How to Include Network Logs in Bug Reports

Written By  Crosscheck Team

Content Team

February 2, 2026 7 minutes

How to Include Network Logs in Bug Reports

How to Include Network Logs in Bug Reports

A bug report without network logs is a crime scene report without forensic evidence.

The bug happened. The page broke, the button stopped working, the data never loaded. You took a screenshot, wrote up the steps to reproduce, and filed the ticket. The developer opens it, reads through, and immediately asks: "What did the API return?" You don't know. The DevTools panel is closed. The request is gone. The ticket sits in the queue while someone tries to reproduce the problem from scratch.

This is the failure mode that network logs prevent. They are the single most useful piece of technical evidence you can include in a bug report — and they are the piece most commonly left out.

This guide covers what network logs are, why developers rely on them so heavily, how to capture them manually using Chrome DevTools, how to include them automatically with the right tooling, and what the most common network errors actually mean for non-technical reporters.

What Are Network Logs?

Every time a web page does something — loads content, submits a form, fetches data, logs you in — it sends a request to a server and receives a response. Network logs are the record of those requests: what was asked for, how it was asked, what came back, and how long it took.

For a non-technical reader, it helps to think of network logs as a phone bill. Your phone bill shows every call you made: the number dialed, the time it was placed, how long the call lasted, and whether the call connected. Network logs work the same way. Each row is a call your browser made to a server. The log shows:

  • URL — the address of the resource being requested
  • Method — the type of request (GET to fetch data, POST to send it, PUT to update, DELETE to remove)
  • Status code — whether the request succeeded (200), failed (400s, 500s), or redirected (300s)
  • Timing — how long the server took to respond
  • Request headers — metadata sent with the request, including content type and authentication tokens
  • Response headers — metadata returned by the server
  • Request body — the data sent to the server (for POST and PUT requests)
  • Response body — the data the server sent back

When a bug involves a page not loading, a form not submitting, data showing incorrectly, or an action appearing to work but producing no result, the answer is almost always somewhere in this log.

Why Developers Need Network Logs in Bug Reports

Developers debug by narrowing down. A bug report without technical context forces them to reproduce the problem from scratch, guess at possible causes, and rule them out one by one. Network logs skip directly to the evidence.

Here are the specific scenarios where network logs are essential:

Failed API calls. When a button click triggers a backend operation and nothing happens, the cause is typically a failed network request. The API returned a 400, a 401, a 403, or a 500 — and the application either silently ignored the error or handled it in a way that produced the wrong UI state. Without the network log, a developer has to reproduce the exact conditions and hope the same request fails again. With the log, they can see the exact endpoint, the exact payload sent, the exact error code returned, and often the exact error message in the response body.

Slow responses and performance issues. "The page is slow" is not an actionable bug report. "The page is slow" plus a network log showing a specific API endpoint that took 8.3 seconds to respond is. Network logs include timing breakdowns for every request — time to first byte, download duration, total latency — that pinpoint where the slowness is coming from. This is the difference between a developer checking everything and a developer going directly to the relevant service.

CORS errors. Cross-Origin Resource Sharing errors are a particularly common category of network failure that is almost invisible to anyone not looking at the network log. A CORS error occurs when a browser blocks a request because the server has not explicitly permitted requests from the application's origin. The result from a user's perspective is that something doesn't load or an action fails — identical to dozens of other bug types. The network log makes the CORS error immediately visible: a failed preflight request, a missing Access-Control-Allow-Origin header, and a blocked response. Without the log, diagnosing a CORS error requires guesswork.

Authentication failures. Bugs that occur only when a user is logged in, logged out, or using a specific permission level are frequently caused by authentication headers being missing, expired, or incorrect. The network log shows exactly what authorization metadata was present in the request, making it straightforward to determine whether the issue is a token expiry problem, a session invalidation issue, or a permission misconfiguration.

Data inconsistencies. When the application displays the wrong data — an incorrect total, a missing item, a stale record — the network log shows exactly what the API returned. This rules out frontend rendering bugs and immediately implicates either the API response or the data in the underlying database.

In all of these cases, the network log is not supplementary information. It is the primary evidence.

How to Capture Network Logs Manually in Chrome DevTools

Chrome DevTools has a built-in Network panel that records every request your browser makes. Here is how to use it to capture network logs for a bug report:

1. Open DevTools. Press Cmd + Option + I on macOS or Ctrl + Shift + I on Windows and Linux. Alternatively, right-click anywhere on the page and select Inspect.

2. Navigate to the Network tab. Click the Network tab in the DevTools panel. You should see a list of requests that have already been made since the panel was opened.

3. Enable Preserve Log. Check the "Preserve log" checkbox near the top of the Network panel. Without this, the log clears every time the page navigates, which means you lose requests that happened on previous pages during a multi-step flow.

4. Reproduce the bug. Perform the exact steps that trigger the bug. Every network request made during this sequence will appear in the log in real time.

5. Identify the relevant requests. Look for requests with error status codes (4xx, 5xx), unusually long response times, or requests to the specific endpoint involved in the bug. Click on any request to see its full detail: headers, payload, response body, and timing breakdown.

6. Export as a HAR file. Right-click anywhere in the request list and select "Save all as HAR with content." This exports the complete network log as a HAR (HTTP Archive) file — a JSON-formatted record of every request, including full headers, bodies, and timing data. Attach this file to your bug report.

One important caveat: HAR files can contain sensitive information, including authentication tokens, session cookies, and API keys present in request or response headers. Before sharing a HAR file externally or in a public ticket, review it for credentials and redact them manually if necessary.

The manual DevTools workflow works, but it has real limitations. You have to know to open DevTools before the bug occurs. You have to remember to enable Preserve Log. If the bug happened before you thought to start capturing, the evidence is gone. And the process of exporting, reviewing, and attaching the HAR file adds several minutes to every bug report.

Common Network Error Codes Explained

Not every team member who files bug reports has a background in HTTP. Here is a plain-language guide to the status codes you are most likely to encounter:

200 OK — The request succeeded. If the bug is a data issue rather than a loading failure, and you see a 200, the problem is in what the server returned, not in the request itself.

400 Bad Request — The server received the request but rejected it because something in the request was malformed. Common causes: missing required fields, invalid data format, a payload that doesn't match what the API expects.

401 Unauthorized — The request requires authentication and either no credentials were provided or the credentials are invalid. Often caused by expired tokens, failed logins, or session timeouts.

403 Forbidden — The server understood the request and the user is authenticated, but does not have permission to perform the action. A permissions or role configuration issue.

404 Not Found — The requested resource does not exist at the specified URL. Could indicate a broken link, a deleted resource, or a misconfigured route.

422 Unprocessable Entity — The request was well-formed but contained semantic errors — for example, a field that failed validation on the server side.

429 Too Many Requests — The client has sent too many requests in a given time window and has been rate-limited. Often intermittent and depends on request volume.

500 Internal Server Error — Something went wrong on the server. This is a catch-all for backend failures and almost always requires a developer to investigate server-side logs.

503 Service Unavailable — The server is temporarily unable to handle the request, usually due to overload or a downstream service being down.

CORS Error (not a status code) — Technically a browser-enforced block rather than a server response code, CORS errors appear in the Network panel as failed preflight requests or blocked responses. The console will also show a CORS-related error message.

Privacy Considerations When Sharing Network Logs

Network logs are powerful precisely because they capture so much. That comprehensiveness creates privacy obligations.

Authorization headers contain bearer tokens, API keys, and other credentials that grant access to authenticated resources. Sharing these in a bug report gives the recipient the ability to make authenticated requests as the logged-in user.

Cookie headers can contain session identifiers that, if shared, allow session hijacking.

Request and response bodies may contain personally identifiable information — user names, email addresses, payment data — depending on the endpoint involved.

Best practices for handling sensitive data in network logs:

  • Review HAR files before sharing and manually redact Authorization and Cookie header values.
  • Use tools that automatically filter sensitive headers rather than requiring manual review.
  • Avoid sharing full network logs in public issue trackers; use private attachments or access-controlled links.
  • For production bugs involving real user data, consult your team's data handling policies before including response bodies.

Capturing Network Logs Automatically with Crosscheck

The manual DevTools workflow is the baseline, but it requires anticipation, preparation, and extra steps on every bug report. For teams that file bugs regularly, those steps add up — and the requirement to have DevTools open before a bug occurs means intermittent issues are frequently undocumented.

Crosscheck is a Chrome extension that eliminates this friction entirely. Every time you capture a bug with Crosscheck — whether that is a screenshot, a screen recording, or an instant replay — the full network log for that session is captured automatically alongside it. No DevTools. No Preserve Log checkbox. No HAR export.

The network data captured with every Crosscheck bug report includes:

  • URL and method for every request made during the session
  • Status codes — so failing requests are immediately visible
  • Timing data — request duration and response latency for each call
  • Request and response headers — the full header set for each request
  • Privacy by default — Authorization and Cookie headers are automatically filtered before the report is generated, so sensitive credentials are never included in a bug report without deliberate action

The result is that every bug report filed through Crosscheck arrives with a complete, developer-ready network log already attached — with sensitive headers removed by default. Developers can see exactly which API calls were made, which ones failed, and what the timing looked like, without asking the reporter to go back, reproduce the bug with DevTools open, and export a HAR file.

For intermittent bugs that are difficult to reproduce on demand, this is particularly valuable. The network log from the original occurrence is already in the report. The evidence doesn't have to be re-created.

What a Complete Bug Report Looks Like

A bug report that includes network logs — whether captured manually or automatically — looks fundamentally different from one that doesn't:

  • The title is specific: not "Checkout broken" but "Order submission fails with 500 — POST /api/v1/orders"
  • The developer knows immediately which endpoint is involved
  • The request payload shows what was sent; the response body shows what came back
  • The timing data shows whether this is a performance issue or a hard failure
  • No follow-up questions are needed to start investigating

The network log is what transforms a bug report from a description of a problem into a map to its solution.

Stop losing network evidence the moment a bug occurs. Try Crosscheck free — network logs, console output, and full session context captured automatically with every bug report.

Related Articles

From Bug Reporter to Quality Advocate: The Future of QA Roles
Industry Trends & Thought Leadership

From Bug Reporter to Quality Advocate: The Future of QA Roles

Crosscheck Team
March 31, 202511 minutes
The QA Skills Gap: Why 50% of Organizations Can't Find Qualified Testers
Industry Trends & Thought Leadership

The QA Skills Gap: Why 50% of Organizations Can't Find Qualified Testers

Crosscheck Team
April 3, 202511 minutes
Flaky Tests Are Killing Your Team's Productivity: Here's How to Fix Them
Industry Trends & Thought Leadership

Flaky Tests Are Killing Your Team's Productivity: Here's How to Fix Them

Crosscheck Team
April 7, 202511 minutes
Contact us
to find out how this model can streamline your business!
Crosscheck Logo
Crosscheck Logo
Crosscheck Logo

Speed up bug reporting by 50% and
make it twice as effortless.

Overall rating: 5/5