Claude Code Hardening: How Not to Leak Your Data to Anthropic

Claude Code is useful. It is also a client that talks to Anthropic's servers, and by default it sends more than just your prompts. Telemetry, error reports, attribution headers, and prompt suggestion data all flow upstream unless you turn them off.

This post covers the settings.json configuration that locks things down.

The Settings File

Claude Code reads its configuration from ~/.claude/settings.json. This is your user-level config. There is also a project-level .claude/settings.json that lives in your repo, but for privacy settings, the user-level file is what matters.

Here is a hardened configuration:

{
  "env": {
    "CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC": "1",
    "CLAUDE_CODE_ATTRIBUTION_HEADER": "0"
  },
  "includeCoAuthoredBy": false,
  "includeGitInstructions": false,
  "promptSuggestionEnabled": false
}

Each setting addresses a different leak vector. Let us walk through them.

`CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC`

This is the big one. When set to "1", it disables all network traffic that is not strictly required to serve your prompts. That means:

Sentry error reporting - crash dumps and error traces that get shipped to Anthropic's Sentry instance. These can include stack traces with file paths, environment details, and potentially fragments of your code context.
StatsIG telemetry - usage analytics, feature flags, and behavioral data. This tells Anthropic what features you use, how often you invoke tools, and general usage patterns.
Automatic update checks - periodic pings to check for new versions. Harmless in isolation, but still an unnecessary phone-home.

Without this flag, Claude Code is chatty. Every session reports back. Set this to "1" and the only outbound traffic is your actual API calls to the model.

`CLAUDE_CODE_ATTRIBUTION_HEADER`

By default, Claude Code injects an x-claude-code header (or similar attribution metadata) into every API request. This tells Anthropic's backend that the request originated from Claude Code rather than a raw API call.

Why does that matter? It means Anthropic can distinguish your Claude Code sessions from other API usage, build a separate behavioral profile for your coding activity, and potentially apply different policies or rate limits to Claude Code traffic.

Setting this to "0" strips that header. Your requests look like standard API calls. No special tagging.

`promptSuggestionEnabled`

When enabled, Claude Code sends context to Anthropic to generate "smart" prompt suggestions - the auto-complete hints that appear as you type. This means fragments of your project context, your recent prompts, and potentially file contents are sent upstream outside of your normal conversation flow.

Set it to false. You know what you want to type.

`includeCoAuthoredBy`

By default, Claude Code appends a Co-Authored-By: Claude <noreply@anthropic.com> trailer to every commit message it creates. This is a tracking vector.

Every public repository on GitHub is indexed and searchable. That trailer is a machine-readable tag that lets anyone, Anthropic included, scrape public git history and identify exactly which commits were written with Claude Code, which developers use it, how often, and on which projects. It is a passive usage tracker baked into your version control.

Even in private repos, it leaks to anyone with read access: teammates, CI systems, auditors, future acquirers during due diligence. It is permanent metadata in your git log that you cannot easily remove after the fact without rewriting history.

Set it to false. Your commits are your commits.

`includeGitInstructions`

Claude Code injects built-in git workflow instructions into its system prompt. These dictate how it writes commit messages, handles PRs, and follows git conventions. If you define your own workflow, such as a custom commit skill or project-specific conventions in CLAUDE.md, these built-in instructions conflict with yours.

Setting this to false removes them entirely. If you have your own git workflow, this prevents Claude from fighting you on format or injecting unwanted metadata.

What You Cannot Avoid

To be clear: when you use Claude Code, your prompts and the code context it gathers still go to Anthropic's API. That is how it works. The model runs on their servers. The settings above control the extra data - the telemetry, metadata, and side-channel information that is not necessary for the tool to function.

If you need the model to never see your code, Claude Code is not the tool. Use a local model. But if you accept the API calls and just want to stop the surveillance noise around them, this config handles it.

Other Hygiene

A few more things worth knowing:

Memory files - Claude Code stores persistent memory in ~/.claude/projects/. These are local files that get injected into your conversation context. They never leave your machine on their own, but their contents do get sent as part of your prompts. Be mindful of what you tell Claude to "remember".
CLAUDE.md - project instructions in CLAUDE.md are loaded into every conversation. Same deal: local file, but its contents are sent with your prompts. Do not put secrets in it.
Conversation history - stored locally in ~/.claude/projects/. Not synced to Anthropic. But if you are on a shared machine, be aware it exists.

Verify It

If you want to confirm the settings are working, watch your outbound traffic. On macOS:

# Monitor Claude Code network activity
sudo nettop -p $(pgrep -f "claude") -J bytes_in,bytes_out

With the hardened config, you should only see connections to Anthropic's API endpoint. No Sentry, no StatsIG, no update checks.

Break Zero