I see in the Security page [0] that you filter out headers that you think are PI... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Bilal_io on May 10, 2024 \| parent \| context \| favorite \| on: Show HN: A web debugger an ex-Cloudflare team has ... I see in the Security page [0] that you filter out headers that you think are PII or tokens. And I see that you're willing to receive feedback via email. I don't think this approach is scalable, for the main reason that sometimes we use custom headers to pass tokens. My suggestion is to have a setting that lists default headers you think should be obfuscated, and the user/team can remove and add to them as they like. 0. https://jam.dev/docs/product-features/dev-tools/security

irtefa on May 10, 2024 [–]

[disclosure: I work at Jam]

Yes! I think that's a great idea.

thedg on May 11, 2024 | [–]

+1 great idea!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact