Data security

Data for New Relic accounts are isolated so that users can only see the data for accounts they own (or have been given permission to see). New Relic also has certain rights regarding customers' data. For more information, see our security and privacy documentation and the Terms and Conditions page on the New Relic website.

Data collection

Using a JSON message format, data the New Relic agent receives from your app is posted once a minute to the New Relic user interface. The website returns a JSON response to the agent, indicating if the data was correctly received or if there was an error.

New Relic collects the following aggregate metric data:

  • Database activity
  • External web service calls
  • Controller and dispatch activity
  • View activity
  • Uncaught exceptions and counts
  • Process memory and CPU usage

This aggregate metric data summarizes calls to specific methods in your application: how many times each one was called and various response time statistics (average, minimum, maximum, and standard deviation). In New Relic, you will see the class and method names along with their aggregate numbers.

For paid accounts, New Relic optionally collects:

Data collection
(paid accounts)
Uncaught errors New Relic captures the error as well as a runtime stack trace of the offending code.
Transaction traces

These are snapshots of a single transaction. At your option, New Relic also collects the query statements called within the transaction. The default collection uses obfuscation to hide any strings or numbers from the query.

For transactions slower than a threshold you set, New Relic also collects data from SQL EXPLAIN. For database calls slower than a configured threshold, New Relic optionally collects runtime stack traces, which are helpful to pinpoint where in the code a database call is made.

Custom parameters You can add custom parameters to your application code and record them with transaction traces to provide additional context while you are examining profiling information.

Optional: For both errors and transaction traces, the HTTP request parameters can also be recorded.

HTTP parameters disabled by default

By default, New Relic agents disable collection of HTTP request parameters, such as the query string of a URL. This is an automatic safeguard to protect potentially sensitive data. New Relic collects and displays HTTP parameters only when you explicitly enable them in your agent configuration file.

SSL enabled by default

New Relic agents enable SSL by default. To verify which release includes SSL by default and to ensure that you have the most up-to-date version, refer to your agent's release notes:

The configuration file also includes an optional flag (ssl) to enable or disable SSL using HTTPS. New Relic does not do host authentication with HTTPS, just communication encryption.

Exception: You cannot disable SSL for the C SDK. The C SDK daemon can only connect with SSL.

New Relic requires HTTPS for all traffic to New Relic APM and the New Relic REST API. This includes both inbound and outbound traffic. If your REST API call uses HTTP, or if you have disabled SSL in your configuration file, change your script or program to HTTPS.

Data transmission

Under Java, .NET and PHP, New Relic uses JSON to serialize data. The Ruby agent uses either Ruby marshaling or JSON serialization to send data to New Relic, depending on whether a native JSON encoder is available in under the Ruby version the agent is running on.

The agent communicates with two hosts: and a numbered host labeled, where nnn is any numerical value. The numbered host is typically (but not always) fixed for your account, and it appears in the log/newrelic_agent.log at startup. If you are creating firewall rules to allow the agent to communicate, see Networks for the required changes.


New Relic includes optional settings so that you can configure the agent to communicate through a proxy. To define proxy settings for host, port, domain, user, or password, refer to your agent's configuration file documentation:

Agent Proxy settings
C SDK -proxy at daemon startup
Go transport

Use proxy settings, including:

.NET proxy element
Node.js proxy
PHP newrelic.daemon.proxy or the daemon's proxy setting
Python proxy settings

Use proxy settings, including:

Infrastructure proxy

Masking (obfuscation)

When New Relic agents refer to data obfuscation, this means the data is masked and cannot be recovered. For example, with queries, the Record SQL? value defaults to obfuscated. This strips the string literals and numeric sequences and then replaces them with the ? character.

New Relic captures HTTP request parameters in transaction traces. However, you can mask sensitive information in HTTP or HTTPS requests as an additional security option for transaction traces.

For more help

Recommendations for learning more: