Preset registry

Rule Packs

Open HAR Sanitizer with shared presets preloaded via URL so teams redact consistently.

Search presets

Category

Sort

Showing 24 of 24 packs

AWS

Targets AWS temporary credentials and session tokens used in support traces.

Cloud · v1.2.0 · updated 2026-02-25 · @core-team

Open with this pack →

Headers: x-amz-security-token, x-aws-ec2-metadata-token, x-amz-content-sha256

Keys: aws_access_key_id, aws_secret_access_key, session_token, secret_access_key, client_secret

Max body: 200 KB

Stripe / Webhooks

Redacts Stripe webhook signatures and related secret keys.

Payments · v1.2.0 · updated 2026-02-25 · @core-team

Open with this pack →

Headers: stripe-signature, x-stripe-signature

Keys: webhook_secret, stripe_signature, stripe_secret_key, client_secret, api_key

Max body: 200 KB

Cloudflare / Access

Masks Cloudflare Access headers and common tokens while keeping HAR readable.

Cloud · v1.1.0 · updated 2026-02-24 · @core-team

Open with this pack →

Headers: cf-access-jwt-assertion, cf-access-client-secret, cf-access-client-id

Keys: cf_access_client_secret, client_secret, access_token, id_token, jwt

Max body: 200 KB

GitHub / Actions

Covers GitHub PATs, Actions tokens, and webhook signatures.

DevOps · v1.0.0 · updated 2026-02-24 · @community

Open with this pack →

Headers: authorization, x-github-token, x-hub-signature-256

Keys: github_token, github_pat, gh_token, personal_access_token, webhook_secret

Max body: 180 KB

Slack / Webhooks

Masks Slack bot tokens, signing secrets, and webhook fields.

Comms · v1.0.0 · updated 2026-02-24 · @community

Open with this pack →

Headers: authorization, x-slack-signature, x-slack-request-timestamp

Keys: slack_token, bot_token, app_token, signing_secret, webhook_secret

Max body: 180 KB

Sentry

Sanitizes Sentry auth headers and DSN-related keys.

Observability · v1.0.0 · updated 2026-02-22 · @community

Open with this pack →

Headers: x-sentry-auth, authorization

Keys: sentry_dsn, auth_token, sentry_auth_token, client_secret

Max body: 220 KB

Datadog

Redacts Datadog API/application keys and intake headers.

Observability · v1.0.0 · updated 2026-02-22 · @community

Open with this pack →

Headers: dd-api-key, datadog-api-key, authorization

Keys: dd_api_key, datadog_api_key, datadog_app_key, api_key

Max body: 220 KB

Twilio

Covers Twilio auth tokens and webhook signature headers.

Comms · v1.0.0 · updated 2026-02-22 · @community

Open with this pack →

Headers: x-twilio-signature, authorization

Keys: account_sid, auth_token, twilio_auth_token, client_secret

Max body: 180 KB

SendGrid

Masks SendGrid API keys and webhook verification fields.

Comms · v1.0.0 · updated 2026-02-22 · @community

Open with this pack →

Headers: x-sendgrid-api-key, authorization

Keys: sendgrid_api_key, sg_api_key, webhook_secret, api_key

Max body: 180 KB

Okta

Redacts Okta API tokens and OAuth secrets.

Auth · v1.0.0 · updated 2026-02-21 · @community

Open with this pack →

Headers: authorization, x-okta-request-id

Keys: okta_api_token, client_secret, access_token, refresh_token

Max body: 200 KB

Auth0

Targets Auth0 client credentials and refresh tokens.

Auth · v1.0.0 · updated 2026-02-21 · @community

Open with this pack →

Headers: authorization, x-auth0-client

Keys: auth0_client_secret, client_secret, refresh_token, access_token

Max body: 200 KB

Firebase / Google Cloud

Masks Firebase service account and Google OAuth token fields.

Cloud · v1.0.0 · updated 2026-02-21 · @community

Open with this pack →

Headers: authorization, x-goog-api-key

Keys: private_key, private_key_id, client_email, api_key, refresh_token

Max body: 220 KB

Azure

Covers Azure SAS tokens, storage keys, and client secrets.

Cloud · v1.0.0 · updated 2026-02-21 · @community

Open with this pack →

Headers: authorization, x-ms-version, x-ms-date

Keys: azure_storage_key, sas_token, client_secret, tenant_id, access_token

Max body: 220 KB

Supabase

Redacts Supabase anon/service role keys and JWT-bearing headers.

Databases · v1.0.0 · updated 2026-02-21 · @community

Open with this pack →

Headers: apikey, authorization, x-client-info

Keys: supabase_key, service_role_key, anon_key, jwt, refresh_token

Max body: 180 KB

Postgres / DB Dumps

Focuses on DB credentials and connection string style secrets.

Databases · v1.0.0 · updated 2026-02-21 · @community

Open with this pack →

Headers: authorization

Keys: database_url, db_password, postgres_password, connection_string, secret

Max body: 260 KB

Kubernetes / k8s

Sanitizes kubeconfig tokens and cluster credential blobs.

