Firewall constraints for RUM
Real User Monitoring (RUM) uses HTTP technologies to send performance data from client browsers to Dynatrace. To do this, a JavaScript tag is injected into your HTML pages. This code snippet communicates with Dynatrace. However, to fully enable RUM, you must verify that your firewalls, proxies, and web servers are configured properly and allow all required data to pass through.
HTTP requests
For RUM to function fully, the following browser requests must be delivered to Dynatrace:
ruxitagentjs_, the JavaScript tag that's used for auto-injection—the name of the tag may contain additional information, such as active code modules and/or the version of the tag. Agentless RUM requests use the formatruxitagent_./rb_<id>and/bfor/bf_<id>are the monitor signals the JavaScript code sends back to Dynatrace.- The monitor uses query parameters such as
app,flavor,format,referer,session,srvid,type,visitID,size,zip,va,tt, andns. - The POST body contains the payload. The payload is sent with the content type
application/octet-stream.
- The monitor uses query parameters such as
HTTP headers
RUM uses these HTTP headers. All of these must be able to reach Dynatrace.
Request headers
| Header | Request | Purpose |
|---|---|---|
x-dynatrace |
request | Used for transaction stitching in HTTP headers. Set by OneAgent to link web servers. Ensure that network components, such as firewalls and routers, are never configured to remove these headers. Incorrect configuration can potentially lead to broken pure paths. Some network components disable such requests (and deliver HTTP 403 error, which is why it is necessary to configure these components to accept the x-dynatrace header. |
x-dynatrace-application |
request | Contains the ID of the RUM application, the cookie domain, and the injection rule ( |
x-dynatrace-origin-url |
request | Preserves the original URL of the request in case of URL rewriting. |
x-dtHealthCheck |
request | |
X-dynaTrace-RequestState |
request | Tracks the depth of a subpath tree to avoid endless PurePaths. |
x-dtpc |
request | Identifies proper endpoints for beacon transmission; includes session ID for correlation. |
x-dtreferer |
request | Contains the referer of the page for an action and improves the correlation results. |
Cookie |
request | Sets the dtCookie cookie in case the HTTP request doesn't contain any. |
X-Ruxit-Forwarded-For |
request | Used to track proxy scenarios by the Nginx code module. |
X-ruxit-Apache-ServerNamePorts |
request | Used by the Apache code module to synchronize service naming with the PHP code module. |
X-ruxit-Disposition |
request | Used by the IIS code module to declutter .NET code module subpaths. |
Accept-Encoding |
request | Discarded by the Apache code module during the fine-tuning of HTML injection behavior. |
Content-Encoding |
request | Discarded during the fine-tuning of HTML injection behavior. |
If-None-Match |
request | Discarded when caching is suppressed. |
If-Not-Modified-Since |
request | Discarded when caching is suppressed. |
If-Match |
request | Modified when caching is suppressed. |
If-Range |
request | Modified when caching is suppressed. |
traceparent |
request | Used for W3C tagging. |
tracecontext |
request | Used for W3C tagging. |
referer |
request | Contains the address of the previous web page from which a link to the currently requested page was followed. |
user-agent |
request | Used for browser and OS detection. |
Response headers
| Header | Response | Purpose |
|---|---|---|
X-OneAgent-JS-Injection |
response | Confirms that the JavaScript tag has been injected to avoid duplicate injection.
|
X-ruxit-JS-Agent |
response | Confirms that the JavaScript tag has been injected to avoid duplicate injection.
|
x-dtHealthCheck |
response | Set for responses to special requests. Contains the result of the RUM health check—potential reasons why there is or might be a problem with the injection of the JavaScript tag. |
x-dtAgentId |
response | If the RUM health check is enabled, any involved OneAgent code module adds its ID here. Set for responses to special requests. |
x-dtInjectedServlet |
response | Contains the fully qualified name of the injected servlet or filter. |
Set-Cookie |
response | Sets the session state cookie of the OneAgent. |
ETag |
response | The OneAgent appends a custom string to the original ETag response header to track the changes in the application configuration. |
Last-modified |
response | If the ETag response header is manipulated, the OneAgent also subtracts 1 second from the original value of this header. Set for responses to special requests. |
Content-Length |
response | Adapted upon HTML injection. Set for responses to special requests. |
Vary |
response | Adapted during HTML injection into compressed responses. Set for responses to special requests. |
Content-Encoding |
response | Adapted during HTML injection into compressed responses. |
Content-Type |
response | Set for responses to special requests. |
Access-Control-Allow-Origin |
response | Set for responses to special requests. |
Cache-Control |
response | Set for responses to special requests. |
Cookies
RUM uses the following cookies. All of these must be able to reach Dynatrace. See the Cookies page for more information about how Dynatrace uses cookies.
| Cookie | Max size | Purpose |
|---|---|---|
dtCookie |
Tracks a visit across multiple requests. | |
dtLatC |
5 B | Measures server latency for performance monitoring. |
dtPC |
54 B | Required to identify proper endpoints for beacon transmission; includes session ID for correlation. |
dtSa |
max URL length | Intermediate store for page-spanning actions |
rxVisitor |
45B | Visitor ID to correlate sessions |
rxvt |
27B | Session timeout |
Mobile RUM
The OneAgent for Mobile uses the x-dynatrace header for the tagging of HTTP requests. In hybrid setups, the dtAdk cookie is used to join hybrid sessions and the dtAdkSettings cookie for syncing settings between OneAgent for Mobile and the RUM JavaScript tag.