SaaS CMS has officially launched! Learn more now.

Disabling Cookies for Application Insights added by DXP


I understand Microsoft Application insights is added by DXP to projects and is part of the service agreement to monitor usage.

But to comply with GDPR is it required to offer users the option to disable the cookies? Usage can still be monitored, but users wouldn't be tracked.

Application Insights cookies can be configured during initialisation (, but the initialisation is handled by code injected by DXP, so I'm unsure if we can control this. I feel this would be difficult to test in a development environment.

Has anyone out there looked at this issue and have any recommendations on how to safely configure the cookies for Application Insights?


Nov 02, 2021 12:11

I'd suggest reaching out to Optimizely Support, they may be able to disable it with a WebApp setting

Nov 03, 2021 11:28

Thanks I did reach out and the advice I received was this 

"That injected javascript is the only way to track pageview on their website. If we disable it, we cant detect correctly the pageview requested.
This script was injected by Microsoft Azure in order to integrate Application Insight into their app service.

I found a question raised here but not sure it'll help


Nov 03, 2021 11:44

You should make sure the Application Insights cookies are marked as strictly neccessary for your cookie consent. Cookie usage | Optimizely Developer Community

I don't believe these cookies persist personal information so should be fine for GDPR but as Scott mentioned, you are better to confirm that point with support.  

Edited, Nov 04, 2021 12:44

Thanks Johnny. I think though they would be classified as Statistics or Performance cookies I don't think they meet the classification of 'strictly necessary'. The link indicates other cookies as 'strictly necessary' but not the application insights ones.

Based on this I think Optimizely really should provide guidance on how to configure non-cookie behaviour

Nov 04, 2021 13:42

Got the following update from support - it looks as though you can switch to build-time implementation of AI if requested:

Based on what Application Insights provides us, we have two ways to integrate AI into the App Service. They are Runtime (AI javascript injected by Microsoft Azure) and Buildtime (AI managed by developer).
I suggest customer should switch from Runtime to Buildtime to fully control their AI javascript behavior.

But as I said, by disabling AI javascript, we're no longer tracking correct pageview on customer so we don't suggest doing it that way.

With AI Buildtime implementation, customer's developer will handler javascript within their html and they can disable them if end-user does not consent with it.


Nov 08, 2021 10:17

Yes if you're just wanting to disable the injection of the JS and cookie generated by the JavaScript tracking it's just turning

to false which stops it auto injecting the script in. 

I've done this before when I wanted to modify the standard AI JavaScript header tag.

Nov 08, 2021 14:18

I'm not sure but disabling application insights completely might be against the DXP terms of service. Also the javascript application insights are actually pretty useful tool for monitoring your app. 

Update on our implementation:

Rather than re-impement App Insights at build time, It seems you can update the cookie settings of app insights on DOM Loaded which seems to prevent cookies from dropping. Hopefully this complies with GDPR!

document.addEventListener('DOMContentLoaded', function () {
            if (!checkPerformanceCookiesEnabled()) {
                if (typeof appInsights === 'object' && typeof appInsights.config === 'object') {
                    window.appInsights.config.isCookieUseDisabled = true;
Nov 18, 2021 15:11
Dev - Aug 30, 2023 11:49

I am curious in which .js file cookie settings of app insights exists? where can I do this DOMContentLoaded in my project?
Scott Reed - Aug 30, 2023 13:09
This isn't editing the existing script it's adding a new one in your project so that once the DOM content is loaded the settings for using cookies is turned off. You'd add it in your own script on the page
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.