• /
  • Log in
  • Free account

Compatibility and requirements for browser monitoring

Browser monitoring includes strict security measures to provide a robust, standalone product with browser monitoring features. Before you install the browser agent, make sure your system meets these requirements.

Want to try out our browser monitoring agent? Create a New Relic account... It's for free, forever! No credit card required.

Basic requirements

To report data to browser, your application must at a minimum meet two basic requirements:

  1. The traffic to the application must be from clients able to load and execute browser JavaScript code and set cookies.
  2. Clients accessing the application must be able to send data to New Relic through HTTP requests. HTTPS is required for browser Pro features.

Important

Browsers that subscribe to a disconnect list or that use content filtering extensions such as AdBlock may not be able to send data to New Relic. For example, if you are using the Enhanced Tracking Prevention disconnect list for Mozilla Firefox 69.0 or higher, you will need to change the default configuration.

Most typical browser applications meet these requirements. However, browser applications in restricted environments may have difficulty reporting data to New Relic; for example:

  • Hybrid mobile applications
  • Applications installed on unusual hardware, such as point-of-sale terminals or consumer appliances

For more information, review the instrumentation for browser monitoring documentation, and verify end-user network access.

Browser types

Instrumentation is compatible with every browser type, including Google Chrome, Mozilla Firefox, Microsoft Internet Explorer and Edge, and Apple Safari. The user interface is compatible with New Relic's supported browser versions.

Exceptions

Comments

Paint timings

The firstPaint and firstContentfulPaint attributes in BrowserInteraction, PageView, and PageViewTiming events are only compatible with:

  • Chrome 60 or higher for desktop and mobile (Android webview and Chrome for Android)
  • Opera 47 or higher for desktop
  • Opera 44 or higher for Android mobile
  • Samsung Internet for mobile

AJAX

AJAX timing features are not available with:

  • Chrome for iPhone and iPad
  • IE 7 and 8

PageAction events

PageAction events require a browser that fully supports cross-domain XMLHttpRequests. Internet Explorer versions 9 and lower cannot record PageAction events. Learn more on querying your data.

Session traces

Session traces are reported only from browsers that support the Resource Timing Specification.

SHA-256

New Relic can only monitor browsers that are compatible with SHA-256.

Important

When you use browser monitoring with cookies, New Relic's cookies are a third-party cookie on your site, and may not store or work on certain web browsers used by your visitors. See the applicable browser's websites for details about their compatibility with third-party cookies.

APM agents

You can deploy the browser agent for apps monitored by APM, or you can deploy the browser agent for your standalone apps. For more information, see the installation procedures.

If you're deploying browser for an app using APM, make sure your agent supports browser monitoring:

  • C SDK: Version 1.0.0 or higher
  • Go: Version 2.5.0 or higher
  • Java: Version 3.4.0 or higher
  • .NET: Version 2.20.25.0 or higher
  • Node.js: Version 1.4.0 or higher
  • PHP: Version 4.4.5.35 or higher
  • Python: Version 2.10.1.9 or higher
  • Ruby: Version 3.7.0.177 or higher

Supported frameworks

The browser agent collects data on all front-end frameworks. However, the monitoring occurs on lower-level "primitives" that JavaScript frameworks use, so the level of detail collected by the instrumentation may vary depending on your specific framework.

Exceptions

Comments

Zone.js

If you're using AngularJS and you want to use our SPA monitoring features, note that Zone.js versions 0.6.18 to 0.6.24 are not compatible with browser. In all cases, the browser agent must be loaded before Zone.js to avoid errors.

Cypress.io

Browser is unable to properly instrument the open and send methods of requests when tests are run in Cypress. This will cause the following error to be thrown:

Cannot set property 'status' of undefined

This will only affect customers running tests with the Browser agent present in their code. Production applications should not be affected.

html2pdf.js

This library is not compatible with our Pro+SPA agent due to the way this library wraps promises. If you're using this library, we recommend selecting the Pro agent type.

Content Security Policy (CSP) considerations

In order to obtain accurate browser performance metrics, browser requires the use of a small, inline JavaScript snippet. New Relic carefully reviews the inline JavaScript to prevent Cross-Site Scripting (XSS) and other potential vulnerabilities.

Content Security Policy Level 2 adds restrictions to the types of JavaScript allowed, such as inline scripts. It also limits which domains can load scripts during page load.

Important

If your website does not allow any third-party hosted JavaScript to run, you must request a CSP exception via your organization’s standard procedures in order to install the browser monitoring agent.

When requesting a CSP exception, follow your organization's standard procedures to contact your web or security team.

The browser JavaScript agent requires the following CSP exceptions in order to run properly. Alternatively, you can add all of these exceptions to the fallback default-src directive (instead of script-src and connect-src).

CSP exception

Comments

unsafe-inline

Add to the script-src directive or to the fallback default-src directive. This is required because the agent is installed by including an inline script.

https://js-agent.newrelic.com

Add to the script-src directive or to the fallback default-src directive. This is where additional script files that the agent requires are hosted.

https://bam.nr-data.net

https://bam-cell.nr-data.net

Important

Add https://gov-bam.nr-data.net if you're using FedRAMP-compliant endpoints.

  • Add to the script-src directive or to the fallback default-src directive. This is where the agent sends its collected data. One of the calls to this URL is a JSONP call, which means that the URL must be allowed as a script source.
  • Add to the connect-src directive or to the fallback default-src directive. The connect-src directive affects the URLs that scripts can call (for example, using the XMLHttpRequest interface). If you have CSP restrictions specifically around this directive, then add this URL as an exception.
Create issueEdit page
Copyright © 2022 New Relic Inc.