Link cross-origin XHR user actions and their distributed traces
Dynatrace links user actions and their corresponding distributed traces to provide gapless end-to-end visibility. For example, this allows you to determine the top 3 web requests contributors on the user action details page or to drill down from the waterfall analysis chart to distributed traces.
Linking user actions and their distributed traces works out of the box when the following conditions are met:
- The web request is a same-origin request: the web request target URL and the page where the request was issued have the same protocol, host, and port. In this case, browsers include the RUM cookies on the web request, which are required for user action to distributed trace correlation.
- The technology used on the first instrumented tier (the tier nearest to the browser) is listed in Technology support - Real User Monitoring - Web servers and applications. For these technologies, OneAgent adds and evaluates RUM cookies.
Dynatrace cannot automatically link cross-origin XHR actions and their corresponding distributed traces. To enable such a correlation, follow one of the approaches:
Include cookies in cross-origin XHR calls
By default, browsers do not include cookies in cross-origin requests due to the same-origin policy, which restricts how your page interacts with resources from another origin. You can use CORS requests with credentials to add the RUM cookies and thus link cross-origin XHRs and their distributed traces.
For this approach, the following prerequisites must be met:
- The technology used on the first instrumented tier is listed in Technology support - Real User Monitoring - Web servers and applications.
- The two domains involved have at least a common effective top-level domain plus one (eTLD+1) to allow the specification of a common cookie domain.
To include cookies in cross-origin XHR calls
withCredentialsproperty on the XMLHttpRequest object to
true. If you use Fetch, set the
- Configure the server that handles the web request to respond with an
Access-Control-Allow-Credentials: trueheader and an
Access-Control-Allow-Originheader that contains the specific origin (that is, not a wildcard).
- If you configure the cookie domain manually, make sure that you choose one that covers both of the domains involved. If automatic cookie domain determination is used, which is the default, then the determined cookie domain already meets this requirement.
When the cross-origin XHR action uses an HTTP method, request header, or content type that requires the browser to issue a preflight request, Dynatrace cannot link this preflight, since preflight requests do not contain cookies.
To follow the cookie-based approach described above, the involved domains must allow the specification of a common cookie domain. The header-based approach does not have this limitation. This approach is supported for the technologies listed in Technology support - Real User Monitoring - Web servers and applications and by the OneAgent extension for AWS Lambda.
Do not enable the addition of the
x-dtc header unless you acknowledge the following:
- The addition of the
x-dtcheader to link cross-origin XHR user actions and their distributed traces is optional.
- You understand the steps required to prepare your endpoints.
- If you do not configure your endpoints correctly before enabling the header addition, your web application may break.
- You fully accept that Dynatrace is neither responsible nor liable for any application malfunction caused by any misconfiguration.
- You should always enable the addition of the
x-dtcheader in a test environment first.
To link cross-origin XHR user actions and their distributed traces using the
x-dtc header, configure endpoints to accept
x-dtc, and then add a regex that matches XHR calls.
- Configure the endpoints that handle the cross-origin requests to accept the
x-dtcheader. The endpoints must handle the preflight requests that the browser issues due to the addition of the header. In particular, the responses to the preflight requests need to contain an
Access-Control-Allow-Headers: x-dtcheader. Otherwise, the XHR will fail with a CORS error.
- In the Dynatrace menu, go to Web.
- Select the application that you want to configure.
- In the upper-right corner of the application overview page, select More (…) > Edit.
- From the application settings, go to Capturing > Advanced setup.
- Under Enable Real User Monitoring for cross-origin XHR calls, specify a regular expression that matches the XHR calls.
Only the actual request can be linked not the preflight request.