A monitored application for which snippet injection has been implemented AXA is able to receive app session metrics from a Chrome browser but not from a Firefox browser. If execute a static page with the same snippet injection AXA does see app session metrics from the Firefox browser.
During a Firefox debugging session determined from the Console Logging tab that snippet injection was failing due to the Content Security Policy i.e.
Content Security Policy:
The page’s settings blocked the loading of a resource at https://collector-axa.cloud.ca.com//api/1/urn:ca:tenantId:.../urn:ca:appId:...t/bajs?agent=browser (“default-src https://appserver_hostname 'unsafe-inline' 'unsafe-eval'”).
The scenario was found using AXA SaaS (DXI) but could equally occur for an on-premise AXA install.