Welcome to Explorer’s Hub! Happy you are trying out the Ruby agent!
What you found is a Distributed Tracing header:
When you enable distributed tracing, New Relic agents add HTTP headers to a service’s outbound requests. HTTP headers act like passports on an international trip: They identify your software traces and carry important information as they travel through various networks, processes, and security systems.
The headers also contain information that helps us link the spans together later: metadata like the trace ID, span ID, the New Relic account ID, and sampling information. This header information is passed along each span of a trace, unless the progress is stopped by something like middleware or agents that don’t recognize the header format
That document provides an overview, but doesn’t give much detail from a security side so I did file an issue for our documentation team to cover this in more depth!
Onto your security questions, you can see what information the Ruby agent sends in headers here:
And a little more information on what these are:
So while there are ID’s in the trace header, you would need to be a user on the account the header is from to be able to associate that ID with any real information. If someone contacts support with any of these ID’s asking for access to or information on the account, we have strict processes in place to ensure no ill-intending people gain access to accounts.
Let us know any other questions or concerns!
P.S. - If you are using the Browser agent, you may have similar questions on the New Relic script. This post covers security in the Browser agent!