Open Bug 1639285 Opened 4 months ago Updated 4 months ago

Optionally sanitize/redact PII from exported HAR


(DevTools :: Netmonitor, enhancement, P3)



(Not tracked)


(Reporter: Harald, Unassigned)


(Blocks 1 open bug)


User Story

When export HAR files for filing bugs, I want to be able to remove any PII (like phone numbers, credit cards, or emails), so that I can safely share them.


The thread discusses redacting known PII formats.

The idea overlaps with the Profiler's build-in profile sanitization, so we can maybe share parts of the interface or backend.

Greg, where I can see the code that sanitizes the profiler data?


Flags: needinfo?(gtatum)

Not sure if this is the best way forward, as it radically removes any URL. HAR files without URLs are probably not as useful. Something like can redact more fine-grained, but security should be consulted on best practices.

UX must communicate that HAR files should be only shared with trusted parties – HAR files inherently contain some level of PII with the URLs they mention.

You need to log in before you can comment on or make changes to this bug.