From b14d8b5c171e208b649bfe9e19ee12439f06c966 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 16:22:45 +0100
Subject: [PATCH 01/16] Variable name change to be more explicit

---
 .../Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
index fbfbeb8f7..d07d62384 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
@@ -6,7 +6,7 @@
     var analyticsConsent = Context.Request.Cookies.ContainsKey(".ManageAnAcademyConversion.Consent")
                            && bool.Parse(Context.Request.Cookies[".ManageAnAcademyConversion.Consent"] ?? string.Empty);
 
-    var showAnalytics = Configuration["GoogleAnalytics:Enable"] == "Yes" && analyticsConsent;
+    var enableGoogleAnalytics = Configuration["GoogleAnalytics:Enable"] == "Yes" && analyticsConsent;
 
     var titleDescription = Context.Request.Path == "/project-type"
        ? string.Empty
@@ -38,7 +38,7 @@
     <link rel="stylesheet" href="~/dist/site.css" />
     <link rel="stylesheet" href="~/dist/accessible-autocomplete.min.css" asp-add-nonce />
     <link rel="stylesheet" href="~/dist/dfefrontend-1.0.1.min.css" asp-add-nonce />
-    @if (showAnalytics)
+    @if (enableGoogleAnalytics)
     {
         <!-- Google Tag Manager -->
         <script asp-add-nonce>

From 20d6d2609822f0fdf4ec9f475fdbf302d894ca65 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 16:22:55 +0100
Subject: [PATCH 02/16] Fixed broken src tag

---
 .../Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
index d07d62384..be0ec35e6 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
@@ -57,7 +57,7 @@
     {
         <!-- Google Tag Manager (noscript) -->
         <noscript asp-add-nonce>
-            <iframe title="GATagManager" src=https://www.googletagmanager.com/ns.html?id =GTM-5H6G773 height="0" width="0" style="display: none; visibility: hidden"></iframe>
+            <iframe title="GATagManager" src="https://www.googletagmanager.com/ns.html?id=GTM-5H6G773" height="0" width="0" style="display: none; visibility: hidden"></iframe>
         </noscript>
         <!-- End Google Tag Manager (noscript) -->
     }

From 6196112597301b0c1f55ccfb6b967545a67e17fe Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 16:26:20 +0100
Subject: [PATCH 03/16] Define the users identifier

---
 .../Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml         | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
index be0ec35e6..2e88f594a 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
@@ -1,5 +1,6 @@
 ﻿@using Microsoft.Extensions.Configuration
 @using NetEscapades.AspNetCore.SecurityHeaders.TagHelpers
+@using System.Security.Claims;
 @inject IConfiguration Configuration
 
 @{
@@ -15,6 +16,8 @@
     var isFormAMatPage = Context.Request.Path.Value.Contains("/form-a-mat/project-list") || Context.Request.Path.Value.Contains("/schools-in-this-mat/");
 
     var notificationBannerMessage = Configuration["notificationBannerMessage"] ?? string.Empty;
+
+    var authenticatedUserId = User.Identity is not null && User.Identity.IsAuthenticated ? User.FindFirst(ClaimTypes.Email)?.Value ?? "Unknown" : "Anonymous";
 }
 
 <!DOCTYPE html>

From 7e41a81f674a4a1792a97a79955c7ce293e535a7 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 16:26:34 +0100
Subject: [PATCH 04/16] Set app config value for toggling browser analytics

---
 .../Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml           | 1 +
 Dfe.PrepareConversions/Dfe.PrepareConversions/appsettings.json   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
index 2e88f594a..5e3981695 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
@@ -8,6 +8,7 @@
                            && bool.Parse(Context.Request.Cookies[".ManageAnAcademyConversion.Consent"] ?? string.Empty);
 
     var enableGoogleAnalytics = Configuration["GoogleAnalytics:Enable"] == "Yes" && analyticsConsent;
+    var enableAppInsightsAnalytics = Configuration["ApplicationInsights:EnableBrowserAnalytics"] == "Yes" && analyticsConsent;
 
     var titleDescription = Context.Request.Path == "/project-type"
        ? string.Empty
diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/appsettings.json b/Dfe.PrepareConversions/Dfe.PrepareConversions/appsettings.json
index 2a7fe3cc0..1578ff1f8 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/appsettings.json
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/appsettings.json
@@ -41,6 +41,7 @@
       "RevocationGuidanceLink": "https://educationgovuk.sharepoint.com/:w:/r/sites/lvedfe00116/_layouts/15/Doc.aspx?action=default&file=Revocation_Guidance_Mar24.docx&mobileredirect=true&sourcedoc=%7B563CD875-E0A4-46F0-AEC2-8C19453E24D5%7D"
    },
    "ApplicationInsights": {
+      "EnableBrowserAnalytics": "No",
       "ConnectionString": "",
       "InstrumentationKey": ""
    },

