Add an option for dropping some headers from browser messages, from the har logs

[polarnik]

Feature/improvement

Summary

My web site use Authorization headers for all api requests. I would not like to save some headers into HAR or other data files. SiteSpeed v37.8.0 and Chrome-Har v1.0.1 don't have options for skipping specific headers and other sensitive filters:

• authorization
• cookie

Workaround 1

I'm getting a temporary token before the test, use the token for the test, and invalidate the token. My tokens are not actual as a result, but security filters don't know about tokens statuses. The security filters see the HTTP header Authorization in s3 and create an alert. I would not like to get the alerts. My workaround doesn't work well

Workaround 2

I'm thinking about getting browsertime.har.gz files from the s3 storage, removing some headers, and rewriting the browsertime.har.gz file in the storage. It will work well for existing data files.

Workaround 3

I can disable s3 options in sitespeed.io, sanitize har files, and upload all test results from my test pipeline into s3. It will work well for the new data files

[soulgalore]

I see, best case I would like to use a tool to remove those from the pipeline (like having a plugin that fixed it) something like https://har-sanitizer.pages.dev but a as CLI tool. Or maybe if you could give a regular expression in the CLI for all headers that would be stripped?