Skip to main content
Version: latest

Generate and Sanitize HTTP Archive Files

When you report issues with Palette to Spectro Cloud Support, we may ask you to generate an HTTP Archive (HAR) file to help us identify and resolve those issues.


HAR files contain all network activity for a specific page, including sensitive and confidential information, such as API keys, secrets, cookies, passwords, and more. Before sending your HAR files to us, sanitize the sensitive data. We do not recommend using any third-party tools for HAR sanitization, as they can overlook some details.

This guide explains how you can generate HAR files in Chrome, Safari, and Firefox and sanitize the sensitive data they contain.


Generate and Sanitize HARs

Generate HAR Files

  1. Open the page with issues in Chrome.

  2. On your keyboard, open Developer Tools:

    • For Windows and Linux, press F12 or Ctrl + Shift + I.
    • For Mac, press Fn + F12 or Cmd + Option + I.

    For alternative methods to open Developer Tools, refer to Open Chrome DevTools.

  3. In Developer Tools, select the Network tab, and, on the Network pane:

    1. If the leftmost icon displays a circle within a circle, click it to start recording network activity.
    2. Click the Clear network log icon that follows it to clear the current network log.
    3. Select the Preserve log and Disable cache checkboxes.

    View of the configured Chrome Developer Tools

  4. On the page, reproduce the issues you've encountered.

  5. In the network log, right-click any item and select Save all as HAR with content.

Sanitize HAR Files

  1. Open the generated HAR file in a text editor.

  2. Carefully examine the file contents and either remove or redact sensitive information.


    If you're using a built-in search feature, ensure it's case-insensitive and check every instance of confidential data it highlights.

You can use the following keywords for reference.

Keywords for sanitization

This list is not exhaustive. You should also check for data that is considered sensitive or confidential within your organization.

  • state
  • shdf
  • usg
  • password
  • code
  • code_verifier
  • client_secret
  • token
  • Access_token
  • refresh_token
  • authenticity_token
  • Id_token
  • SAMLResponse
  • SAML Request
  • appID
  • challenge
  • facetID
  • assertion
  • fcParams
  • serverData
  • Authorization
  • auth
  • key
  • pem
  • rsa
  • dsa
  • ecdsa
  • signature
  • passkey

Consider the following examples of how to approach redacting passwords, tokens, and cookies.

  "postData": {
"mimeType": "application/json",
"text": "{\"emailId\":\"REDACTED\",\"password\":\"REDACTED\",\"org\":\"spectro-cloud\"}"


Review the generated HAR file against the list of keywords we provided for reference, and make sure you've redacted every instance of sensitive information.

Next Steps

After you've successfully generated and sanitized your HAR file, send it to the Support Specialist who asked you for this file.