From fe26cc9df23ba08edb1b5039717cc2e6d53909ca Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 17:09:44 +0100
Subject: [PATCH 05/16] Moved iframe into body tag

---
 .../Pages/Shared/_Layout.cshtml               | 21 ++++++++++++-------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
index 5e3981695..ef9a83f8f 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
@@ -53,17 +53,13 @@
                 }); var f = d.getElementsByTagName(s)[0],
                     j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src =
                         'https://www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f);
-            })(window, document, 'script', 'dataLayer', 'GTM-5H6G773');</script>
-        <!-- End Google Tag Manager -->
+            })(window, document, 'script', 'dataLayer', 'GTM-5H6G773');
+         </script>
+         <!-- End Google Tag Manager -->
     }
 
-    @if (analyticsConsent)
+    @if (enableAppInsightsAnalytics)
     {
-        <!-- Google Tag Manager (noscript) -->
-        <noscript asp-add-nonce>
-            <iframe title="GATagManager" src="https://www.googletagmanager.com/ns.html?id=GTM-5H6G773" height="0" width="0" style="display: none; visibility: hidden"></iframe>
-        </noscript>
-        <!-- End Google Tag Manager (noscript) -->
     }
 
     <script type="text/javascript" src="~/dist/accessible-autocomplete.min.js" asp-add-nonce></script>
@@ -71,6 +67,15 @@
 </head>
 <body class="govuk-template__body">
 
+   @if (enableGoogleAnalytics)
+   {
+      <!-- Google Tag Manager (noscript) -->
+      <noscript asp-add-nonce>
+         <iframe title="GATagManager" src="https://www.googletagmanager.com/ns.html?id=GTM-5H6G773" height="0" width="0" style="display: none; visibility: hidden"></iframe>
+      </noscript>
+      <!-- End Google Tag Manager (noscript) -->
+   }
+
     <script asp-add-nonce>
         document.body.className = ((document.body.className) ? document.body.className + ' js-enabled' : 'js-enabled');
     </script>

From e5b99f54dc67c729894e5e727c5cc3beb68065ed Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 17:10:34 +0100
Subject: [PATCH 06/16] Added App Insights Browser JS

---
 .../Pages/Shared/_Layout.cshtml               | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
index ef9a83f8f..52711e810 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
@@ -60,6 +60,29 @@
 
     @if (enableAppInsightsAnalytics)
     {
+      <!-- Application insights -->
+      <script type="text/javascript" integrity="sha384-g/ZkzetdQypWdY0NBZT5r2L3BR9/hURD8OBcd1rEaBpgX6QC7EaTL+o+mzWrBcXW" crossorigin="anonymous" src="https://js.monitor.azure.com/scripts/b/ext/ai.clck.2.8.18.min.js"></script>
+      <script type="text/javascript" asp-add-nonce>
+         // Load the Click analytics plugin
+         var clickPluginInstance = new Microsoft.ApplicationInsights.ClickAnalyticsPlugin();
+         // Application Insights JavaScript (Web) SDK Loader Script code
+         !(function (cfg){function e(){cfg.onInit&&cfg.onInit(i)}var S,u,D,t,n,i,C=window,x=document,w=C.location,I="script",b="ingestionendpoint",E="disableExceptionTracking",A="ai.device.";"instrumentationKey"[S="toLowerCase"](),u="crossOrigin",D="POST",t="appInsightsSDK",n=cfg.name||"appInsights",(cfg.name||C[t])&&(C[t]=n),i=C[n]||function(l){var d=!1,g=!1,f={initialize:!0,queue:[],sv:"7",version:2,config:l};function m(e,t){var n={},i="Browser";function a(e){e=""+e;return 1===e.length?"0"+e:e}return n[A+"id"]=i[S](),n[A+"type"]=i,n["ai.operation.name"]=w&&w.pathname||"_unknown_",n["ai.internal.sdkVersion"]="javascript:snippet_"+(f.sv||f.version),{time:(i=new Date).getUTCFullYear()+"-"+a(1+i.getUTCMonth())+"-"+a(i.getUTCDate())+"T"+a(i.getUTCHours())+":"+a(i.getUTCMinutes())+":"+a(i.getUTCSeconds())+"."+(i.getUTCMilliseconds()/1e3).toFixed(3).slice(2,5)+"Z",iKey:e,name:"Microsoft.ApplicationInsights."+e.replace(/-/g,"")+"."+t,sampleRate:100,tags:n,data:{baseData:{ver:2}},ver:4,seq:"1",aiDataContract:undefined}}var h=-1,v=0,y=["js.monitor.azure.com","js.cdn.applicationinsights.io","js.cdn.monitor.azure.com","js0.cdn.applicationinsights.io","js0.cdn.monitor.azure.com","js2.cdn.applicationinsights.io","js2.cdn.monitor.azure.com","az416426.vo.msecnd.net"],k=l.url||cfg.src;if(k){if((n=navigator)&&(~(n=(n.userAgent||"").toLowerCase()).indexOf("msie")||~n.indexOf("trident/"))&&~k.indexOf("ai.3")&&(k=k.replace(/(\/)(ai\.3\.)([^\d]*)$/,function(e,t,n){return t+"ai.2"+n})),!1!==cfg.cr)for(var e=0;e<y.length;e++)if(0<k.indexOf(y[e])){h=e;break}var i=function(e){var a,t,n,i,o,r,s,c,p,u;f.queue=[],g||(0<=h&&v+1<y.length?(a=(h+v+1)%y.length,T(k.replace(/^(.*\/\/)([\w\.]*)(\/.*)$/,function(e,t,n,i){return t+y[a]+i})),v+=1):(d=g=!0,o=k,c=(p=function(){var e,t={},n=l.connectionString;if(n)for(var i=n.split(";"),a=0;a<i.length;a++){var o=i[a].split("=");2===o.length&&(t[o[0][S]()]=o[1])}return t[b]||(e=(n=t.endpointsuffix)?t.location:null,t[b]="https://"+(e?e+".":"")+"dc."