Understanding data collection and session replay
What makes Glassbox’s digital session replay software stand out from the competition? To understand what makes this technology unique, it’s important to understand the methods of data collection involved and how session recordings are implemented, recorded, and displayed.
How Glassbox collects session replay data
Can you solve this equation X^2+3= without having the right side of it? This is what is missing when you are using client-side recording only, especially if you want to use the replays for production support and fraud investigations.
Implementing session replay software with zero hassle
Comparing client- versus server-side recording
While client-side session recording is becoming increasingly available, choosing a solution that only provides client-side recording offers only half of the picture. Only Glassbox and Glassbox alone is able to offer server-side recording that allows for more complete data collection and reporting which will enrich the client-side data to a 360° view.
Choosing a hybrid approach for best results
Did you know that 80% of fraudulent access incidents cannot be recorded when monitoring only client-side sessions? By utilizing the Glassbox hybrid model, you can protect your business against malicious bots and other problematic activities. Tracking server-side data can also be used to track and prove regulatory compliance, ensuring that your company is always ready in case of investigation or audit. Hybrid data collection ensures that IT production support teams are fully equipped with all the information needed – including full recording of HTTP headers, even cookies that are marked as “HTTP only”. HTTP errors like 404 or 500 can now be recorded when they happen on the main web page and even HTTP redirect (status code 302) can be recorded when using server-side recording. And this is just an example of why the server perspective is so important.
Capturing both sides of the equation means that your business can retrieve and replay historical data, identifying ongoing IT issues behind the scene, take remedial action as needed to reconnect with lost clients, stand strong against potential fraud, and improve overall customer support and customer experience on your site. Do more for your business with Glassbox digital customer experience software!
For the technical audience only
If you’re looking for a more in-depth understanding of the technical implementation and benefits of server-side recording, read on.
HTTP headers of main pages
If you still need some more information to make it realistic, let me share a real case where we helped our customers to fight a zero-day attack. The attack was “CVE-2017-5638 is a critical vulnerability in the Apache Struts 2 web app framework. Attacks have escalated as hackers exploit this code-execution bug.” You can learn more about this type of attack on the Synopsis blog.
In a nutshell, attackers were using a vulnerability of Apache Struts 2 to use remote method invocation of commands that exist in the “Content-Type” header.
This attack was recorded by the server recording module of Glassbox. It was fully recorded with all headers and payload and alerted on each and every attack.
Response codes of main pages
As we already know what the “main page” is I won’t repeat it, but these response codes are not visible to the client-side and the user experience system is not complete without them. Website monitoring and session replay tools cannot afford these blind spots, else you could miss a very important problematic response code, such as 500 (server error), 404 (not found), or 400 (bad request).
The HTTP response status code “302 Found” is a common way of performing URL redirection. The use of redirects is very important for many reasons, such as security and usability (e.g. redirect to mobile site from a standard website). These hits are critical for troubleshooting and production support, you can not afford to lose them.
Bots/scrapers/fraud – non-JS practices
The value of having the entire traffic recording and the ability to refine your security tools like WAF is a huge benefit to your security team.
Users that are running script blockers cannot be monitored with JS. These users are usually very tech-savvy people, who also tend to complain about the service and technical difficulties. You need to be able to record these users’ sessions with your customer experience tools.