> ## Documentation Index
> Fetch the complete documentation index at: https://usefoil.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Frontend JavaScript compatibility

> Learn how frontend monitoring, analytics, session replay, and tag manager scripts affect Foil runtime signals, and validate your stack before enforcing.

Frontend tools that run JavaScript on your protected pages can change the browser runtime in ways Foil is designed to notice. This is usually benign, but you should validate your exact production script stack before moving from report-only mode to enforcement.

<Info>
  Backend-only APM, logging, or server SDKs do not affect browser runtime signals unless they also inject or configure frontend scripts on the page.
</Info>

## Tools that can affect the runtime

Any frontend script that observes, wraps, or proxies browser APIs can influence runtime integrity signals. Common examples include:

| Tool category                     | Examples                                                   |
| --------------------------------- | ---------------------------------------------------------- |
| Error monitoring and browser RUM  | Sentry Browser SDK, Datadog Browser RUM, New Relic Browser |
| Product analytics and replay      | PostHog, LogRocket, FullStory, Hotjar, Segment             |
| Tag and consent managers          | Google Tag Manager, OneTrust, Cookiebot                    |
| Experimentation and feature flags | Optimizely, LaunchDarkly                                   |
| Support and messaging widgets     | Intercom, Zendesk                                          |

This list is not exhaustive. A tool does not have to be malicious to change what browser APIs look like.

## What these tools may change

Frontend instrumentation may:

* Wrap functions so errors and traces preserve the original call site
* Patch globals such as timers, event listeners, fetch, history, or console APIs
* Observe DOM events, input state, and page transitions
* Inject iframes or helper scripts
* Proxy browser APIs to attach metadata or replay context
* Change page load timing or script ordering

Foil does not ignore these effects. Runtime changes can still be useful evidence when they appear alongside stronger automation, fingerprint, event-trust, or anti-tamper signals. On their own, they should be treated as compatibility signals to calibrate during integration.

## Rollout checklist

1. Start in report-only mode for each protected flow.
2. Test with the same frontend vendor scripts, tag manager rules, consent state, and feature flags that run in production.
3. Compare verdicts by page, template, browser, and vendor bundle.
4. Check whether unexpected signals appear only on pages with a specific frontend tool.
5. Move to challenge or block policies gradually after the signal distribution looks stable.

## When to contact support

Contact [support@abxylabs.com](mailto:support@abxylabs.com) if a real-user flow shows unexpected automation signals after you enable frontend tooling.

Include:

* Foil session IDs
* Affected URLs or page templates
* Browser and device details
* Frontend vendor list and script load order
* Tag manager, consent, experiment, or feature-flag state
* Whether the issue is page-specific, browser-specific, or global

We can help identify which signals are expected for your integration and calibrate your rollout policy.

## What's next

* [Going to production](/going-to-production) - rollout guidance
* [Verdicts & scoring](/verdicts-and-scoring) - how to interpret verdicts
* [Content Security Policy](/content-security-policy) - CSP setup for Foil
