Network requests
Every fetch and XHR on web, every fetch / axios / native network call on RN, captured with timing and status.
What's captured
| Field | Example |
|---|---|
| URL | https://api.example.com/orders/42 |
| Method | POST |
| Status | 200 |
| Started at | 1700000000000 |
| Duration | 142 ms |
| Request size | 812 bytes |
| Response size | 4,211 bytes |
| Request headers | { content-type: "application/json" } (safe-listed) |
| Response headers | { content-type: "application/json", cache-control: "no-store" } |
Bodies are NOT captured by default. You see the request shape, not the payload.
On web
The SDK patches window.fetch and XMLHttpRequest.prototype.open/send/addEventListener at init. Any HTTP library that goes through those (axios, ky, ofetch, native fetch, SWR, React Query) is automatically covered.
<GalachaProvider projectKey="..." captureNetwork={true} />Default is true. Set to false to disable — useful if you want a lightweight session that only captures DOM events.
On React Native
Same patches, applied to the RN fetch polyfill and XMLHttpRequest. axios works out of the box. If you use a native bridge (e.g., react-native-http-client), those calls bypass the hooks and won't be captured.
Galacha.init({ projectKey: "...", captureNetwork: true });Headers (allow-list)
Only these headers are included by default:
content-type, content-length, accept, cache-control,
etag, last-modified, x-request-idAuthorization, Cookie, Set-Cookie, and anything containing token / key / secret in the name are always stripped before send. Even if you opt in to full headers, secrets never leave the device.
Excluding URLs
Drop calls to sensitive endpoints entirely:
<GalachaProvider
projectKey="..."
network={{
excludeUrls: [
/api\.stripe\.com/,
/\/auth\/token$/,
"/internal/",
],
}}
/>| Pattern type | Example | Matches |
|---|---|---|
RegExp | /stripe\.com/ | Any URL containing "stripe.com" |
string | "/auth/" | Any URL containing the substring |
The network panel in the dashboard
Open any session → press N to toggle the network panel. You see:
- A waterfall of requests aligned to the replay timeline
- Color-coded by status (green = 2xx, yellow = 3xx, red = 4xx/5xx)
- Click a row to see headers, timing breakdown, and the exact replay frame the request fired on
Why your slow endpoints are now obvious
The waterfall anchors every request to the exact pixel the user was looking at. If a user complains "the app froze for a second", you scrub to the complaint timestamp, open the network panel, and the 2.8-second /api/search call is right there.