Skip to content

Commit ff5f15f

Browse files
pkaedingclaude
andcommitted
[SEC-7656] Add Set-Cookie to default redacted headers
Fixes SEC-7656. The Set-Cookie response header can contain session cookies and should be redacted by default to prevent session hijacking. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1 parent 5608f00 commit ff5f15f

1 file changed

Lines changed: 1 addition & 0 deletions

File tree

sdk/highlight-run/src/client/listeners/network-listener/utils/network-sanitizer.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ const SENSITIVE_HEADERS = [
5555
'authorization',
5656
'cookie',
5757
'proxy-authorization',
58+
'set-cookie',
5859
'token',
5960
]
6061

0 commit comments

Comments
 (0)