We understand sensitive information can be present in network requests, which is why Jam scans all network requests for any possible sensitive information including tokens, cookies and PII. We filter out these fields on the client side so they never reach Jam's servers.

We remove any potentially sensitive fields from request headers, and (if in JSON), request bodies. This is done prior to Jam creation, so the Jam data you see on the page (with the JAM_DOES_NOT_SAVE_SECRETS strings as the values of these headers) has already been filtered before leaving your laptop. It does not reach Jam's servers.

In the resulting Jam, you will see JAM_DOES_NOT_SAVE_SECRETS in place of any possible secret information.

We prefer to over-filter than under-filter and are taking the route of being overly cautious, so sometimes you will see information filtered out that probably should not have been. Please help us improve our filtering accuracy by sending your feedback to

Last updated