hide_keywords will only hide keywords in the URL query string and those passed by POST, so it doesn't work on cookies. (See the documentation for a more thorough explanation).
Also, the contents of the request or response fields (created when send_request or send_response are set) are never censored.
But I think it's not a bad idea to have hide_keywords apply to cookies (or a similar option i.e. hide_cookies) and also to censor the raw request and response. Feel free to open a feature request.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.