Currently adding HTTP clients also enables logging of http requests by injecting the LoggingHttpMessageHandler. It currently provides no mechanism to disable the logging of these http client requests. These logs contains URLs in plain text which can contain sensitive information.

The only way to avoid spitting out the http logs are by setting the log level for System.Net.Http.HttpClient to none. While this provides some solution it's not ideal and has a few issues

• It disables spitting out the logs but services still end up paying the cost because all of the processing to capture and emit the logs from http client library is still being done
• While this disables the logs, the http client library also adds information to scopes. The scopes however can't be disabled via log level so whatever other logs are being added by the service ends up containing the scopes. These scopes may end up containing sensitive information which again service doesn't have ability to disable.

What's needed is an ability to disable auto injecting of this logging components as part of adding http client so there is a proper way to disable these logs.

The solution should such that it can be done at a central place rather than disabling one by one for all http client factories.