diff --git a/docs/platforms/javascript/common/configuration/options.mdx b/docs/platforms/javascript/common/configuration/options.mdx
index a3a844ac1a8c8..a926942575e7f 100644
--- a/docs/platforms/javascript/common/configuration/options.mdx
+++ b/docs/platforms/javascript/common/configuration/options.mdx
@@ -18,6 +18,21 @@ sidebar_order: 1
+
+
+
+ The organization ID for your Sentry project.
+
+ The SDK will try to extract the organization ID from the DSN. If it cannot be found, or if you need to override it,
+ you can provide the ID with this option. The organization ID is used for trace propagation and features like `strictTraceContinuation`.
+
+
+ The organization ID is used for features like strict trace continuation.
+
+
+
+
+
Turns debug mode on or off. If debug is enabled SDK will attempt to print out useful debugging information about what the SDK is doing.
@@ -379,6 +394,21 @@ If you want to disable trace propagation, you can set this option to `[]`.
+
+
+
+
+ If set to `true`, the SDK will only continue a trace if the organization ID of the incoming trace found in the
+ `baggage` header matches the organization ID of the current Sentry client.
+
+ The client's organization ID is extracted from the DSN or can be set with the `orgId` option.
+
+ If the organization IDs do not match, the SDK will start a new trace instead of continuing the incoming one.
+ This is useful to prevent traces of unknown third-party services from being continued in your application.
+
+
+
+
diff --git a/platform-includes/distributed-tracing/how-to-use/javascript.nextjs.mdx b/platform-includes/distributed-tracing/how-to-use/javascript.nextjs.mdx
index f7d9347994fdd..20c2657921eb2 100644
--- a/platform-includes/distributed-tracing/how-to-use/javascript.nextjs.mdx
+++ b/platform-includes/distributed-tracing/how-to-use/javascript.nextjs.mdx
@@ -71,6 +71,39 @@ This configuration lets your app track user actions across:
If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from these incoming headers. However, this behavior can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information and only continues the trace if it belongs to the same Sentry organization.
+Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ // Ensure that only traces from your own organization are continued
+ strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ strictTraceContinuation: true,
+ // Manually provide your organization ID (overrides organization ID parsed from DSN)
+ orgId: 12345,
+});
+```
+
### Disabling Distributed Tracing
If you want to disable distributed tracing and ensure no Sentry trace headers are sent, you can configure your SDK like this:
diff --git a/platform-includes/distributed-tracing/how-to-use/javascript.node.mdx b/platform-includes/distributed-tracing/how-to-use/javascript.node.mdx
index 8e27e136e525c..d3c38d3be6a43 100644
--- a/platform-includes/distributed-tracing/how-to-use/javascript.node.mdx
+++ b/platform-includes/distributed-tracing/how-to-use/javascript.node.mdx
@@ -10,7 +10,7 @@ Sentry.init({
-Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
+Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
For example, if you have a Node.js backend running locally on port 3000, that destination (`http://localhost:3000`) should be added to the `tracePropagationTargets` array on your frontend to ensure that CORS doesn't restrict the propagation of traces.
@@ -62,6 +62,39 @@ This configuration lets your app track user actions across:
If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from these incoming headers. However, this behavior can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information and only continues the trace if it belongs to the same Sentry organization.
+Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ // Ensure that only traces from your own organization are continued
+ strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ strictTraceContinuation: true,
+ // Manually provide your organization ID (overrides organization ID parsed from DSN)
+ orgId: 12345,
+});
+```
+
### Disabling Distributed Tracing
If you want to disable distributed tracing and ensure no Sentry trace headers are sent, you can configure your SDK like this:
diff --git a/platform-includes/distributed-tracing/how-to-use/javascript.nuxt.mdx b/platform-includes/distributed-tracing/how-to-use/javascript.nuxt.mdx
index c0756a680c563..13504ee1b13c8 100644
--- a/platform-includes/distributed-tracing/how-to-use/javascript.nuxt.mdx
+++ b/platform-includes/distributed-tracing/how-to-use/javascript.nuxt.mdx
@@ -1,10 +1,10 @@
-If you're using the current version of our Nuxt SDK, distributed tracing will work out of the box for the client and server runtimes.
+If you're using the current version of our Nuxt SDK, distributed tracing will work out of the box for the client and server runtimes.
To get around possible [Browser CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) issues, you should define `tracePropagationTargets` for client-side.
-Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
+Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
For example, if you have a Node.js backend running locally on port 3000, that destination (`http://localhost:3000`) should be added to the `tracePropagationTargets` array on your frontend to ensure that CORS doesn't restrict the propagation of traces.
@@ -59,4 +59,37 @@ This configuration lets your app track user actions across:
* Your media server (handles images, videos, etc.)
* Any local API endpoints in your app
-If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
\ No newline at end of file
+If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
+
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from these incoming headers. However, this behavior can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information and only continues the trace if it belongs to the same Sentry organization.
+Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ // Ensure that only traces from your own organization are continued
+ strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ strictTraceContinuation: true,
+ // Manually provide your organization ID (overrides organization ID parsed from DSN)
+ orgId: 12345,
+});
+```
diff --git a/platform-includes/distributed-tracing/how-to-use/javascript.remix.mdx b/platform-includes/distributed-tracing/how-to-use/javascript.remix.mdx
index ffd06215d2f28..0c8752d091596 100644
--- a/platform-includes/distributed-tracing/how-to-use/javascript.remix.mdx
+++ b/platform-includes/distributed-tracing/how-to-use/javascript.remix.mdx
@@ -35,7 +35,7 @@ To get around possible [Browser CORS](https://developer.mozilla.org/en-US/docs/W
-Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
+Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
For example, if you have a Node.js backend running locally on port 3000, that destination (`http://localhost:3000`) should be added to the `tracePropagationTargets` array on your frontend to ensure that CORS doesn't restrict the propagation of traces.
@@ -100,6 +100,39 @@ This configuration lets your app track user actions across:
If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from these incoming headers. However, this behavior can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information and only continues the trace if it belongs to the same Sentry organization.
+Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ // Ensure that only traces from your own organization are continued
+ strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ strictTraceContinuation: true,
+ // Manually provide your organization ID (overrides organization ID parsed from DSN)
+ orgId: 12345,
+});
+```
+
### Disabling Distributed Tracing
If you want to disable distributed tracing and ensure no Sentry trace headers are sent, you can configure your SDK like this:
diff --git a/platform-includes/distributed-tracing/how-to-use/javascript.solidstart.mdx b/platform-includes/distributed-tracing/how-to-use/javascript.solidstart.mdx
index c9a28f16de064..832122f3a600a 100644
--- a/platform-includes/distributed-tracing/how-to-use/javascript.solidstart.mdx
+++ b/platform-includes/distributed-tracing/how-to-use/javascript.solidstart.mdx
@@ -29,7 +29,7 @@ To get around possible [Browser CORS](https://developer.mozilla.org/en-US/docs/W
-Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
+Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
For example, if you have a Node.js backend running locally on port 3000, that destination (`http://localhost:3000`) should be added to the `tracePropagationTargets` array on your frontend to ensure that CORS doesn't restrict the propagation of traces.
@@ -93,3 +93,36 @@ This configuration lets your app track user actions across:
* Any local API endpoints in your app
If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
+
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from these incoming headers. However, this behavior can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information and only continues the trace if it belongs to the same Sentry organization.
+Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ // Ensure that only traces from your own organization are continued
+ strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ strictTraceContinuation: true,
+ // Manually provide your organization ID (overrides organization ID parsed from DSN)
+ orgId: 12345,
+});
+```
diff --git a/platform-includes/distributed-tracing/how-to-use/javascript.sveltekit.mdx b/platform-includes/distributed-tracing/how-to-use/javascript.sveltekit.mdx
index 81a50bd9f535b..75153c8af809c 100644
--- a/platform-includes/distributed-tracing/how-to-use/javascript.sveltekit.mdx
+++ b/platform-includes/distributed-tracing/how-to-use/javascript.sveltekit.mdx
@@ -1,10 +1,10 @@
-If you're using the current version of our SvelteKit SDK, distributed tracing will work out of the box for the client and server runtimes.
+If you're using the current version of our SvelteKit SDK, distributed tracing will work out of the box for the client and server runtimes.
When you are interacting with other external API systems, you might have to define `tracePropagationTargets` to get around possible [Browser CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) issues.
-Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
+Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
For example, if you have a Node.js backend running locally on port 3000, that destination (`http://localhost:3000`) should be added to the `tracePropagationTargets` array on your frontend to ensure that CORS doesn't restrict the propagation of traces.
@@ -71,6 +71,39 @@ This configuration lets your app track user actions across:
If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from these incoming headers. However, this behavior can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information and only continues the trace if it belongs to the same Sentry organization.
+Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ // Ensure that only traces from your own organization are continued
+ strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+ dsn: "___PUBLIC_DSN___",
+ tracesSampleRate: 1.0,
+ strictTraceContinuation: true,
+ // Manually provide your organization ID (overrides organization ID parsed from DSN)
+ orgId: 12345,
+});
+```
+
### Disabling Distributed Tracing
If you want to disable distributed tracing and ensure no Sentry trace headers are sent, you can configure your SDK like this: