> For the complete documentation index, see [llms.txt](https://burp-ai-agent.six2dez.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://burp-ai-agent.six2dez.com/privacy-and-logging/privacy-modes.md). # Privacy Modes Privacy mode controls what request/response data can leave Burp when the extension calls AI backends or returns MCP tool output. Configure it in the **Privacy & Logging** tab in the Settings panel. {% hint style="info" %} Default is `BALANCED` — cookies and tokens are redacted automatically. Users who explicitly choose another mode keep their choice across sessions. {% endhint %} ## Mode Comparison | Mode | Cookies | Auth headers / Bearer / JWT / Basic / URL tokens | Hostnames | Typical Use | | ---------- | --------- | ------------------------------------------------ | --------------------------- | ------------------------------------------------------ | | `STRICT` | Stripped | Redacted | Anonymized (SHA-256 + salt) | Cloud backends with sensitive targets. | | `BALANCED` | Stripped | Redacted | Preserved | Default. Mixed workflows where host context is needed. | | `OFF` | Preserved | Preserved | Preserved | Controlled internal testing on local-only models. | ## Decision Guide ```mermaid flowchart TD Start[Choose privacy mode] Cloud{Using cloud backend?} Sensitive{Sensitive target or data?} NeedHost{Need real hostnames in model output?} Start --> Cloud Cloud -->|Yes| Sensitive Cloud -->|No| NeedHost Sensitive -->|Yes| Strict[Use STRICT] Sensitive -->|No| NeedHost NeedHost -->|Yes| Balanced[Use BALANCED] NeedHost -->|No| Strict Balanced --> Review[Review redaction behavior before sending prompts] Strict --> Review Review --> Off{Only in isolated internal test?} Off -->|Yes| OffMode[Use OFF temporarily] Off -->|No| Done[Keep selected mode] ``` ## What Changes in Practice ### STRICT * Hostnames are replaced with deterministic pseudonyms (salt-based SHA-256). * Auth/session tokens and URL query tokens are redacted. * Cookies are stripped. ### BALANCED * Hostnames stay visible. * Auth/session tokens and URL query tokens are redacted. * Cookies are stripped. ### OFF * Raw context is eligible for transmission. * No automatic redaction is applied. When you change Privacy Mode the **Privacy & Logging** tab surfaces an inline advisory banner that summarises the combined state (e.g. `OFF` with MCP on, `STRICT` with the active scanner on, external MCP without allowed origins). See [UI Tour → Advisory Banner (SubtleNotice)](/user-guide/ui-tour.md#advisory-banner-subtlenotice) for the level semantics. ## Patterns Redacted (STRICT and BALANCED) **Headers**: `Authorization`, `Proxy-Authorization`, `X-API-Key`, `API-Key`, `X-API-Secret`, `API-Secret`, `X-Client-Secret`, `X-Auth-Token`, `Auth-Token`, `X-Access-Token`, `Access-Token`, `X-Session-Token`, `Session-Token`, `X-CSRF-Token`, `CSRF-Token`, `X-XSRF-Token`. **Inline tokens** anywhere in the text: `Bearer …`, `Basic …`, JWT-shaped values (`eyJ…` with three base64url segments). **URL query parameters** (value redacted, key kept): `access_token`, `api_key`, `apikey`, `auth`, `token`, `key`, `secret`, `password`, `pwd`, `session`, `sid`, `code`. ## Before/After Example Raw request: ```http GET /api/user?api_key=abc123&session=xyz&name=alice HTTP/1.1 Host: api.company.tld Authorization: Bearer eyJhbGciOi... X-CSRF-Token: csrf-0f4a2b X-Auth-Token: at-8d2c Cookie: sessionid=abc123; csrftoken=xyz ``` `STRICT` output: ```http GET /api/user?api_key=[REDACTED]&session=[REDACTED]&name=alice HTTP/1.1 Host: host-a3f2c1.local Authorization: [REDACTED] X-CSRF-Token: [REDACTED] X-Auth-Token: [REDACTED] Cookie: [STRIPPED] ``` `BALANCED` output: ```http GET /api/user?api_key=[REDACTED]&session=[REDACTED]&name=alice HTTP/1.1 Host: api.company.tld Authorization: [REDACTED] X-CSRF-Token: [REDACTED] X-Auth-Token: [REDACTED] Cookie: [STRIPPED] ``` ## Context Preview Dialog When you run a right-click action that captures context automatically (proxy item, scanner issue, site-map node, etc.), the extension opens a preview dialog before anything is sent: * Shows the current **privacy mode** prominently at the top. * Shows the **exact prompt** that will be sent. * Shows the **redacted JSON** that will accompany the prompt (what the AI will actually see). * Buttons: **Send** or **Cancel**. If you cancel, no session is created and nothing is sent. User-typed messages inside an active chat session skip this dialog because you are the author. ## Important Boundaries {% hint style="danger" %} Privacy mode does not prevent active scanner traffic from reaching the real target. It only controls prompt/tool data sent to AI clients. {% endhint %} * BountyPrompt tag resolution runs after redaction, so tags inherit current privacy policy. * MCP tool responses are filtered by the same privacy mode. * Determinism mode and salt handling affect reproducibility and anonymization stability. ## Related Pages * [Redaction Pipeline](/developer/redaction-pipeline.md) * [Determinism & Salt](/privacy-and-logging/determinism-salt.md) * [Audit Logging](/privacy-and-logging/audit-logging.md) * [Limitations & Hallucinations](/privacy-and-logging/limitations.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://burp-ai-agent.six2dez.com/privacy-and-logging/privacy-modes.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.