Home/ Glossary/ Network Error Logging

Network Error Logging (NEL)

Security Glossary - Security Headers

Definition: Network Error Logging (NEL) is a browser feature that reports network-level errors (DNS failures, TCP connection errors, TLS negotiation failures, HTTP errors) to an endpoint you specify. Unlike application-level error tracking, NEL captures failures that prevent the page from loading at all, which your server-side monitoring cannot see.

Why NEL Is Important

Traditional monitoring only shows requests that reach your server. If a user cannot connect due to a DNS failure, TLS error, or network timeout, your server never knows. NEL fills this gap by having the browser report these failures to a collector endpoint.

NEL is particularly valuable for detecting DNS hijacking, BGP routing issues, CDN configuration errors, and certificate problems that affect specific users or regions. A spike in NEL reports from a particular ISP or region can indicate a localized DNS issue or network attack.

NEL works with the Reporting API (Report-To header) to define where reports are sent. Reports include the error type, server IP, protocol, elapsed time, and other diagnostic information. Services like Cloudflare, Sentry, and dedicated NEL aggregators can collect and analyze these reports.

Checking Your Setup

A security audit may check for NEL header presence. To enable NEL, configure the NEL and Report-To headers specifying a reporting endpoint. Monitor the collected reports for unusual patterns that might indicate DNS issues or network-level attacks.

See how your site handles NEL

Run a Security Audit

Common Questions About NEL

How is NEL different from application error tracking?
Application error tracking (like Sentry) captures JavaScript errors and failed API calls after the page loads. NEL captures failures that prevent the page from loading at all - DNS resolution failures, TCP connection errors, and TLS handshake failures that your server never sees.
Does NEL work in all browsers?
NEL is currently supported in Chromium-based browsers (Chrome, Edge). Firefox and Safari do not support it yet. Despite limited browser coverage, it still provides valuable data about connection failures for the majority of web users.

See Also

report-uri and report-to Directives Security Headers Overview Domain Name System SSL/TLS Certificate HTTP Strict Transport Security
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.