diff --git a/Dfe.Academies.External.Web/Pages/Cookies.cshtml b/Dfe.Academies.External.Web/Pages/Cookies.cshtml
index cdcb7227c..837bb9867 100644
--- a/Dfe.Academies.External.Web/Pages/Cookies.cshtml
+++ b/Dfe.Academies.External.Web/Pages/Cookies.cshtml
@@ -59,6 +59,8 @@
Analytics cookies (optional)
+
+ Google Analytics
With your permission, we use Google Analytics to collect data about how you use Apply to become an academy. This information helps us improve our service.
Google is not allowed to share our analytics data with anyone.
Google Analytics stores anonymised information about:
@@ -101,6 +103,44 @@
+ Azure Application Insights
+ We use Azure Application Insights software to collect information about how you use this website. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.
+ Azure Application Insights stores information about:
+
+ - the pages you visit on this website
+ - how long you spend on each page
+ - how you got to the site
+ - what you click on while you're visiting the site
+
+ We don't allow Microsoft to use or share our analytics data.
+ Azure Application Insights sets the following cookies:
+
+
+
+
+
+
+
+
+
+
+ ai_session |
+ This helps us track activity happening over a single browser session |
+ 1 hour |
+
+
+ ai_user |
+ This helps us to identify the number of distinct users accessing the site over time by tracking if you've visited before |
+ 1 year |
+
+
+ ai_authuser |
+ This helps us to authenticated users and how they interact with the site |
+ When you close your browser |
+
+
+
+
Cookie settings
You can choose which cookies you’re happy for us to use.
-
\ No newline at end of file
+
diff --git a/Dfe.Academies.External.Web/Pages/Shared/_Layout.cshtml b/Dfe.Academies.External.Web/Pages/Shared/_Layout.cshtml
index 5df70660f..7a7a07608 100644
--- a/Dfe.Academies.External.Web/Pages/Shared/_Layout.cshtml
+++ b/Dfe.Academies.External.Web/Pages/Shared/_Layout.cshtml
@@ -1,10 +1,12 @@
@using Microsoft.Extensions.Configuration
@using Microsoft.AspNetCore.Http.Features
+@using System.Security.Claims;
@inject IConfiguration _configuration
@{
var consentFeature = Context.Features.Get();
var canTrack = consentFeature?.CanTrack ?? false;
+ var authenticatedUserId = User.Identity is not null && User.Identity.IsAuthenticated ? User.FindFirst(ClaimTypes.Email)?.Value ?? "Unknown" : "Anonymous";
}
@@ -25,6 +27,31 @@
})(window, document, 'script', 'dataLayer', '@_configuration["Google:TagManagerId"]');
+
+
+
+
+
}
diff --git a/Dfe.Academies.External.Web/Security/SecureHeadersDefinitions.cs b/Dfe.Academies.External.Web/Security/SecureHeadersDefinitions.cs
index 4d284a2fc..739166673 100644
--- a/Dfe.Academies.External.Web/Security/SecureHeadersDefinitions.cs
+++ b/Dfe.Academies.External.Web/Security/SecureHeadersDefinitions.cs
@@ -2,21 +2,26 @@
public static class SecureHeadersDefinitions
{
- private static readonly string[] DefaultSrcExclusions =
- {
- "wss://localhost:*/Dfe.Academies.External.Web/", "https://*.googletagmanager.com",
- "https://*.google-analytics.com"
- };
+ private static readonly string[] DefaultSrcExclusions = ["wss://localhost:*/Dfe.Academies.External.Web/"];
private static readonly string[] ScriptSrcExclusions =
- {
- "https://*.googletagmanager.com", "https://*.google-analytics.com"
- };
+ [
+ "https://*.googletagmanager.com", "https://*.google-analytics.com",
+ "https://js.monitor.azure.com/scripts/b/ext/ai.clck.2.8.18.min.js",
+ "https://js.monitor.azure.com/scripts/b/ai.3.gbl.min.js"
+ ];
private static readonly string[] ImageSrcExclusions =
- {
+ [
"https://www.googletagmanager.com", "https://*.google-analytics.com"
- };
+ ];
+
+ private static readonly string[] ConnectSrcExclusions =
+ [
+ "https://js.monitor.azure.com/scripts/b/ai.config.1.cfg.json",
+ "https://*.in.applicationinsights.azure.com/v2/track", "https://*.googletagmanager.com",
+ "https://*.google-analytics.com"
+ ];
public static HeaderPolicyCollection GetHeaderPolicyCollection()
{
@@ -46,6 +51,7 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection()
builder.AddFontSrc().Self();
builder.AddImgSrc().Self().From(ImageSrcExclusions);
builder.AddFrameSrc().Self();
+ builder.AddConnectSrc().Self().From(ConnectSrcExclusions);
})
.AddPermissionsPolicy(builder =>
{