Send HTTP Archive files, aka HAR files, plus console logs to the Support team as part of a troubleshooting process.
Availability: all customers
Help Support identify issues with portal performance
If you submit a ticket about your portal displaying correctly, the Support team may ask for a sample HAR file and console log.
Redact the HAR file to protect your portal and your users' data
For security reasons, you need to redact, aka "scrub", sensitive information such as API keys, secrets, cookie values, or passwords before sending any files.
The HAR file is in JSON format and can be edited with any text editor. When editing the file:
- use a case-insensitive search to catch variations in capitalization
- make sure that the file remains valid JSON by replacing only the text you wish to remove or obfuscate
Which fields you consider sensitive can vary depending on your organization or local regulations. The following lists are typical examples.
Inspect all files thoroughly for other information that you treat as sensitive.
Example fields with PII
The following fields are likely to contain PII:
- username
- lastname
- firstname
Example fields with sensitive information
The following fields are likely to contain sensitive information.
- credentials
- password_key
- backup_password
- current_password
- new_password
- auth
- state
- shdf
- usg
- password
- code
- code_verifier
- client_secret
- token
- Access_token: for JWT tokens, redact the signature; otherwise, redact the whole token string
- refresh_token
- authenticity_token
- Id_token: redact the signature
- SAMLResponse: redact the signature
- SAML Request: redact the signature
- appID
- challenge
- facetID
- assertion
- fcParams
- serverData
- auth
- key
- pem
- rsa
- dsa
- ecdsa
- signature
- passkey
The following fields might contain sensitive information, depending on how webhooks and other integrations have been configured.
- payload
- headers
- cookie
Note: cookies are duplicated in either the "cookies" header (request) or in the "set-cookie" headers (response).
- Authorization header: usually carries authentication information. The first word indicates the authorization scheme, followed by the parameters
- For authorization scheme Bearer with a JWT token: redact the signature of the token. If the token is not a JWT token, you should redact the whole token string
- For an authorization scheme other than Bearer: redact everything after the first word
Generate a HAR file and network log with Chrome
Start from an incognito browser window.
- Log into the portal.
- From the browser menu, select More Tools > Developer Tools to open the tools drawer.
- In the tools drawer, go to Network, and select Preserve Log.
- In your browser:
- test and replicate the errors to ensure they can be recorded in the console logs
- reproduce the problem
- In the tools drawer:
- from Network, right-click anywhere in Network Logs > Save as HAR with Content > your desktop with a descriptive name
- from Console, right-click anywhere in Console Log > Save-As > your desktop with a descriptive name
After reviewing and redacting these files, send them to the support team with your ticket.
See: