How does Dynatrace use cookies?

Dynatrace Real User Monitoring relies on browser cookies to correlate user interactions in the browser (i.e., user actions) with general page and backend performance metrics.

Cookies are used to:

  • Monitor site performance
  • Analyze website usage
  • Track user behavior

The data stored in cookies is made up of random values, timestamps, and data that are required to correctly identify the applications in your monitored environment. The Real User Monitoring JavaScript library must be able to set and modify these cookies. This means that Dynatrace cookies don't support the HTTPOnly flag. Cookies must be included with each request so that user actions can be correlated with backend performance. You can use the Secure cookie flag, however this leads to loss of visibility into any unencrypted HTTP communication.

Dynatrace cookies

The following table provides an overview of cookie usage in Dynatrace. These are all first-party cookies.

Note: If you use Dynatrace to monitor your own customers' websites, you may re-use the cookie information detailed in the table below for your organization's own cookie policy.

Cookie Structure Expires Max size Purpose
dtCookie <randomValue> | <encoded application info> session 100B Technical session ID for PurePath correlation
dtLatC <numeric value> session 5B Measures server latency for performance monitoring
dtPC <serverID>$<randomValue>_<currentMillis>v<randomValue> session 54B Required to identify proper endpoints for beacon transmission; includes session ID for correlation
dtSa1 <URL-encoded action name> session max URL length Intermediate store for page-spanning actions
dtBw <status>_<durationMillis> session 13B Bandwidth measure
rxVisitor <visitorid> permanent 45B Visitor ID to correlate sessions
rxvt <timestamp> | <timestamp> permanent 27B Session timeout

1The dtSa cookie is used to save user action names, such as Click on Login across different pages. This is required because page loads result in JavaScript code restart and so all contextual information must be stored in cookies.

The cookies listed above are required for proper function of Dynatrace Real User Monitoring. If you use Dynatrace to monitor your websites and you provide an opt-out option that allows your users to decline the use of Dynatrace cookies, then Dynatrace Real User Monitoring won't work or deliver the expected results.

To provide your end users with a cookie opt-out capability, Dynatrace must be configured appropriately. Usually Dynatrace creates tracking cookies automatically. When using cookie opt-in mode, Dynatrace RUM tracking is disabled by default and no cookies are created. When an end user accepts your cookie policy (opt-in mode), Dynatrace RUM is enabled by calling dtrum.enable() within the JavaScript code module. Following this method invocation, Dynatrace tracking cookies are created and RUM is activated.

Note: To configure Cookie opt-out mode please see How do I configure Real User Monitoring for privacy?.

Session storage

Dynatrace uses sessionStorage to store a backup of rxVisitor and dtCookie because certain browsers delete random cookies when too many cookies are used. Dynatrace sets the following two keys (see the table above for examples):

  • rxVisitor
  • dtCookie

Local storage

Dynatrace uses localStorage to cache the last monitor beacon response, which contains the configuration for the Real User Monitoring JavaScript library. It doesn't store any user-related data in localStorage. The following table gives an overview of the key/value pairs that Dynatrace writes to local storage.

Key Example value Description
ruxitagentjs__Store OK(nginx) | name=ruxitagentjs config=domain%3Ddynatrace.com%7CreportUrl%3D%2Frb_dwypuwjjgx%7CfeatureHash%3D2SVfqr%7ClastModification%3D1494945232091%7CuseNewCookies%3D1%7CdtVersion%3D10119170508093112%7Ctp%3D500%2C50%2C0%2C1%7CagentUri%3D%2Fruxitagentjs_2SVfqr_10119170508093112.js | featureHash=2SVfqr | version= | buildNumber=10119170508093112 | lastModification=1494945232091 Beacon response. Configuration for the JavaScript code.