New Relic Browser provides insights into how your application or site behaves when it is loaded in a web browser. New Relic Browser only collects performance data, as explained in this document. It does not collect any data used or stored by the monitored application unless you explicitly configure it to do so. This document describes Browser's security measures.
For most data types, New Relic Browser transmits the data securely using SSL encryption. For more information, see Data transmission.
The Browser agent transmits data to New Relic's data collection servers via the domain bam.nr-data.net.
Here is a summary of the types of data reported by New Relic Browser.
- Page view data
This data is reported once per page view and consists of:
- Page load timing data
- Name of the server-side app controller that served the page, if available (obfuscated in the page and during transmission)
- Additional custom parameters set by the server-side app controller, if available (obfuscated in the page and during transmission)
- Additional custom parameters set by the Browser agent API, if set prior to page load
This information appears on the Page views page.
For data security reasons, New Relic Browser does not record or collect URL query strings.
Server-side data can only be collected when the host is also instrumented by New Relic, and the browser monitoring instrumentation is injected by the agent. For more information about how New Relic collects and presents this data, see Instrumentation for page load timing.
- AJAX timing data
When enabled, New Relic Browser periodically reports AJAX timing data until the user navigates away from or closes the page. (New Relic automatically filters out all AJAX requests that take longer than two minutes.) Data includes:
- Hostnames, ports, and paths (but not search/query parameters) of AJAX request URLs
- HTTP status code of responses
- Byte size of request message bodies
- Name of the server-side app controller servicing the AJAX request and server-side timing data (obfuscated in the page and during transmission), when the browser instrumentation is injected by the New Relic agent
- Timing data for the AJAX transaction
- Timing data for the AJAX callbacks
This information appears on the AJAX page.
For each error, the data includes:
- Exception class of the error
- Error message containing arbitrary text
- Stack trace of the error, which may contain function names and URLs of scripts causing the error
- Session trace data
- Asset load timing details
- User interactions such as scrolling, mousing, and clicking
Session traces are captured randomly at a fixed rate from among the monitored page views. Session trace information appears on the Session traces page.
- SPA data
In addition to the data above, for customers using New Relic single-page application (SPA) monitoring, this data is reported once per page load or route change:
- Hash fragments associated with route changes
- Additional custom parameters added via the SPA API
When SPA monitoring has been enabled, this information appears on the Page views page.
As is the case for page view timing data, server-side data can only be collected when the host is also instrumented by New Relic, and the browser monitoring instrumentation is injected by the agent. For more information about how New Relic collects and presents this data, see Instrumentation for page load timing.
URL query strings
The Browser agent uses the HTTP
referer attribute to track page URLs. URLs can sometimes contain potentially sensitive user-entered query data (for example, a user's name). For data security reasons, Browser does not record or collect URL query strings.
New Relic Browser determines the browser type from the
User-Agent header and the geographical location based on the browser's IP address. New Relic does not retain the IP address, only the country and region associated with the performance data.
Browser trace details
Browser traces are replaced by browser session traces if using Browser Pro, to provide a more detailed timeline of the load and interaction events during a webpage's life cycle.
If your end users are behind a firewall or proxy and do not have access to the CDN or to New Relic's networks (including bam.nr-data.net), New Relic Browser will not work. For more information about host locations and IP addresses for sending data to New Relic, see Networks.
New Relic Browser creates cookies in the end user's browser. If the user has cookies disabled, page load timing (sometimes referred to as real user monitoring or RUM) will not be able to track sessions properly. Also, if the user has an older browser that does not support the Navigation Timing Specification API, page load timing will not be able to track response times as accurately.
New Relic's cookies for browser monitoring do not contain the
secure attribute. This is because page load timing data is sent over HTTP when the page is HTTP, but over HTTPS when the page is HTTPS. For more information, see Data transmission.
If the site uses P3P, it must be configured to allow these cookies.
Page load timing metrics are reported to New Relic using a Script GET, also known as a JSONP request. The Script GET returns a value that is subsequently stored in a cookie and used to trigger trace capturing.
For more help
Additional documentation resources include: