docs(js): Add docs for strictTraceContinuation and orgId

docs/platforms/javascript/common/configuration/options.mdx

@@ -379,6 +379,31 @@ If you want to disable trace propagation, you can set this option to `[]`.
 
 </SdkOption>
 
+
+<PlatformCategorySection supported={["server", "serverless"]}>
+  <SdkOption name="strictTraceContinuation" type='boolean' defaultValue='false'>
+
+    If set to `true`, the SDK will only continue a trace if the organization ID of the incoming trace found in the
+    `baggage` header matches the organization ID of the current Sentry client.
+
+    The client's organization ID is extracted from the DSN or can be set with the `orgId` option.
+
+    If the organization IDs do not match, the SDK will start a new trace instead of continuing the incoming one.
+    This is useful to prevent traces of unknown third-party services from being continued in your application.
+
+  </SdkOption>
+
+  <SdkOption name="orgId" type='`${number}` | number'>
+
+    The organization ID for your Sentry project.
+
+    The SDK will try to extract the organization ID from the DSN. If it cannot be found, or if you need to override it,
+    you can provide the ID with this option. The organization ID is used for trace propagation and for features like `strictTraceContinuation`.
+
+  </SdkOption>
+
+</PlatformCategorySection>
+
 <PlatformCategorySection supported={['browser']}>
 
 <SdkOption name="beforeSendTransaction" type='(event: TransactionEvent, hint: EventHint) => TransactionEvent | null'>

platform-includes/distributed-tracing/how-to-use/javascript.nextjs.mdx

@@ -71,6 +71,39 @@ This configuration lets your app track user actions across:
 
 If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
 
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from the incoming headers. This can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information.
+It only continues the trace if it belongs to the same Sentry organization. Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  // Ensure that only traces from your own organization are continued
+  strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  strictTraceContinuation: true,
+  // Manually provide your organization ID (overrides organization ID parsed from DSN)
+  orgId: 12345,
+});
+```
+
 ### Disabling Distributed Tracing
 
 If you want to disable distributed tracing and ensure no Sentry trace headers are sent, you can configure your SDK like this:

platform-includes/distributed-tracing/how-to-use/javascript.node.mdx

@@ -10,7 +10,7 @@ Sentry.init({
 
 <Alert>
 
-Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports. 
+Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
 
 For example, if you have a Node.js backend running locally on port 3000, that destination (`http://localhost:3000`) should be added to the `tracePropagationTargets` array on your frontend to ensure that CORS doesn't restrict the propagation of traces.
 
@@ -62,6 +62,39 @@ This configuration lets your app track user actions across:
 
 If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
 
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from the incoming headers. This can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information.
+It only continues the trace if it belongs to the same Sentry organization. Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  // Ensure that only traces from your own organization are continued
+  strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  strictTraceContinuation: true,
+  // Manually provide your organization ID (overrides organization ID parsed from DSN)
+  orgId: 12345,
+});
+```
+
 ### Disabling Distributed Tracing
 
 If you want to disable distributed tracing and ensure no Sentry trace headers are sent, you can configure your SDK like this:

platform-includes/distributed-tracing/how-to-use/javascript.nuxt.mdx

@@ -1,10 +1,10 @@
-If you're using the current version of our Nuxt SDK, distributed tracing will work out of the box for the client and server runtimes. 
+If you're using the current version of our Nuxt SDK, distributed tracing will work out of the box for the client and server runtimes.
 
 To get around possible [Browser CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) issues, you should define `tracePropagationTargets` for client-side.
 
 <Alert>
 
-Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports. 
+Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
 
 For example, if you have a Node.js backend running locally on port 3000, that destination (`http://localhost:3000`) should be added to the `tracePropagationTargets` array on your frontend to ensure that CORS doesn't restrict the propagation of traces.
 
@@ -59,4 +59,37 @@ This configuration lets your app track user actions across:
 * Your media server (handles images, videos, etc.)
 * Any local API endpoints in your app
 
-If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
+If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
+
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from the incoming headers. This can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information.
+It only continues the trace if it belongs to the same Sentry organization. Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  // Ensure that only traces from your own organization are continued
+  strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  strictTraceContinuation: true,
+  // Manually provide your organization ID (overrides organization ID parsed from DSN)
+  orgId: 12345,
+});
+```

platform-includes/distributed-tracing/how-to-use/javascript.remix.mdx

@@ -35,7 +35,7 @@ To get around possible [Browser CORS](https://developer.mozilla.org/en-US/docs/W
 
 <Alert>
 
-Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports. 
+Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
 
 For example, if you have a Node.js backend running locally on port 3000, that destination (`http://localhost:3000`) should be added to the `tracePropagationTargets` array on your frontend to ensure that CORS doesn't restrict the propagation of traces.
 
@@ -100,6 +100,39 @@ This configuration lets your app track user actions across:
 
 If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
 
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from the incoming headers. This can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information.
+It only continues the trace if it belongs to the same Sentry organization. Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  // Ensure that only traces from your own organization are continued
+  strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  strictTraceContinuation: true,
+  // Manually provide your organization ID (overrides organization ID parsed from DSN)
+  orgId: 12345,
+});
+```
+
 ### Disabling Distributed Tracing
 
 If you want to disable distributed tracing and ensure no Sentry trace headers are sent, you can configure your SDK like this:

platform-includes/distributed-tracing/how-to-use/javascript.solidstart.mdx

@@ -29,7 +29,7 @@ To get around possible [Browser CORS](https://developer.mozilla.org/en-US/docs/W
 
 <Alert>
 
-Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports. 
+Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
 
 For example, if you have a Node.js backend running locally on port 3000, that destination (`http://localhost:3000`) should be added to the `tracePropagationTargets` array on your frontend to ensure that CORS doesn't restrict the propagation of traces.
 
@@ -93,3 +93,36 @@ This configuration lets your app track user actions across:
 * Any local API endpoints in your app
 
 If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
+
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from the incoming headers. This can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information.
+It only continues the trace if it belongs to the same Sentry organization. Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  // Ensure that only traces from your own organization are continued
+  strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  strictTraceContinuation: true,
+  // Manually provide your organization ID (overrides organization ID parsed from DSN)
+  orgId: 12345,
+});
+```

platform-includes/distributed-tracing/how-to-use/javascript.sveltekit.mdx

@@ -1,10 +1,10 @@
-If you're using the current version of our SvelteKit SDK, distributed tracing will work out of the box for the client and server runtimes. 
+If you're using the current version of our SvelteKit SDK, distributed tracing will work out of the box for the client and server runtimes.
 
 When you are interacting with other external API systems, you might have to define `tracePropagationTargets` to get around possible [Browser CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) issues.
 
 <Alert>
 
-Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports. 
+Note: port numbers are relevant for trace propagation and the origin. You may need to configure the `tracePropagationTargets` to ensure that traces are propagated across your services if they run on different ports.
 
 For example, if you have a Node.js backend running locally on port 3000, that destination (`http://localhost:3000`) should be added to the `tracePropagationTargets` array on your frontend to ensure that CORS doesn't restrict the propagation of traces.
 
@@ -71,6 +71,39 @@ This configuration lets your app track user actions across:
 
 If your app crashes while a user is uploading a photo, you can trace exactly where the problem occurred - in the app itself, the main API, or the media service.
 
+### Strict Trace Continuation
+
+_Available since SDK version 10_
+
+When your application receives requests, they might include `sentry-trace` and `baggage` headers from an upstream service that is also using Sentry.
+By default, the SDK will continue the trace from the incoming headers. This can be undesirable if the requests are from a third-party service,
+as it can lead to unwanted traces, increased billing, and skewed performance data.
+
+To prevent this, you can enable `strictTraceContinuation`. When this option is set to `true`, the SDK checks the incoming request for Sentry trace information.
+It only continues the trace if it belongs to the same Sentry organization. Otherwise, it starts a new trace.
+This is useful if your application is a public API or receives requests from services outside your organization.
+
+```javascript {5}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  // Ensure that only traces from your own organization are continued
+  strictTraceContinuation: true,
+});
+```
+
+The SDK automatically parses the organization ID from your DSN. If you use a DSN format that doesn't include the organization ID (number followed by the letter `"o"`), or if you need to override it, you can provide it manually using the `orgId` option:
+
+```javascript {6}
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  tracesSampleRate: 1.0,
+  strictTraceContinuation: true,
+  // Manually provide your organization ID (overrides organization ID parsed from DSN)
+  orgId: 12345,
+});
+```
+
 ### Disabling Distributed Tracing
 
 If you want to disable distributed tracing and ensure no Sentry trace headers are sent, you can configure your SDK like this: