Free, browser-based utilities for everyday developer workflows

Sanitise a HAR File Before Sharing

Redact Authorization headers, cookies, and API keys from Chrome or Firefox HAR exports before handing them to support teams or filing bug reports.

Try it now

Open HAR Sanitizer & Replay Packager.

Try it now
When you need this
  • A vendor's support team asks for a HAR file to debug an API integration issue.
  • You want to attach network logs to a GitHub issue or Jira ticket without leaking session tokens.
  • A QA engineer is sharing a HAR recording with a third-party contractor.
  • You need to store HAR files in a shared repository or ticketing system safely.
How to do it with Daily Developer Tools
  • Export the HAR from Chrome DevTools: Network tab → right-click → Save all as HAR with content.
  • Open HAR Sanitizer & Replay Packager and load or paste the HAR JSON.
  • Review the list of detected sensitive headers (Authorization, Cookie, X-Api-Key, etc.).
  • Click Sanitise to replace values with [REDACTED] and download the cleaned HAR.
Tips / common pitfalls
  • HAR files can contain full request and response bodies including JSON payloads with PII. Review the body redaction options as well as headers.
  • If replaying the sanitised HAR, you will need to re-inject valid credentials — the sanitised file is for sharing, not reuse.
  • Large single-page apps can generate HAR files of 50 MB or more. The tool handles this in-browser without uploads.
  • Look for secrets in query parameters too, not just headers — some APIs pass tokens as ?access_token=....
Examples & test data

API request with bearer token

Open tool with this example
Input — HAR entry headers (excerpt)
{
  "name": "Authorization",
  "value": "Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyIn0.sig"
},
{
  "name": "Cookie",
  "value": "session=abc123xyz; _ga=GA1.1.123456"
},
{
  "name": "X-Api-Key",
  "value": "sk_live_abcdef1234567890"
}
After sanitisation
{
  "name": "Authorization",
  "value": "[REDACTED]"
},
{
  "name": "Cookie",
  "value": "[REDACTED]"
},
{
  "name": "X-Api-Key",
  "value": "[REDACTED]"
}
FAQ
What is a HAR file?

A HAR (HTTP Archive) file is a JSON log of all network requests captured by browser DevTools. It includes full request/response headers, cookies, bodies, and timings — making it useful for debugging but risky to share without redaction.

What gets redacted?

By default: Authorization, Cookie, Set-Cookie, X-Api-Key, X-Auth-Token, and other common secret header names. You can customise the list and also choose to redact request/response bodies.

Can I replay the sanitised file?

Use the Replay Packager to convert the HAR into cURL commands or a Postman collection. You will need to inject your own valid credentials before replaying, as the sanitised file has tokens replaced with [REDACTED].

How do I export a HAR from Chrome?

Open DevTools (F12 or Ctrl+Shift+I), select the Network tab, reproduce the issue, then right-click any request row and choose "Save all as HAR with content". The file downloads to your default folder.

Related tools
HTTP Headers Parser & Builder cURL Converter JWT Decoder JSON Formatter

i Privacy-first: runs locally in your browser. No uploads.

How to sanitise a HAR file before sharing

Load or paste the HAR JSON, review the flagged sensitive headers, choose which categories to redact, and click Sanitise. The tool replaces secret values with [REDACTED] and lets you download the cleaned file immediately.

Common use cases

Support engineers use this as a standard step before attaching HAR files to vendor tickets, ensuring session cookies and API keys are not leaked. Developers use it to safely share network traces in bug reports or pull request comments. Security teams mandate it as part of incident response documentation workflows.

Why run this in your browser?

All processing happens locally in your browser. Your data never leaves your machine, making it safe for sensitive payloads, internal API responses, and confidential configurations.