# `Monitorex.HeaderRedactor`

Redacts sensitive HTTP header values before events are stored.

Header names matching the configured denylist (case-insensitive) have
their values replaced with `"••••redacted••••"`.

# `default_redacted_headers`

```elixir
@spec default_redacted_headers() :: [String.t()]
```

Returns the default list of sensitive header names.

# `redact_headers`

```elixir
@spec redact_headers([{atom() | String.t(), String.t()}]) :: [
  {atom() | String.t(), String.t()}
]
```

Redacts headers using the application-configured denylist.

# `redact_headers`

```elixir
@spec redact_headers([{atom() | String.t(), String.t()}], [String.t()]) :: [
  {atom() | String.t(), String.t()}
]
```

Redacts header values whose names match the configured denylist.

Accepts a list of `{name, value}` tuples where `name` may be a string
or atom. Returns the same shape with matching values replaced.

The denylist is read from application config `:redacted_headers`
(defaults to `default_redacted_headers/0`).

## Examples

    iex> Monitorex.HeaderRedactor.redact_headers(
    ...>   [{"authorization", "Bearer secret"}, {"content-type", "application/json"}],
    ...>   ["authorization"]
    ...> )
    [{"authorization", "••••redacted••••"}, {"content-type", "application/json"}]

    iex> Monitorex.HeaderRedactor.redact_headers([], ["authorization"])
    []

---

*Consult [api-reference.md](api-reference.md) for complete listing*