How to Analyze HAR Files for API Debugging
A practical workflow for reading HAR files, finding slow requests, spotting 4xx/5xx failures, and sharing safe network summaries.
Start with a clean browser capture
Open DevTools, preserve logs if redirects matter, reproduce the problem once, then export the HAR. A smaller capture is easier to reason about and safer to share than a full browsing session.
Before sending a HAR to anyone, remember that it can contain cookies, authorization headers, query parameters, and customer identifiers. Analyze it locally first and redact sensitive values from any exported summary.
What to inspect first
Sort by status codes to separate application failures from successful static assets. 4xx responses usually point to request shape, authentication, authorization, or missing resources. 5xx responses usually require backend logs, trace IDs, or deployment context.
Next, sort by duration and domain. A single slow API call suggests backend latency, while many small slow calls to the same domain can indicate connection setup, DNS, TLS, cache misses, or too much client-side fan-out.
Use the waterfall with logs
The waterfall shows browser-observed timing, but it cannot explain what the server did internally. Match request URLs, timestamps, and correlation IDs with logs in the API Log Analyzer to connect frontend symptoms with backend causes.
Related tools
Dev Debug Helpers
OpenHAR File Analyzer
Analyze browser HAR files for slow requests, failed calls, duplicates, domains, and timing waterfalls.
Dev Debug Helpers
OpenAPI Log Analyzer
Analyze API logs for ERROR/WARN/INFO counts, duplicate exceptions, correlation IDs, and timeline buckets.
API & Auth
OpenHTTP Request Builder
Build HTTP requests safely and generate cURL and fetch snippets without turning the site into an open proxy.