Network Resources Issues

When CORS is in effect, many of the timing properties’ values are returned as zero unless the server’s access policy permits these values to be shared. This requires the server providing the resource to send the Timing-Allow-Origin HTTP response header with a value specifying the origin or origins which are allowed to get the restricted timestamp values.

This is particularly important for cross-origin resources, such as those loaded from a different domain than the one serving the main page. If the Timing-Allow-Origin header is not set correctly, OpenReplay will not be able to record the timing information for these resources.

For example, to allow https://application.example.com to see resource timing information when requesting the backend on https://data.example.com, backend should include the following headers:

Timing-Allow-Origin: https://application.example.com

If you have any questions about this process, feel free to reach out to us on our Slack or check out our Forum.