New Relic cookies used by Browser

This document describes data privacy related to Browser and cookies, and details about the cookies themselves. Page load timing (sometimes referred to as real user monitoring or RUM) creates the following cookies that New Relic Browser uses when session tracking in end-user browsers.

Data privacy and GDPR compliance

The default Browser agent configuration does not retain any personal data as defined by the EU General Data Protection Regulation (GDPR). New Relic has taken steps to enable our customers who elect to process personal data in our products to do so in accordance with GDPR and applicable data protection laws. Use the additional information below to help enable your compliance with GDPR and the ePrivacy Directive:

Data Description
IP addresses

New Relic briefly collects and leverages the IP address from the end-user as part of the data collection process. The IP is captured when a connection is made between the end user's browser and the New Relic data collector. The IP address is included in the web request, much like a caller ID. New Relic uses the IP, much like you see a phone number when somebody calls you.

The IP address is used as a lookup value that maps to additional details, allowing New Relic customers to diagnose performance issues.

IP address lookup values include:

  • countryCode
  • regionCode
  • city
  • asn
  • asnOrganization
  • asnLatitude
  • asnLongitude

The mapping process for the IP address lookup value is typically complete within minutes, but in some extreme cases may take up to 24 hours to process. Once the mapping process is complete, New Relic no longer retains the IP address.

Default cookies

The New Relic Browser agent sets cookies by default. Cookies are placed by the Browser agent and the New Relic collector. The New Relic collector places a cookie when the Browser agent makes a connection and transmits data.

A cookie consent manager that uses a conditional script loader that only loads tags/snippets when a visitor agrees to a specific type of cookies can be used. By choosing this option there is a risk that page performance will not be captured until the visitor has agreed and the Browser agent is running.

Personal data through custom Browser configuration

New Relic offers the option to manually configure your agent through the Browser API, which could be used to capture information considered personal data, subject to the restrictions set forth in the terms of service with New Relic (for example, no credit card numbers or sensitive categories of personal data). New Relic responds to the instructions specified by the agents, including collecting personal data that may be custom configured.

If you (as the data controller) receive a data subject action request (DSAR) and determine that personal data sent to New Relic for processing must be deleted, see New Relic GDPR deletion requests.

JSESSIONID

The JSESSIONID cookie is used to store a session identifier so that New Relic can monitor session counts for an application. The cookie value is generated by Jetty.

Components Description
Session identifier This is used by New Relic to monitor session counts for an application.
Domain The JSESSIONID cookie is associated with the New Relic domain.
Expiration JSESSIONID is a session cookie that is deleted when the browser closes.

NREUM

This cookie is only created in browsers that do not support the Navigation Timing API. When a browser supports the Navigation Timing API, a native interface can be used to determine navigation start time.

Mozilla Firefox versions 7 or higher support the Navigation Timing API. However, a bug exists in Firefox's early implementations of the Navigation Timing API that New Relic Browser works around by using this cookie.

Components Description
Navigation start time Navigation start time is required to measure end user response time. The cookie is written when the current page unloads (as the next navigation begins).
Document location Stored as a hash. The document location is used with the referring page URL to validate that the start time refers to the page that was previously being viewed or refreshed (to avoid using an invalid start time from a different navigation).
Referring page URLs Stored as a hash. The referring page URL is used with the document location to validate that the start time refers to the page that was previously being viewed or refreshed (to avoid using an invalid start time from a different navigation).
Domain The NREUM cookie is associated with the root path of the domain in which the New Relic agent executes.
Expiration NREUM is a session cookie that is deleted when the browser closes.

NRAGENT

The NRAGENT cookie is set only if you use Browser agent version v443 or lower. It is created when a token is handed out to an end user by the New Relic collector.

End-user metrics are communicated to New Relic collectors via a JSONP request from the browser (script retrieval). The returned JavaScript contains a call to set the token identifier which is written to the cookie on the next navigation (when the page unloads). This achieves a cross-domain communication between the New Relic collector and the New Relic agent.

This cookie is used to communicate between the New Relic collector aggregating end user metrics and the agent(s) running in the associated web application. A token identifies and correlates application tier transaction traces with corresponding browser traces.

Components Description
Token identifier The 16-character token identifier helps with cross-domain communication between the New Relic collector and the New Relic agent.
Domain The NRAGENT cookie is associated with the root path of the domain in which the New Relic agent executes.
Expiration NRAGENT is a session cookie that is deleted when the browser closes.

For more help

Additional documentation resources include:

Recommendations for learning more: