The FullStoryBot is an essential part of the data capture and playback features provided by FullStory.
What does it do?
FullStoryBot is a bot that we employ in order to fetch and cache the resources required to reconstruct your website during session playback. These resources typically include CSS, images, and fonts.
Should I block FullStoryBot?
If you use FullStory, we highly advise against blocking FullStoryBot. FullStoryBot’s only purpose is to fetch and store the assets required to rebuild your site when viewing your sessions.
FullStory can't snapshot a resource if our servers (outside your network) can't access it. This can also happen when you are capturing data from a development server that is firewalled or unreachable, such as localhost. To compensate, FullStory playback will automatically enter "fallback mode" in which your browser will fetch resources from your origin server as needed during playback.
It is only advisable to lean on this fallback while testing out FullStory internally. For production environments, we strongly recommend giving FullStory's servers access to your CSS and images to ensure older sessions continue to playback smoothly and correctly as time goes on.
Fallback mode only works if the browser in which you are watching sessions can reach the origin server during playback. Additionally, for security reasons, if fallback mode attempts to load a resource over HTTP and not HTTPS, your browser will block the loading of the resource. If you're capturing data on an internal server that does not run HTTPS, resources will fail to load during playback.
How should I allowlist FullStoryBot in my firewall rules?
Due to the nature of using cloud services to power the FullStoryBot, we do not advise allowlisting via IP address, as the range of IP addresses used by FullStoryBot is extensive. Instead, we advise that you allowlist traffic based on the existence of “FullStoryBot” in the User-Agent string.
Does the FullStoryBot slow down my servers?
In short? FullStory will not slow down your servers. Because FullStory servers fetch external CSS and images just after a page is captured, it must load these resources directly from the application’s server. In order to minimize these extra requests, FullStory employs two levels of caching. The first is a standard HTTP client cache, which both respects standard cache headers and includes rate-limiting to ensure that it doesn’t fetch too frequently even if the cache headers are incorrect. The second tier shares fetched resources across all sessions for a given customer. Practically speaking, this means that your servers will see very few extra requests. For more performance information, see Performance and the FullStory Script.