DevOps · v1.0.0 · updated 2026-02-21 · @community

Open with this pack →

Headers: authorization

Keys: kubeconfig, token, client_certificate_data, client_key_data, bearer_token

Max body: 260 KB

Docker Registry

Redacts registry auth payloads and robot account credentials.

DevOps · v1.0.0 · updated 2026-02-20 · @community

Open with this pack →

Headers: authorization, x-registry-auth

Keys: registry_token, docker_auth, password, refresh_token, client_secret

Max body: 180 KB

Segment

Masks Segment write keys and tracking payload token fields.

Observability · v1.0.0 · updated 2026-02-20 · @community

Open with this pack →

Headers: authorization

Keys: write_key, segment_write_key, api_key, token, client_secret

Max body: 180 KB

Mixpanel

Redacts Mixpanel project tokens and API secret fields.

Observability · v1.0.0 · updated 2026-02-20 · @community

Open with this pack →

Headers: authorization

Keys: mixpanel_token, api_secret, project_token, client_secret, token

Max body: 180 KB

OpenAI

Sanitizes OpenAI API key fields while preserving debugging context.

Generic · v1.0.0 · updated 2026-02-20 · @community

Open with this pack →

Headers: authorization, openai-organization

Keys: openai_api_key, api_key, organization, project, client_secret

Max body: 180 KB

Anthropic

Masks Anthropic API keys and workspace credential fields.

Generic · v1.0.0 · updated 2026-02-20 · @community

Open with this pack →

Headers: x-api-key, anthropic-version

Keys: anthropic_api_key, api_key, workspace_key, client_secret, token

Max body: 180 KB

Generic SaaS OAuth

Broad preset for client secrets, refresh tokens, and webhook signatures.

Generic · v1.0.0 · updated 2026-02-20 · @community

Open with this pack →

Headers: authorization, x-api-key

Keys: client_secret, refresh_token, access_token, id_token, webhook_secret

Max body: 200 KB

Zapier / iPaaS

Protects automation logs by masking webhook secrets and app tokens.

Generic · v1.0.0 · updated 2026-02-20 · @community

Open with this pack →

Headers: authorization, x-zapier-signature

Keys: webhook_secret, app_token, api_key, refresh_token, client_secret

Max body: 180 KB

Shopify

Redacts Shopify admin tokens and webhook HMAC values in support traces.

Payments · v1.0.0 · updated 2026-02-20 · @community

Open with this pack →

Headers: x-shopify-hmac-sha256, x-shopify-access-token

Keys: shopify_access_token, api_key, api_secret, webhook_secret, client_secret

Max body: 190 KB

Need a pack for your stack? Submit one →

What this tool does

Rule Packs Gallery: Shareable redaction presets for the HAR sanitizer.

Rule packs preload redaction settings for common environments so teams sanitize HAR files consistently across incidents.

The gallery includes 23+ presets and a search filter so you can quickly open HAR Sanitizer with matching headers, keys, and size limits.

What we redact

Category	Examples	Replacement
Authorization headers	`Authorization` `Proxy-Authorization`	`[REDACTED:AUTH] / Bearer [REDACTED:BEARER] / Basic [REDACTED:BASIC]`
API key headers	`x-api-key` `x-rapidapi-key` `x-amz-security-token`	`[REDACTED:API_KEY]`
Token-like query params	`token` `access_token` `client_secret` `signature`	`[REDACTED:QP] / [REDACTED:PARAM]`
Custom headers/keys	`cf-access-jwt-assertion` `client_secret`	`[REDACTED:CUSTOM_HEADER] / [REDACTED:CUSTOM_KEY]`

Common use cases

Sharing consistent redaction rules across support teams.
Preloading cloud provider or vendor-specific rules.
Finding the right preset quickly with provider-focused search.
Keeping incident handoffs consistent and safe.
Reducing setup time for repeat sanitization workflows.

FAQ

Does this upload my logs anywhere?

Sanitization runs locally in your browser. Only anonymized analytics events (e.g., button clicks) may be sent if analytics is enabled; raw input/output is not transmitted by default.

What do rule packs change?

They prefill custom header names, JSON keys, and max body size limits in HAR Sanitizer.

How many presets are included?

The gallery ships with 23+ presets spanning AWS, Stripe, GitHub, Slack, Datadog, SendGrid, and other SaaS/debugging workflows.

Can I create my own pack?

Yes. Save your rules in HAR Sanitizer and share them as a rule pack link.

Popular search queries

redaction rule packs
share sanitizer rules
preload redaction settings
har sanitizer presets
standardize redaction rules
rules for support teams
incident response redaction rules
security redaction templates
custom header redaction list
custom key redaction list

More search queries

redaction rules for har
rule pack sharing link
sanitize presets for teams
common redaction patterns
support ticket redaction rules
vendor safe har rules
rule packs for api keys
rule packs for tokens
shared redaction profiles
redaction policy presets

Related tools & docs

Not legal advice and not a security guarantee. Always review sanitized output before sharing.