New Relic cookies used by Browser

This document describes data privacy related to Browser monitoring and cookies, and details about the cookies themselves. Page load timing (sometimes referred to as real user monitoring or RUM) creates the following cookies that Browser monitoring uses when session tracking in end-user browsers.

These cookies are related to Browser app monitoring. For more information about data privacy and requesting data to be deleted, see New Relic personal data requests.

Data privacy and legal compliance

The default Browser agent configuration does not retain any personal data as defined by common privacy laws such as the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). New Relic has taken steps to enable our customers who elect to process personal data in our products to do so in accordance with applicable privacy laws. Use the additional information below to help enable your compliance with such laws:

Data Description
IP addresses

New Relic briefly collects and leverages the IP address from the end-user as part of the data collection process. The IP is captured when a connection is made between the end user's browser and the New Relic data collector. The IP address is included in the web request, much like a caller ID. New Relic uses the IP, much like you see a phone number when somebody calls you.

The IP address is used as a lookup value that maps to additional details, allowing New Relic customers to diagnose performance issues.

IP address lookup values include:

The mapping process for the IP address lookup value is typically complete within minutes, but in some extreme cases may take up to 24 hours to process. Once the mapping process is complete, New Relic no longer retains the IP address.

Default cookies

The Browser monitoring agent sets cookies by default. Cookies are placed by the Browser agent and the New Relic collector. The New Relic collector places a cookie when the Browser agent makes a connection and transmits data.

A cookie consent manager that uses a conditional script loader that only loads tags/snippets when a visitor agrees to a specific type of cookies can be used. By choosing this option there is a risk that page performance will not be captured until the visitor has agreed and the Browser agent is running.

With the release of Browser agent v1169, you can turn off cookie collection (JSESSIONID and NREUM) for your Browser app by using the Application settings page in the New Relic UI. Once this configuration value is set to false (OFF), you will no longer see the session information in your event data.

By default, the value is set to true (ON) for all existing Browser apps as well as newly created ones. For more information, see our documentation about cookie collection and session tracking.

Personal data through custom Browser configuration

New Relic offers the option to manually configure your agent through the Browser monitoring API. This could be used to capture personal data, subject to the restrictions set forth in the Terms of Service with New Relic. (For example, no credit card numbers or sensitive categories of personal data, which are contractually prohibited.) New Relic responds to the instructions specified by the agents, including collecting personal data that may be custom configured.

If you (as the data controller) receive a request from one of your own customers and determine that personal data sent to New Relic for processing must be deleted, see New Relic personal data requests.

JSESSIONID

The JSESSIONID cookie is used to store a session identifier so that New Relic can monitor session counts for an application. The cookie value is generated by Jetty.

Components Description
Session identifier This is used by New Relic to monitor session counts for an application.
Domain The JSESSIONID cookie is associated with the New Relic domain.
Expiration JSESSIONID is a session cookie that is deleted when the browser closes.

NREUM

This cookie is only created in browsers that do not support the Navigation Timing API. When a browser supports the Navigation Timing API, a native interface can be used to determine navigation start time.

Mozilla Firefox versions 7 or higher support the Navigation Timing API. However, a bug exists in Firefox's early implementations of the Navigation Timing API that Browser monitoring works around by using this cookie.

Components Description
Navigation start time Navigation start time is required to measure end user response time. The cookie is written when the current page unloads (as the next navigation begins).
Document location Stored as a hash. The document location is used with the referring page URL to validate that the start time refers to the page that was previously being viewed or refreshed (to avoid using an invalid start time from a different navigation).
Referring page URLs Stored as a hash. The referring page URL is used with the document location to validate that the start time refers to the page that was previously being viewed or refreshed (to avoid using an invalid start time from a different navigation).
Domain The NREUM cookie is associated with the root path of the domain in which the New Relic agent executes.
Expiration NREUM is a session cookie that is deleted when the browser closes.

NRAGENT

The NRAGENT cookie is set only if you use Browser agent version v443 or lower. It is created when a token is handed out to an end user by the New Relic collector.

End-user metrics are communicated to New Relic collectors via a JSONP request from the browser (script retrieval). The returned JavaScript contains a call to set the token identifier which is written to the cookie on the next navigation (when the page unloads). This achieves a cross-domain communication between the New Relic collector and the New Relic agent.

This cookie is used to communicate between the New Relic collector aggregating end user metrics and the agent(s) running in the associated web application. A token identifies and correlates application tier transaction traces with corresponding browser traces.

Components Description
Token identifier The 16-character token identifier helps with cross-domain communication between the New Relic collector and the New Relic agent.
Domain The NRAGENT cookie is associated with the root path of the domain in which the New Relic agent executes.
Expiration NRAGENT is a session cookie that is deleted when the browser closes.

For more help

If you need more help, check out these support and learning resources: