Skip to main content

Masking HTTP Headers

Beeceptor introduces the feature of HTTP header masking, exclusively available with our enterprise plans. This capability empowers organization administrators to enhance security by specifying headers that should be consistently masked across the platform.


This feature is available with the Enterprise plan.

Setting Up Header Masking

As an organization admin, you have the authority to define a list of HTTP headers that require masking. Once configured, these headers are automatically masked in all locations where they are displayed (for all users) or stored within Beeceptor. A prime example of an HTTP header suitable for masking is Authorization.

Steps to Configure HTTP Header Masking

Configuration of this feature is restricted to organization admins and can be completed by following these steps.

  1. Navigate to Manage Organization.
  2. Click on Settings tab.
  3. Scroll down to HTTP Header Masking section.
  4. Here, you can add one or more HTTP headers to be masked.

HTTP headers masking in Beeceptor

Note: Beeceptor treats HTTP header names as case-insensitive.

Example Of A Masked Header

HTTP headers masked in dashboard

The screenshot demonstrates the masking of the 'Authorization' header, as displayed in the request log.

Benefits of HTTP Header Masking

As an organization admin, enabling this feature provides direct benefits, including:

  • Enhanced Security: By masking headers, sensitive information such as authentication tokens, session IDs, and other confidential data is concealed, reducing the likelihood of unauthorized access or data breaches.
  • Compliance: Consistently masking headers across all interfaces ensures that compliance with data protection regulations is maintained, as sensitive information is not exposed inadvertently.
  • Reduced Risk of Data Leakage: Masking headers at the source ensures that sensitive data is not logged or stored in an unsecured manner, thereby reducing the risk of data leakage through logs or other data stores.