URL and method
The full URL the browser requested and the HTTP method used (GET, POST, etc.).
Inside the evidence package
What is a HAR file?
A HAR (HTTP Archive) file is a log of every network request a browser makes during a session. When bundled into a timestamped certificate, it proves exactly which URLs were visited and what responses the server returned at the moment of certification.
URLsEvery request URL
HeadersRequest & response
TimingsPer-request latency
What is recorded in a HAR file?
HAR 1.2 is a widely supported JSON format used by browser developer tools and network analyzers. Each entry in a HAR file describes one HTTP request the browser made during the recorded session.
Response status
The HTTP status code (200, 404, 500…) and reason phrase returned by the server.
Request & response headers
The headers exchanged between browser and server — content type, caching, redirects, security headers.
Timing breakdown
How long each request spent in DNS, connect, send, wait, and receive phases.
Server address
The remote IP address the browser connected to for each request, when available.
Redirect chain
Every hop in a redirect chain is captured as its own entry, preserving the full path.
Why HAR matters for legal proof.
A screenshot shows what the user saw. A HAR file shows what the browser actually requested and what the server actually returned. Bundled into a signed, timestamped certificate, it answers questions that a screenshot alone cannot:
✓
Which URLs were visitedThe full list of resources the browser loaded during the session.
✓
What the server returnedStatus codes and headers — proof the page existed and how it responded.
✓
When each request happenedTiming data anchored to the certificate's RFC 3161 timestamp.
✓
Redirects and third-party callsHidden hops, trackers, and embedded content all show up in the log.
How to find your HAR file.
Every browser session certificate includes a network.har file inside the metadata ZIP. Three steps to open it:
1
Download your certificateFrom your certificates dashboard, download the certificate package for the session you want to inspect.
2
Open the metadata ZIPThe certificate package contains a metadata ZIP alongside the signed PDF. Extract it with your usual archive tool.
3
Find
network.harInside the metadata ZIP, look for network.har. That single JSON file is the full HAR log.What is excluded from the HAR.
For privacy and security, the HAR files produced by instantproof.legal omit two categories of data:
Cookies
Request bodies
Response bodies
Auth headers content
URLs, methods, status codes, and timings are preserved so the certificate still proves which resources were requested and how the server responded. Sensitive payloads are stripped before the HAR is signed and bundled.
Read your HAR with an external viewer.
A HAR file is plain JSON, but viewers make it easier to scan requests, filter by status, and inspect headers. Two free, browser-based options:
Google HAR Analyzer
Drag and drop a HAR file into Google's web-based analyzer to see a sortable list of requests, response codes, and timings.
Software Is Hard HAR Viewer
An open-source HAR viewer with detailed waterfall charts and per-request inspection. Runs entirely in your browser.
Capture a session with a real HAR.
Every browser session certificate ships with a signed, timestamped HAR file alongside the PDF and metadata ZIP.