+(n||"services.visualstudio.com")),t}()).instrumentationkey||l.instrumentationKey||"",p=(p=p[b])?p+"/v2/track":l.endpointUrl,(u=[]).push((t="SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details)",n=o,r=p,(s=(i=m(c,"Exception")).data).baseType="ExceptionData",s.baseData.exceptions=[{typeName:"SDKLoadFailed",message:t.replace(/\./g,"-"),hasFullStack:!1,stack:t+"\nSnippet failed to load ["+n+"] -- Telemetry is disabled\nHelp Link: https://go.microsoft.com/fwlink/?linkid=2128109\nHost: "+(w&&w.pathname||"_unknown_")+"\nEndpoint: "+r,parsedStack:[]}],i)),u.push((s=o,t=p,(r=(n=m(c,"Message")).data).baseType="MessageData",(i=r.baseData).message='AI (Internal): 99 message:"'+("SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details) ("+s+")").replace(/\"/g,"")+'"',i.properties={endpoint:t},n)),o=u,c=p,JSON&&((r=C.fetch)&&!cfg.useXhr?r(c,{method:D,body:JSON.stringify(o),mode:"cors"}):XMLHttpRequest&&((s=new XMLHttpRequest).open(D,c),s.setRequestHeader("Content-type","application/json"),s.send(JSON.stringify(o))))))},a=function(e,t){g||setTimeout(function(){!t&&f.core||i()},500),d=!1},T=function(e){var n=x.createElement(I),e=(n.src=e,cfg[u]);return!e&&""!==e||"undefined"==n[u]||(n[u]=e),n.onload=a,n.onerror=i,n.onreadystatechange=function(e,t){"loaded"!==n.readyState&&"complete"!==n.readyState||a(0,t)},cfg.ld&&cfg.ld<0?x.getElementsByTagName("head")[0].appendChild(n):setTimeout(function(){x.getElementsByTagName(I)[0].parentNode.appendChild(n)},cfg.ld||0),n};T(k)}try{f.cookie=x.cookie}catch(p){}function t(e){for(;e.length;)!function(t){f[t]=function(){var e=arguments;d||f.queue.push(function(){f[t].apply(f,e)})}}(e.pop())}var r,s,n="track",o="TrackPage",c="TrackEvent",n=(t([n+"Event",n+"PageView",n+"Exception",n+"Trace",n+"DependencyData",n+"Metric",n+"PageViewPerformance","start"+o,"stop"+o,"start"+c,"stop"+c,"addTelemetryInitializer","setAuthenticatedUserContext","clearAuthenticatedUserContext","flush"]),f.SeverityLevel={Verbose:0,Information:1,Warning:2,Error:3,Critical:4},(l.extensionConfig||{}).ApplicationInsightsAnalytics||{});return!0!==l[E]&&!0!==n[E]&&(t(["_"+(r="onerror")]),s=C[r],C[r]=function(e,t,n,i,a){var o=s&&s(e,t,n,i,a);return!0!==o&&f["_"+r]({message:e,url:t,lineNumber:n,columnNumber:i,error:a,evt:C.event}),o},l.autoExceptionInstrumented=!0),f}(cfg.cfg),(C[n]=i).queue&&0===i.queue.length?(i.queue.push(e),i.trackPageView({})):e();})({
+            src: "https://js.monitor.azure.com/scripts/b/ai.3.gbl.min.js",
+            crossOrigin: "anonymous",
+            cfg: {
+               connectionString: '@Configuration["ApplicationInsights:ConnectionString"]',
+               extensions: [ clickPluginInstance ],
+               extensionConfig: { [clickPluginInstance.identifier] : {
+                  autoCapture : true,
+                  dataTags: { useDefaultContentNameOrId: true }
+               } },
+            }
+         });
+
+         // Set Authenticated User Context
+         window.appInsights.setAuthenticatedUserContext("@authenticatedUserId", null, true);
+      </script>
+      <!-- End Application insights -->
     }
 
