request headers are missing on some logs and partial on others. For security teams and development teams doing troubleshooting, request headers are often a key tool to zero in on the traffic of interest. Such as filtering on only traffic with a specific content-type header, or only traffic where a specific header is missing. Both of which wont work or at best will be partial results, if the full headers are only populated on some of the http requests.

For sensitive headers like authorization we'd like the log to still include the header and an encrypted and base64 encoded value where users with the right role would have access to either grab the decryption key or click a button to see the plain text value. We do NOT need the ability to search on the plain text value, only the ability to filter that the header is present and filter on its encoded and encrypted value which allows us to see if an attacker is passing the same value for many requests. This ensures you're not storing sensitive data.

For headers that have the potential to take up a lot of space, such as the cookie header, the system could set limits such as only displaying the first 1000 characters.

If the system needs to protect itself on space limitations, it could offer a max of 10,000 chars for header logging and have a default setting of which headers it prioritizes logging with the capability for the tenant to override the default to define which headers they prefer to see such as always ensuring content-type and user agent are present while cookie header is optional.