How to prevent logging Authorization header when using http-debug?

Hi everyone,

Is there a way to prevent http-debug from logging authorization headers? From what I can find it appears to be an all-or-nothing ordeal.

Thank you!

There isn’t one, sorry. --http-debug is meant for local debugging of your script, usually with 1 VU. Sometimes you may need to investigate precisely the values of authorization or other security-sensitive headers…

If you want partial logging, I suggest writing a small wrapper around the k6 HTTP API and using console.log() and parts of the Response object to only log the values you’re interested in: https://k6.io/docs/javascript-api/k6-http/response