HAR / Ticket-Safe Sanitizer

Upload HAR (or paste JSON/logs), redact secrets safely, and generate ticket-ready output. All processing runs locally in your browser.

Rule packs

Custom header names (comma-separated)

Custom JSON key / param names (comma-separated)

Max body size to sanitize (KB)

If too large, the body is replaced with [REDACTED:SKIPPED_LARGE_TEXT] and tracked in the report.

SaaS API Keys pack

No file selected

Input

Safe output

Redaction report

No redaction report yet.
Paste content and click Sanitize to see what gets masked.

Recommended Next Steps

Open Rule Packs

Apply vendor-specific redaction presets in one click.

Open

How to share logs safely

A practical workflow to share reproducible logs without leaking secrets.

Open

What we redact by default

Review built-in masks and placeholders before posting tickets.

Open

What this tool does

HAR / Ticket-Safe Sanitizer: Redact secrets inside HAR files while preserving request/response context.

This tool sanitizes HAR request/response headers, query params, cookies, and JSON bodies while keeping the trace structure intact.

It supports custom header/key rules and can share those rules via share links or rule packs.

What we redact

Category	Examples	Replacement
Authorization headers	`Authorization` `Proxy-Authorization`	`[REDACTED:AUTH] / Bearer [REDACTED:BEARER] / Basic [REDACTED:BASIC]`
API key headers	`x-api-key` `x-rapidapi-key` `x-amz-security-token` `cf-access-jwt-assertion`	`[REDACTED:API_KEY]`
Cookie + Set-Cookie values	`Cookie: sessionid=…` `Set-Cookie: session=…`	`[REDACTED:COOKIE_VALUE]`
Token-like query params	`token` `access_token` `client_secret` `password` `signature` `session`	`[REDACTED:QP] / [REDACTED:PARAM]`
JSON keys with secrets	`authorization` `secret` `password` `api_key`	`[REDACTED:KEY]`
Custom headers/keys	`x-internal-token` `private_key`	`[REDACTED:CUSTOM_HEADER] / [REDACTED:CUSTOM_KEY]`
Large request/response bodies	`Max body size limit`	`[REDACTED:SKIPPED_LARGE_TEXT]`

Common use cases

Sending a HAR to vendor support without leaking tokens.
Sharing incident traces with security review.
Standardizing redaction rules across teams.
Reducing risk when attaching HAR files to tickets.

FAQ

Does this upload my logs anywhere?

Sanitization runs locally in your browser. Only anonymized analytics events (e.g., button clicks) may be sent if analytics is enabled; raw input/output is not transmitted by default.

Does it preserve the HAR structure?

Yes. The sanitizer updates values in-place while keeping the HAR schema intact so traces remain usable.

Can I share rule presets with my team?

Yes. Use rule packs or share links to preload the same redaction rules for others.

Popular search queries

sanitize har file
redact har request headers
remove tokens from har
har file privacy safe
sanitize har for support
redact cookies in har
sanitize har query params
remove api keys from har
har sanitizer for incident
share har safely with vendor

More search queries

sanitize har request body
redact secrets in har
har file security checklist
sanitize har file locally
remove authorization from har
sanitize har response body
redact session tokens in har
har file for debugging safely
sanitize har for jira ticket
har sanitizer rules presets

Related tools & docs

Not legal advice and not a security guarantee. Always review sanitized output before sharing.