Session replay redacts credential headers on responses too
posthog-js@1.391.7
1 enhancement1 fixThis release1 enhancementImprovements to existing features1 fixBug fixesAI-tallied from the release notes
1.391.7
Patch Changes
- #3914
dac4edbThanks @pauldambra! - Session replay network capture: redact credential-bearing headers on both request and response (previously only request), and match credential-shaped custom header names by substring (e.g.x-gist-encoded-user-token) in addition to the exact deny list - avoiding accidental capture of tokens/cookies in recordings. (2026-06-22)
Fetched June 22, 2026
