Firewall constraints for Real User Monitoring

Real User Monitoring (RUM) uses HTTP technologies to send performance data from client browsers to Dynatrace. To do this, a JavaScript tag is injected into your HTML pages. This code snippet communicates with Dynatrace. To fully enable RUM, however, you must verify that your firewalls, proxies, and web servers are configured properly and allow all required data to pass through.

HTTP requests

For RUM to function fully, the following browser requests must be delivered to Dynatrace.

  • The JavaScript tag, starting with ruxitagent_. The name of the tag may contain additional information, such as active code modules and/or the version of the tag.
  • /rb_<id> and /bf or /bf_<id> are the monitor signals the JavaScript code sends back to Dynatrace.
    • The monitor uses the following query parameters: app, flavor, format, referer, session, srvid, type, visitID, size, zip, va, tt, ns.
    • The POST body contains the payload. The payload is sent with the content type application/octet-stream.

HTTP headers

RUM uses these HTTP headers. All of these must be able to reach Dynatrace.

Header Request/Response Purpose
x-dynatrace request Tags HTTP requests.
x-dynatrace-application request Contains the ID of the RUM application.

Used in case there's some proxy in between a user's browser and the original process that delivers the page.
x-dynatrace-origin-url request Preserves the original URL of the request in case of URL rewriting.
X-dynaTrace-RequestState request Tracks the depth of a subpath tree to avoid endless PurePaths.
x-dtinit request Coordinates RUM session ID generation.
Cookie request Sets the dtCookie cookie in case the HTTP request doesn't contain any.
X-OneAgent-JS-Injection response Confirms the successful injection of the JavaScript tag, to avoid duplicate injection.

Has one of the following values:
  • true: the injection was successful.
  • blocked: the injection failed.
x-dtHealthCheck response Contains the result of the RUM health check—potential reasons why there is or might be a problem with the injection of the JavaScript tag.

To perform a health check, a page must be requested with the dtHealthCheck user agent.
x-dtAgentId response If the RUM health check is enabled, any involved OneAgent code module adds its ID here.
x-dtInjectedServlet response Contains the fully qualified name of the injected servlet or filter.
x-dtpc response Identifies proper endpoints for beacon transmission; includes session ID for correlation.
Set-Cookie response Sets the OneAgent state cookie.
ETag response The OneAgent appends a custom string to the original ETag response header to track the changes in the application version.
Last-modified response If the ETag response header is manipulated, the OneAgent also subtracts 1 second from the original value of this header.


RUM uses the following cookies. All of these must be able to reach Dynatrace. See the Cookies page for more information about how Dynatrace uses cookies.

Cookie Max size Purpose
dtCookie Tracks a visit across multiple requests.
dtLatC 5B Measures server latency for performance monitoring.
dtPC 54B Required to identify proper endpoints for beacon transmission; includes session ID for correlation.
dtSa max URL length Intermediate store for page-spanning actions.
rxVisitor 45B Visitor ID to correlate sessions.
rxvt 27B Session timeout.