Configure beacon origins allowlist

You can use the beacon origins allowlist to specify the domains from which OneAgent and ActiveGate accept Real User Monitoring beacons. A domain is stored in the Origin header of each beacon request.

Beacon origin rules flowchart

  • If the allowlist is empty, OneAgent and ActiveGate accept RUM beacons from any domain.
  • If a domain is on the allowlist, a request from that domain is accepted. The domain is copied to the Access-Control-Allow-Origin header of the response, and the beacon response returns the 200 OK HTTP status code.
  • If a domain is not on the allowlist, requests from that domain will be rejected. The beacon will fail with the 403 Forbidden status code and a message like "The value in the Origin header is not allowed".

Create a beacon origin rule to specify from which domains RUM beacons should be accepted by OneAgent and ActiveGate.

Right after you add the first beacon origin rule, all applications that don't match that rule will stop collecting Real User Monitoring data. This applies not only to applications that send RUM beacons via CORS requests but also to applications that issue regular requests.

To add a beacon origin rule

  1. In the Dynatrace menu, go to Settings > Web and mobile monitoring > Beacon origins for CORS.
  2. Select Add item.
  3. Provide the correct pattern for the domain you want to specify.
    Add a beacon origin rule
  4. Select Save changes.