That depends entirely on the nature of the requests.
If you look at a .har file in a text editor, you will see that it's just a JSON document, containing your request and the associated response. It includes the following, potentially sensitive content:
- Request Headers
- Response Headers
- Cookies
- Request Content
- Response Content
All of these could include session tokens or authentication credentials. Depending on the nature of the request, that could be benign, or be a compromise of your security.
For example, if you asked the tech support of an online shop with an issue related to your account, and the .har file would include a session token for said online shop, the potential damage would be minimal. In fact, it's very likely that they will need your session tokens to replicate the issue.
However, if the tech support would ask for a .har file including requests to third parties, then that may leak sensitive information.
What should I do now?
First of all, minimize the content of the .har file as much as possible. If they want a specific request, then capture only that request and nothing else.
Secondly, strip as much information from it as possible. It may be possible to replace your session token with a placeholder value, if all they need is to see the request that caused a particular behavior.
Finally, search through the entire archive for any and all data that may be sensitive. This is where the "minimize the size" step comes in handy.
If that sounds excessive - well, that's because it is. But you have to judge for yourself how much risk you're willing to take.
