:AUTH] |
| API key headers | x-api-keyapi-key | [REDACTED:API_KEY] |
| Cookie header | Cookie: sessionid=… | [REDACTED:COOKIE] |
| Set-Cookie header | Set-Cookie: session=… | [REDACTED:SET_COOKIE] |
| Token-like query params | tokenaccess_tokenid_tokenapi_keysignaturesessionauth | [REDACTED:QP] |
| JWTs in text | eyJ... | [REDACTED:JWT] |
| Email addresses | user@example.com | [REDACTED:EMAIL] |
| IP addresses | 203.0.113.10 | [REDACTED:IP] |
| Card numbers (Luhn) | 4111 1111 1111 1111 | [REDACTED:CARD] |
| Bearer tokens inline | Bearer abc.def.ghi | Bearer [REDACTED:BEARER] |
Common use cases
- Sharing an API request with support without leaking keys.
- Posting a reproducible cURL in a GitHub issue safely.
- Escalating a vendor ticket with sanitized headers.
- Handing off incident context to another team.
- Redacting query tokens in copied URLs.
FAQ
Does this upload my logs anywhere?
Sanitization runs locally in your browser. Only anonymized analytics events (e.g., button clicks) may be sent if analytics is enabled; raw input/output is not transmitted by default.
Does it change the request structure?
No. It keeps the method, URL, and header structure intact so the request remains reproducible after redaction.
What should I review before sharing?
Scan the sanitized output for any business-specific secrets not covered by the defaults and remove them manually if needed.
Popular search queries
- sanitize curl command
- redact api keys in curl
- remove bearer token from curl
- mask authorization header
- strip cookies from curl
- sanitize curl for support ticket
- redact query params in url
- remove jwt from curl
- secure curl snippet sharing
- sanitize headers before sharing
More search queries
- redact api tokens in curl
- curl command privacy safe
- sanitize curl for github issue
- remove secret from curl command
- sanitize curl for vendor support
- mask cookies in curl request
- redact access token in curl
- clean curl command for incident
- sanitize curl log snippet
- safe curl example for support
Related tools & docs
- Tools hub
- Log / JSON sanitizer
- HAR sanitizer for request traces
- Guide: how to sanitize cURL
- What we redact by default
- Incident handoff checklist
- /lp/sanitize-curl-command/
- /docs/production-debugging-sanitized-curl
- /docs/how-to-share-logs-safely
- /docs/redaction-coverage
Not legal advice and not a security guarantee. Always review sanitized output before sharing.