     <script type="text/javascript" src="~/dist/accessible-autocomplete.min.js" asp-add-nonce></script>

From 630364b172a9dca0ae03dc29c6545802d83ac7b0 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 17:22:25 +0100
Subject: [PATCH 07/16] Use identity name as email claim is not set

---
 .../Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
index 52711e810..6371273c5 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
@@ -18,7 +18,7 @@
 
     var notificationBannerMessage = Configuration["notificationBannerMessage"] ?? string.Empty;
 
-    var authenticatedUserId = User.Identity is not null && User.Identity.IsAuthenticated ? User.FindFirst(ClaimTypes.Email)?.Value ?? "Unknown" : "Anonymous";
+    var authenticatedUserId = User.Identity is not null && User.Identity.IsAuthenticated ? User.Identity.Name ?? "Unknown" : "Anonymous";
 }
 
 <!DOCTYPE html>

From c639ef83cb3b28310e435b16c62b7ded6638102e Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 17:23:16 +0100
Subject: [PATCH 08/16] Corrected EoL feed

---
 .../Security/SecureHeadersDefinitions.cs      | 142 +++++++++---------
 1 file changed, 71 insertions(+), 71 deletions(-)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs b/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs
index 4b5a8e2c6..9a85d066f 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs
@@ -1,71 +1,71 @@
-using Microsoft.AspNetCore.Builder;
-
-namespace Dfe.PrepareConversions.Security;
-
-public static class SecurityHeadersDefinitions
-{
-   private static string GoogleTagManagerUri => "https://www.googletagmanager.com";
-   private static string GoogleAnalyticsUri => "https://www.google-analytics.com/";
-
-   public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev)
-   {
-      HeaderPolicyCollection policy = new HeaderPolicyCollection()
-         .AddFrameOptionsDeny()
-         .AddXssProtectionBlock()
-         .AddContentTypeOptionsNoSniff()
-         .AddReferrerPolicyStrictOriginWhenCrossOrigin()
-         .RemoveServerHeader()
-         .AddCrossOriginOpenerPolicy(builder =>
-         {
-            builder.SameOrigin();
-         })
-         .AddCrossOriginEmbedderPolicy(builder =>
-         {
-            builder.RequireCorp();
-         })
-         .AddCrossOriginResourcePolicy(builder =>
-         {
-            builder.SameOrigin();
-         })
-         .AddContentSecurityPolicy(builder =>
-         {
-            builder.AddObjectSrc().None();
-            builder.AddBlockAllMixedContent();
-            builder.AddImgSrc().Self().From("data:").From(GoogleAnalyticsUri)
-               .From(GoogleTagManagerUri);
-            builder.AddFormAction().Self();
-            builder.AddFormAction().OverHttps();
-            builder.AddFontSrc().Self();
-            builder.AddStyleSrc().Self();
-            builder.AddBaseUri().Self();
-            builder.AddScriptSrc().From(GoogleTagManagerUri).UnsafeInline().WithNonce();
-            builder.AddFrameAncestors().None();
-         })
-         .RemoveServerHeader()
-         .AddPermissionsPolicy(builder =>
-         {
-            builder.AddAccelerometer().None();
-            builder.AddAutoplay().None();
-            builder.AddCamera().None();
-            builder.AddEncryptedMedia().None();
-            builder.AddFullscreen().All();
-            builder.AddGeolocation().None();
-            builder.AddGyroscope().None();
-            builder.AddMagnetometer().None();
-            builder.AddMicrophone().None();
-            builder.AddMidi().None();
-            builder.AddPayment().None();
-            builder.AddPictureInPicture().None();
-            builder.AddSyncXHR().None();
-            builder.AddUsb().None();
-         });
-
-      if (!isDev)
-      {
-         // max age = one year in seconds
-         policy.AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365);
-      }
-
-      return policy;
-   }
-}
+using Microsoft.AspNetCore.Builder;
+
+namespace Dfe.PrepareConversions.Security;
+
+public static class SecurityHeadersDefinitions
+{
+   private static string GoogleTagManagerUri => "https://www.googletagmanager.com";
+   private static string GoogleAnalyticsUri => "https://www.google-analytics.com/";
+
+   public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev)
+   {
+      HeaderPolicyCollection policy = new HeaderPolicyCollection()
+         .AddFrameOptionsDeny()
+         .AddXssProtectionBlock()
+         .AddContentTypeOptionsNoSniff()
+         .AddReferrerPolicyStrictOriginWhenCrossOrigin()
+         .RemoveServerHeader()
+         .AddCrossOriginOpenerPolicy(builder =>
+         {
+            builder.SameOrigin();
+         })
+         .AddCrossOriginEmbedderPolicy(builder =>
+         {
+            builder.RequireCorp();
+         })
+         .AddCrossOriginResourcePolicy(builder =>
+         {
+            builder.SameOrigin();
+         })
+         .AddContentSecurityPolicy(builder =>
+         {
+            builder.AddObjectSrc().None();
+            builder.AddBlockAllMixedContent();
+            builder.AddImgSrc().Self().From("data:").From(GoogleAnalyticsUri)
+               .From(GoogleTagManagerUri);
+            builder.AddFormAction().Self();
+            builder.AddFormAction().OverHttps();
+            builder.AddFontSrc().Self();
+            builder.AddStyleSrc().Self();
+            builder.AddBaseUri().Self();
+            builder.AddScriptSrc().From(GoogleTagManagerUri).UnsafeInline().WithNonce();
+            builder.AddFrameAncestors().None();
+         })
+         .RemoveServerHeader()
+         .AddPermissionsPolicy(builder =>
+         {
+            builder.AddAccelerometer().None();
+            builder.AddAutoplay().None();
+            builder.AddCamera().None();
+            builder.AddEncryptedMedia().None();
+            builder.AddFullscreen().All();
+            builder.AddGeolocation().None();
+            builder.AddGyroscope().None();
+            builder.AddMagnetometer().None();
+            builder.AddMicrophone().None();
+            builder.AddMidi().None();
+            builder.AddPayment().None();
+            builder.AddPictureInPicture().None();
+            builder.AddSyncXHR().None();
+            builder.AddUsb().None();
+         });
+
+      if (!isDev)
+      {
+         // max age = one year in seconds
+         policy.AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365);
+      }
+
+      return policy;
+   }
+}

From 2d94429962336b239f546f356289437d3e9587fb Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 17:23:33 +0100
Subject: [PATCH 09/16] Added App Insights to CSP

---
 .../Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs b/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs
index 9a85d066f..1bd9fa8f9 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs
@@ -6,6 +6,7 @@ public static class SecurityHeadersDefinitions
 {
    private static string GoogleTagManagerUri => "https://www.googletagmanager.com";
    private static string GoogleAnalyticsUri => "https://www.google-analytics.com/";
+   private static string ApplicationInsightsUri => "https://js.monitor.azure.com/";
 
    public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev)
    {
@@ -39,6 +40,7 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev)
             builder.AddStyleSrc().Self();
             builder.AddBaseUri().Self();
             builder.AddScriptSrc().From(GoogleTagManagerUri).UnsafeInline().WithNonce();
+            builder.AddScriptSrc().From(ApplicationInsightsUri).UnsafeInline().WithNonce();
             builder.AddFrameAncestors().None();
          })
          .RemoveServerHeader()

