Sentry

Overview

Sentry is a widely used application error monitoring and performance observability platform developed by Functional Software, Inc. Engineering teams integrate the Sentry SDK into their web applications, mobile apps, and backend services to capture unhandled JavaScript exceptions, track performance degradation, and diagnose production bugs with contextual breadcrumb trails. Sentry is used by over 100,000 organizations ranging from individual developers to large enterprises.

On websites and web apps, the Sentry Browser SDK (@sentry/browser, @sentry/nextjs, @sentry/react, etc.) is either bundled into the application's JavaScript bundle or loaded from Sentry's CDN (browser.sentry-cdn.com). It instruments the JavaScript runtime passively — collecting diagnostic data only when errors or performance thresholds occur, not on every user interaction.

What This Script Does

The Sentry Browser SDK provides runtime error and performance monitoring:

JavaScript exception capture: The SDK registers global error handlers (window.onerror, unhandledrejection) to catch every uncaught exception and Promise rejection. For each error, Sentry captures the error type and message, a symbolicated (source-mapped) stack trace, the browser user agent, OS details, screen resolution, the current URL, and recent network requests. This data is assembled into an error event and sent to Sentry's ingestion API.

Breadcrumb recording: Before any error is sent, Sentry has been silently recording a breadcrumb trail — a rolling log of the last ~100 events: page navigations, XHR/fetch requests with response status codes, console.log calls, and DOM click interactions. Breadcrumbs are held in memory and transmitted only when an error event fires, giving developers context about the sequence of actions that led to the crash.

Performance tracing: When performance monitoring is enabled (tracesSampleRate), the SDK creates distributed trace spans around page loads (Navigation Timing API), resource fetches, and XHR/fetch calls. These traces are sampled (typically 1–10% of sessions) and transmitted to Sentry's performance dashboard.

Session tracking and crash rate reporting: Sentry uses sessionStorage (not persistent cookies) to maintain a session identifier for the duration of the browser tab session. This session ID tracks whether the session ended cleanly or with an unhandled error, enabling Sentry to report session-level crash rates (e.g., "2.3% of sessions this week ended in a crash"). The session identifier is scoped to the tab and cleared when the tab is closed.

Optional user context: Developers may explicitly call Sentry.setUser() to attach a user identifier, email, or username to error events. This is an opt-in developer configuration — Sentry does not collect user identity information autonomously. When user context is set, it appears in Sentry's issue detail view alongside the error.

Release and environment tracking: Each Sentry initialization includes a release version string and environment (production, staging). Errors are associated with specific releases, enabling teams to identify which deployment introduced a regression.

Consent & Compliance

Sentry is a functional application reliability tool with minimal privacy footprint:

• GDPR: Sentry collects technical metadata (IP addresses, user agents, stack traces) that may constitute personal data. The lawful basis is legitimate interests under Article 6(1)(f) — diagnosing and fixing defects that directly harm users is a legitimate interest that does not require consent. Sentry offers EU data residency (ingestion via de.sentry.io), is certified under the EU-US Data Privacy Framework, and provides GDPR-compliant DPA terms.
• ePrivacy Directive: Sentry does not set persistent cookies. The sessionStorage identifier used for crash rate reporting is considered a strictly necessary functional mechanism — it does not enable cross-site tracking, advertising, or behavioral profiling. No ePrivacy consent is required.
• CCPA: Sentry processes technical diagnostic data as a service provider. Error data is not used for advertising or sold to third parties. Sentry's service provider status means this is not a "sale" under CCPA.
• Sensitive data: Applications that handle sensitive data (health information, financial data, authentication credentials) should configure Sentry's beforeSend hook and server-side data scrubbing to strip personal data from error payloads before transmission.

Should You Block This Without Consent?

No. Sentry is a functional error monitoring tool that supports application reliability. It does not perform marketing tracking, set persistent cookies, or build behavioral profiles. It operates under legitimate interests and can load without analytics or marketing consent.