New Relic Browser provides insights into how your application or site behaves when it is loaded in a web browser. New Relic Browser only records performance data, as explained in this document. It does not record any data used or stored by the monitored application unless you explicitly configure it to do so.
For more information about New Relic's security measures, see our security and privacy documentation, or visit the New Relic security website.
Reported data
New Relic Browser reports many different types of data to help you analyze your website's performance. New Relic Browser only reports page view data, unless you have subscribed to Pro features. You can also enable functionality for AJAX requests, JavaScript errors, and session traces.
For most data types, New Relic Browser transmits the data securely using HTTPS encryption. The Browser agent transmits data to New Relic's collectors by using the domain bam.nr-data.net
.
Here is a summary of the types of data reported by New Relic Browser.
- Page view data
-
This data is reported once per page view and consists of:
- Page load timing data
- Name of the server-side app controller that served the page, if available (obfuscated in the page and during transmission)
- Additional custom parameters set by the server-side app controller, if available (obfuscated in the page and during transmission)
- Additional custom parameters set by the Browser agent API, if set prior to page load
This information appears on the Page views page. For data security reasons, New Relic Browser does not record or collect URL query strings.
Server-side data can only be collected when the host is also instrumented by New Relic and the browser monitoring instrumentation is injected by the agent. For more information about how New Relic collects and presents this data, see Instrumentation for page load timing.
- AJAX timing data
-
When enabled, New Relic Browser periodically reports AJAX timing data until the user navigates away from or closes the page. (New Relic automatically filters out all AJAX requests that take longer than two minutes.) Data includes:
- Hostnames, ports, and paths (but not search/query parameters) of AJAX request URLs
- HTTP status code of responses
- Byte size of request message bodies
- Name of the server-side app controller servicing the AJAX request and server-side timing data (obfuscated in the page and during transmission), when the browser instrumentation is injected by the New Relic agent
- Timing data for the AJAX transaction
- Timing data for the AJAX callbacks
This information appears on the AJAX page.
- JavaScript error data
-
When enabled, New Relic Browser periodically reports data about every error that occurs on the page until the user navigates away from or closes the page. This information appears on the JavaScript errors page.
For each error, the data includes:
- Exception class of the error
- Error message containing arbitrary text
- Stack trace of the error, which may contain function names and URLs of scripts causing the error
Error messages typically do not contain any confidential or sensitive information. However, it is possible for messages to be purposefully constructed with sensitive information. Before enabling JavaScript error reporting, ensure that your website does not expose any sensitive information in error messages.
- Session trace data
-
When enabled, New Relic Browser periodically reports data on the details of the a single page's life cycle, including user interactions, AJAX loads, and JavaScript errors, until the user navigates away from or closes the page. New Relic automatically stops recording further data after ten minutes. Data includes:
- Asset load timing details
- User interactions such as scrolling, mousing, and clicking
- JavaScript error timing and other JavaScript error information
- Triggered Javascript events
Session traces are captured randomly at a fixed rate from among the monitored page views. Session trace information appears on the Session traces page.
- SPA data
-
If you use New Relic Browser's single-page app (SPA) monitoring, New Relic reports the following data once per page load or route change.
- New Relic Browser data for page views, AJAX timing, JavaScript errors, and session traces
- Hash fragments associated with SPA route changes
- Additional custom parameters added from the SPA API
When SPA monitoring has been enabled, this information appears on the Page views page.
Server-side data can only be collected when the host is also instrumented by New Relic, and the Browser monitoring instrumentation is injected by the agent. For more information about how New Relic collects and presents this data, see Instrumentation for page load timing.
URL query strings
The Browser agent uses the HTTP referer
attribute to track page URLs. URLs can sometimes contain potentially sensitive user-entered query data (for example, a user's name). For data security reasons, Browser does not record or collect URL query strings.
Visitor's IP address
New Relic Browser uses the visitor's IP address to enrich data for additional visitor segmentation. Details such as the ASN
and geoID
are mapped to New Relic Browser data from the IP address. For data security reasons, Browser does not retain the visitor's IP address for reporting. The IP address is obtained in the HTTP header from the request to the New Relic collector.
New Relic does not retain the visitor's IP address after the attributes have been mapped. The IP address value is overwritten within 24 hours of data being collected.
Browser types
New Relic Browser determines the browser type from the User-Agent
header and the geographical location based on the browser's IP address. New Relic does not retain the IP address, only the country and region associated with the performance data.
This information appears on the selected app's Geography page. Also, details about specific browser types appear on the selected app's Browsers page.
Browser trace details
If New Relic captures a browser trace, it also includes the city associated with the IP address (if any). Depending on your New Relic Browser subscription, Browser trace details may appear on the Page views page.
Browser traces are replaced by browser session traces if using Browser Pro, to provide a more detailed timeline of the load and interaction events during a webpage's life cycle.
CDN access
Page load timing requires access to the content delivery network (CDN), where New Relic's utility JavaScript file (nr.js
) is hosted. The domain name for the file (js-agent.newrelic.com
) remains static, but the number in the path (version) may change periodically.
A script
tag is injected by the New Relic agent (or pasted into the webpage for standalone apps) that references the JavaScript on the CDN, which is then loaded by the browser. The loaded JavaScript collects and reports the metrics dynamically to the domain bam.nr-data.net
.
If your end users are behind a firewall or proxy and do not have access to the CDN or to New Relic's networks (including bam.nr-data.net
), New Relic Browser will not work.
Cookies
New Relic Browser creates cookies in the end user's browser. If the user has cookies disabled, page load timing (sometimes referred to as real user monitoring or RUM) will not be able to track sessions properly. Also, if the user has an older browser that does not support the Navigation Timing Specification API, page load timing will not be able to track response times as accurately.
New Relic's cookies generated by Browser agents older than version 995 may not contain the secure
attribute. This is because page load timing data transmission in versions before version 995 use HTTP when the page is HTTP, but use HTTPS when the page is HTTPS. All Browser agent versions above version 995 will always use the secure
flag for cookies and transmit over HTTPS.
JavaScript and AJAX data may contain more sensitive information, so they are always transmitted over HTTPS. Transmission of these cookies using HTTP or access to them from JavaScript is not a significant security risk, because the cookies are not used to make security decisions or allow access to an account. They are used only to collect performance data, with any identifiable data obfuscated.
If your site uses P3P, it must be configured to allow these cookies.
JSONP requests
Page load timing metrics are reported to New Relic using a Script GET
, also known as a JSONP request. The Script GET
returns a value that is subsequently stored in a cookie and used to trigger trace capturing.