Evidence, screenshots and artifacts

Before opening artifacts

Use this page when a report finding needs proof beyond the summary. Screenshots, HTML snapshots, console counts and network counts explain what the browser worker observed for the affected page. Artifacts are evidence boundaries. If a screenshot, HTML snapshot or browser log is missing, read the reason before remediation, ticket export, PDF export or public sharing.

Inspect report artifacts

Follow the path `Reports → Technical appendix → Page row → Screenshot → HTML → Console and network context`.

1. Open /reports/{report} after reading severity and confidence. Result: the report opens with the same issue priority context you already reviewed.
2. Scroll to Technical appendix or open the issue evidence artifact section. Result: Screenshot, HTML, Console and Network values are shown for the affected URL.
3. Confirm Screenshot and HTML values before using visual proof. Result: you know whether the report has rendered-page image and DOM evidence for that finding.
4. Compare Console and Network counts with the issue evidence. Result: browser runtime symptoms stay connected to the affected page instead of becoming generic claims.
5. Read the missing artifact reason when Screenshot unavailable, HTML unavailable or Evidence incomplete appears. Result: skipped, failed, redacted or unavailable evidence stays explicit.
6. Continue only when artifacts support the next action. Result: remediation, ticket export, publication or PDF sharing does not rely on missing or redacted proof.

What each artifact proves

Artifacts should be read as observed context, not as automatic proof of exploitability.

• Screenshot shows the rendered page state captured by the browser worker.
• HTML snapshot shows the rendered DOM artifact for selectors, copy and structural checks.
• Console evidence shows runtime errors or warnings that happened during rendering.
• Network evidence shows failed, blocked or unexpected requests observed during rendering.
• Issue evidence connects artifact context to the specific finding, severity, confidence and affected URL.

Missing or redacted artifact states

Missing artifacts should remain visible in the report as limitations.

• Screenshot unavailable means visual proof is absent; use scan coverage notes or retry only when the target is reachable and scope remains accepted.
• HTML snapshot unavailable means DOM context is absent; do not claim selector-level proof from that artifact.
• Evidence incomplete means continue to [Failure and skipped-page meanings](/docs/projects/failure-and-skipped-page-meanings) before treating the report as complete.
• Evidence redacted means continue to [Privacy redaction](/docs/projects/privacy-redaction) before sharing, exporting or publishing.
• Console or network count without matching issue evidence means use [Console and network evidence](/docs/projects/console-and-network-evidence) before raising severity or assigning remediation.

Continue to issue fingerprints

Continue to [Issue fingerprints](/docs/reports/issue-fingerprints) after artifacts confirm what was observed. Fingerprints help retests and monitoring compare the same issue, while [Publication gates](/docs/reports/publication-gates) decide whether the evidence is safe to share.