A method and apparatus for verifying the correctness of server access logs. The server is required to transfer the relevant log information for each client request to, an authentication device. In a preferred embodiment, the device has to be tamper-evident and responds with a Message Authentication Code (MAC) and a binary digit B. The MAC is stored on an accessible medium by the server. If B=0, the request is processed normally. If B=1 (this happens with a small probability), the server is required to issue a “redirect” response to the client, instructing it to connect to a different server, controlled by a certification agency. The agency's server logs this request and redirects it back to the original server, where it is eventually serviced. The certification agency periodically verifies each MAC and checks whether requests where B=1 correspond to an associated client log entry on its server. If this does not happen in a high number of cases, certification of the log file could be denied, based on the agency's policy. A preferred embodiment of this invention is with the HTTP protocol, for the auditing of Web site popularity.