Configuration

HAR File Scrubbing

The Securely Jira app allows configuring scrubbing of HAR files to remove sensitive information. By default, the app will scrub portions of HAR data including cookies, credentials, and parameters. You can enable more aggressive scrubbing to remove entire elements from the HAR file.

Getting to the Configuration Page

The aggressive HAR scrubbing options can be configured in the app configuration screen which is found in the Securely Config within the Admin Apps portion of Jira.

Configuration

We designed the app to allow a user to configure any category in one of the two following ways:

  • Delete everything EXCEPT thing

    • To do this, you will want to enable the toggle, and then set the specific item list below.

  • Only delete thing

    • To do this, you will want to disable the toggle, and then set the specific item list below.

Remove all request headers

Enabling this will strip all HTTP headers from requests and responses in the HAR file. This removes potentially sensitive metadata like authorization, user agent, etc.

Remove all response headers

Enabling this will strip all HTTP headers from requests and responses in the HAR file. This removes potentially sensitive metadata like authorization, user agent, etc.

Remove all cookies

This will remove all cookies from the HAR file, eliminating any session or tracking cookies.

Remove all query arguments

The query string portion of URLs contains key-value parameters. This option will strip the entire query string from URLs in the HAR file.

Remove all POST parameters

POST request bodies contain parameters sent to the server. This option removes all POST body parameters from the HAR file.

Remove the whole response body

The response body often contains the bulk of the data returned by a request, including HTML, JSON, XML, or other formats. Removing it can prevent sensitive data exposure, particularly in responses that include user or application data. If you choose to retain it, you can delete some responses by choosing which MIME types to delete. These MIME types describe the format of request and response bodies.

Defaults

If you want to reset the configuration to the default settings, please click the Reset All Settings to Defaults button in the upper right of the page.

Considerations

Some settings may be a bit conflicting. For example, if you enable scrubbing all request headers, this will also delete all cookies. We do not currently dynamically reflect this kind of thing in the UI.

Aggressive scrubbing can remove details needed for troubleshooting. Consider if removing entire elements like headers or cookies will make the HAR file less useful for debugging.

Scrubbing MIME types and POST parameters disguises the resources and actions being performed. This may reduce the HAR file's value if those details are needed for analysis.

As always, understand your data sensitivity policies when sharing HAR files. The aggressive options increase scrubbing to hide more potentially sensitive request and response details.

Last updated