I was originally investigating this report that Postman is not HIPAA compliant. I found that Postman is not just wholly unsuitable for anyone testing a healthcare application — it has virtually zero regard for the privacy of any of its users, and has probably logged every secret string you have ever given it. Charles ProxyThis investigation would not have been possible (or so effortless) without C