Looks like it only checks for authorization: redaction in the headers which is great, but continues to leak the authorization header in batched http calls for Google APIs
IOW, a fine start, but one should still actually check har files for stanzas that are relevant to your authn/authz situation before sharing them with anyone
IOW, a fine start, but one should still actually check har files for stanzas that are relevant to your authn/authz situation before sharing them with anyone