diff --git a/manifests/nodejs.yml b/manifests/nodejs.yml
index 72c33567235..c22dfcb7a02 100644
--- a/manifests/nodejs.yml
+++ b/manifests/nodejs.yml
@@ -171,7 +171,13 @@ manifest:
   tests/appsec/api_security/test_apisec_sampling.py::Test_API_Security_Sampling_Different_Status: *ref_5_27_0
   tests/appsec/api_security/test_apisec_sampling.py::Test_API_Security_Sampling_Rate: irrelevant (new api security sampling algorithm implemented)
   tests/appsec/api_security/test_apisec_sampling.py::Test_API_Security_Sampling_With_Delay: *ref_5_27_0
-  tests/appsec/api_security/test_apisecurity_telemetry.py: missing_feature
+  tests/appsec/api_security/test_apisecurity_telemetry.py:
+    - weblog_declaration:
+        express4: *ref_5_110_0
+        express5: *ref_5_110_0
+        fastify: *ref_5_110_0
+        nextjs: *ref_5_110_0
+        "*": irrelevant (testing additional variants does not provide extra value here)
   tests/appsec/api_security/test_custom_data_classification.py::Test_API_Security_Custom_Data_Classification_Capabilities: *ref_5_76_0
   tests/appsec/api_security/test_custom_data_classification.py::Test_API_Security_Custom_Data_Classification_Multiple_Scanners: *ref_5_76_0
   tests/appsec/api_security/test_custom_data_classification.py::Test_API_Security_Custom_Data_Classification_Negative: *ref_5_76_0
diff --git a/tests/appsec/api_security/test_apisecurity_telemetry.py b/tests/appsec/api_security/test_apisecurity_telemetry.py
index 147a7be0d82..12e71267c89 100644
--- a/tests/appsec/api_security/test_apisecurity_telemetry.py
+++ b/tests/appsec/api_security/test_apisecurity_telemetry.py
@@ -20,7 +20,7 @@ def _extract_telemetry_metrics(datas: list[dict]) -> list[dict]:
     return [m for m in metrics if m["metric"].startswith("api_security")]
 
 
-FRAMEWORKS = {
+FRAMEWORKS: dict[str, dict[str, str | list[str]]] = {
     "python": {
         "flask-poc": "flask",
         "uwsgi-poc": "flask",
@@ -38,6 +38,13 @@ def _extract_telemetry_metrics(datas: list[dict]) -> list[dict]:
         "net-http-orchestrion": "net/http",
         "uds-echo": "github.com/labstack/echo/v4",
     },
+    "nodejs": {
+        # blocked requests emit 'http' because framework middleware never runs for them
+        "express4": ["express", "http"],
+        "express5": ["express", "http"],
+        "fastify": ["fastify", "http"],
+        "nextjs": "http",
+    },
 }
 
 
@@ -86,11 +93,16 @@ def test_shema_metric(self):
             metric_data["metric"] in ["api_security.request.schema", "api_security.request.no_schema"]
             for metric_data in datas
         ), "Only api_security.request.schema metrics should be present, no missing routes should be generated"
+        expected_frameworks = FRAMEWORKS.get(context.library.name, {}).get(
+            context.weblog_variant, context.weblog_variant
+        )
+        if isinstance(expected_frameworks, str):
+            expected_frameworks = [expected_frameworks]
         # check all metrics have correct tags
         for m in datas:
             metric_data = m
             assert metric_data["namespace"] == "appsec"
             assert metric_data["type"] == "count"
-            assert metric_data["tags"] == [
-                f"framework:{FRAMEWORKS.get(context.library.name, {}).get(context.weblog_variant, context.weblog_variant)}"
-            ], f"framework tag unknown for {context.library.name} {context.weblog_variant}"
+            assert any(metric_data["tags"] == [f"framework:{fw}"] for fw in expected_frameworks), (
+                f"unexpected framework tag for {context.library.name} {context.weblog_variant}: got {metric_data['tags']}, expected one of {[f'framework:{fw}' for fw in expected_frameworks]}"
+            )