From acd3b9ae48d7a02528d7fd89b4f53a9fedecf895 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 17:29:48 +0100
Subject: [PATCH 10/16] Updated GA script to match shared Layout.cshtml

---
 .../Shared/_LayoutNoHeaderAndFooter.cshtml    | 37 +++++++++++--------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml
index d9152915a..127412dc9 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml
@@ -6,7 +6,7 @@
    var analyticsConsent = Context.Request.Cookies.ContainsKey(".ManageAnAcademyConversion.Consent")
                           && bool.Parse(Context.Request.Cookies[".ManageAnAcademyConversion.Consent"] ?? string.Empty);
 
-   var showAnalytics = Configuration["GoogleAnalytics:Enable"] == "Yes" && analyticsConsent;
+   var enableGoogleAnalytics = Configuration["GoogleAnalytics:Enable"] == "Yes" && analyticsConsent;
 }
 
 <!DOCTYPE html>
@@ -28,31 +28,38 @@
 
    <title>@ViewData["Title"] - Manage an academy conversion</title>
    <link rel="stylesheet" href="~/dist/site.css"/>
-   @if (showAnalytics)
-   {
-      <!-- Google Tag Manager -->
-      <script asp-add-nonce>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
-		new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
-		j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
-		'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
-		})(window,document,'script','dataLayer','GTM-5H6G773');</script>
-      <!-- End Google Tag Manager -->
-   }
+
+   @if (enableGoogleAnalytics)
+    {
+        <!-- Google Tag Manager -->
+        <script asp-add-nonce>
+            (function (w, d, s, l, i) {
+                w[l] = w[l] || []; w[l].push({
+                    'gtm.start':
+                        new Date().getTime(), event: 'gtm.js'
+                }); var f = d.getElementsByTagName(s)[0],
+                    j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src =
+                        'https://www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f);
+            })(window, document, 'script', 'dataLayer', 'GTM-5H6G773');
+         </script>
+         <!-- End Google Tag Manager -->
+    }
 </head>
 <body class="govuk-template__body ">
-@if (analyticsConsent)
+
+@if (enableGoogleAnalytics)
 {
    <!-- Google Tag Manager (noscript) -->
    <noscript asp-add-nonce>
-      <iframe title="GATagManager" src=https://www.googletagmanager.com/ns.html?id=GTM-5H6G773 height="0" width="0" style="display: none; visibility: hidden"></iframe>
+      <iframe title="GATagManager" src="https://www.googletagmanager.com/ns.html?id=GTM-5H6G773" height="0" width="0" style="display: none; visibility: hidden"></iframe>
    </noscript>
    <!-- End Google Tag Manager (noscript) -->
 }
+
 <script asp-add-nonce>
     document.body.className = ((document.body.className) ? document.body.className + ' js-enabled' : 'js-enabled');
 </script>
 
-
 <div class="govuk-width-container">
    @await RenderSectionAsync("BeforeMain", false)
    <main class="govuk-main-wrapper gov-main-wrapper--auto-spacing" id="main-content" role="main">
@@ -61,4 +68,4 @@
 </div>
 <script src="~/dist/site.js" asp-add-nonce></script>
 </body>
-</html>
\ No newline at end of file
+</html>

From cb160e85cc3a81164c1b9a0ec156d4bf79e8d5cb Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 17:30:22 +0100
Subject: [PATCH 11/16] Remove unused injection

---
 .../Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml           | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
index 6371273c5..b02ed6c0b 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
@@ -1,6 +1,5 @@
 ﻿@using Microsoft.Extensions.Configuration
 @using NetEscapades.AspNetCore.SecurityHeaders.TagHelpers
-@using System.Security.Claims;
 @inject IConfiguration Configuration
 
 @{

From 16e731d1970d4a5d602433f801a2adab795e0e5c Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 17:30:59 +0100
Subject: [PATCH 12/16] Add App Insights SDK to layout variant

---
 .../Shared/_LayoutNoHeaderAndFooter.cshtml    | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml
index 127412dc9..a305cd2ce 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml
@@ -7,6 +7,9 @@
                           && bool.Parse(Context.Request.Cookies[".ManageAnAcademyConversion.Consent"] ?? string.Empty);
 
    var enableGoogleAnalytics = Configuration["GoogleAnalytics:Enable"] == "Yes" && analyticsConsent;
+   var enableAppInsightsAnalytics = Configuration["ApplicationInsights:EnableBrowserAnalytics"] == "Yes" && analyticsConsent;
+
+   var authenticatedUserId = User.Identity is not null && User.Identity.IsAuthenticated ? User.Identity.Name ?? "Unknown" : "Anonymous";
 }
 
 <!DOCTYPE html>
@@ -44,6 +47,33 @@
          </script>
          <!-- End Google Tag Manager -->
     }
+
+    @if (enableAppInsightsAnalytics)
+    {
+      <!-- Application insights -->
+      <script type="text/javascript" integrity="sha384-g/ZkzetdQypWdY0NBZT5r2L3BR9/hURD8OBcd1rEaBpgX6QC7EaTL+o+mzWrBcXW" crossorigin="anonymous" src="https://js.monitor.azure.com/scripts/b/ext/ai.clck.2.8.18.min.js"></script>
+      <script type="text/javascript" asp-add-nonce>
+         // Load the Click analytics plugin
+         var clickPluginInstance = new Microsoft.ApplicationInsights.ClickAnalyticsPlugin();
+         // Application Insights JavaScript (Web) SDK Loader Script code
+         !(function (cfg){function e(){cfg.onInit&&cfg.onInit(i)}var S,u,D,t,n,i,C=window,x=document,w=C.location,I="script",b="ingestionendpoint",E="disableExceptionTracking",A="ai.device.";"instrumentationKey"[S="toLowerCase"](),u="crossOrigin",D="POST",t="appInsightsSDK",n=cfg.name||"appInsights",(cfg.name||C[t])&&(C[t]=n),i=C[n]||function(l){var d=!1,g=!1,f={initialize:!0,queue:[],sv:"7",version:2,config:l};function m(e,t){var n={},i="Browser";function a(e){e=""+e;return 1===e.length?"0"+e:e}return n[A+"id"]=i[S](),n[A+"type"]=i,n["ai.operation.name"]=w&&w.pathname||"_unknown_",n["ai.internal.sdkVersion"]="javascript:snippet_"+(f.sv||f.version),{time:(i=new Date).getUTCFullYear()+"-"+a(1+i.getUTCMonth())+"-"+a(i.getUTCDate())+"T"+a(i.getUTCHours())+":"+a(i.getUTCMinutes())+":"+a(i.getUTCSeconds())+"."+(i.getUTCMilliseconds()/1e3).toFixed(3).slice(2,5)+"Z",iKey:e,name:"Microsoft.ApplicationInsights."+e.replace(/-/g,"")+"."+t,sampleRate:100,tags:n,data:{baseData:{ver:2}},ver:4,seq:"1",aiDataContract:undefined}}var h=-1,v=0,y=["js.monitor.azure.com","js.cdn.applicationinsights.io","js.cdn.monitor.azure.com","js0.cdn.applicationinsights.io","js0.cdn.monitor.azure.com","js2.cdn.applicationinsights.io","js2.cdn.monitor.azure.com","az416426.vo.msecnd.net"],k=l.url||cfg.src;if(k){if((n=navigator)&&(~(n=(n.userAgent||"").toLowerCase()).indexOf("msie")||~n.indexOf("trident/"))&&~k.indexOf("ai.3")&&(k=k.replace(/(\/)(ai\.3\.)([^\d]*)$/,function(e,t,n){return t+"ai.2"+n})),!1!==cfg.cr)for(var e=0;e<y.length;e++)if(0<k.indexOf(y[e])){h=e;break}var i=function(e){var a,t,n,i,o,r,s,c,p,u;f.queue=[],g||(0<=h&&v+1<y.length?(a=(h+v+1)%y.length,T(k.replace(/^(.*\/\/)([\w\.]*)(\/.*)$/,function(e,t,n,i){return t+y[a]+i})),v+=1):(d=g=!0,o=k,c=(p=function(){var e,t={},n=l.connectionString;if(n)for(var i=n.split(";"),a=0;a<i.length;a++){var o=i[a].split("=");2===o.length&&(t[o[0][S]()]=o[1])}return t[b]||(e=(n=t.endpointsuffix)?t.location:null,t[b]="https://"+(e?e+".":"")+"dc."+(n||"services.visualstudio.com")),t}()).instrumentationkey||l.instrumentationKey||"",p=(p=p[b])?p+"/v2/track":l.endpointUrl,(u=[]).push((t="SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details)",n=o,r=p,(s=(i=m(c,"Exception")).data).baseType="ExceptionData",s.baseData.exceptions=[{typeName:"SDKLoadFailed",message:t.replace(/\./g,"-"),hasFullStack:!1,stack:t+"\nSnippet failed to load ["+n+"] -- Telemetry is disabled\nHelp Link: https://go.microsoft.com/fwlink/?linkid=2128109\nHost: "+(w&&w.pathname||"_unknown_")+"\nEndpoint: "+r,parsedStack:[]}],i)),u.push((s=o,t=p,(r=(n=m(c,"Message")).data).baseType="MessageData",(i=r.baseData).message='AI (Internal): 99 message:"'+("SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details) ("+s+")").replace(/\"/g,"")+'"',i.properties={endpoint:t},n)),o=u,c=p,JSON&&((r=C.fetch)&&!cfg.useXhr?r(c,{method:D,body:JSON.stringify(o),mode:"cors"}):XMLHttpRequest&&((s=new XMLHttpRequest).open(D,c),s.setRequestHeader("Content-type","application/json"),s.send(JSON.stringify(o))))))},a=function(e,t){g||setTimeout(function(){!t&&f.core||i()},500),d=!1},T=function(e){var n=x.createElement(I),e=(n.src=e,cfg[u]);return!e&&""!==e||"undefined"==n[u]||(n[u]=e),n.onload=a,n.onerror=i,n.onreadystatechange=function(e,t){"loaded"!==n.readyState&&"complete"!==n.readyState||a(0,t)},cfg.ld&&cfg.ld<0?x.getElementsByTagName("head")[0].appendChild(n):setTimeout(function(){x.getElementsByTagName(I)[0].parentNode.appendChild(n)},cfg.ld||0),n};T(k)}try{f.cookie=x.cookie}catch(p){}function t(e){for(;e.length;)!function(t){f[t]=function(){var e=arguments;d||f.queue.push(function(){f[t].apply(f,e)})}}(e.pop())}var r,s,n="track",o="TrackPage",c="TrackEvent",n=(t([n+"Event",n+"PageView",n+"Exception",n+"Trace",n+"DependencyData",n+"Metric",n+"PageViewPerformance","start"+o,"stop"+o,"start"+c,"stop"+c,"addTelemetryInitializer","setAuthenticatedUserContext","clearAuthenticatedUserContext","flush"]),f.SeverityLevel={Verbose:0,Information:1,Warning:2,Error:3,Critical:4},(l.extensionConfig||{}).ApplicationInsightsAnalytics||{});return!0!==l[E]&&!0!==n[E]&&(t(["_"+(r="onerror")]),s=C[r],C[r]=function(e,t,n,i,a){var o=s&&s(e,t,n,i,a);return!0!==o&&f["_"+r]({message:e,url:t,lineNumber:n,columnNumber:i,error:a,evt:C.event}),o},l.autoExceptionInstrumented=!0),f}(cfg.cfg),(C[n]=i).queue&&0===i.queue.length?(i.queue.push(e),i.trackPageView({})):e();})({
+            src: "https://js.monitor.azure.com/scripts/b/ai.3.gbl.min.js",
+            crossOrigin: "anonymous",
+            cfg: {
+               connectionString: '@Configuration["ApplicationInsights:ConnectionString"]',
+               extensions: [ clickPluginInstance ],
+               extensionConfig: { [clickPluginInstance.identifier] : {
+                  autoCapture : true,
+                  dataTags: { useDefaultContentNameOrId: true }
+               } },
+            }
+         });
+
+         // Set Authenticated User Context
+         window.appInsights.setAuthenticatedUserContext("@authenticatedUserId", null, true);
+      </script>
+      <!-- End Application insights -->
+    }
 </head>
 <body class="govuk-template__body ">
 

From 9d8c8e40e155e9106717e95e9e08c9d733bde5ec Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 11 Jun 2024 17:36:19 +0100
Subject: [PATCH 13/16] Updated Cookie Policy statement

---
 .../Pages/Public/CookiePreferences.cshtml     | 58 +++++++++++++++++--
 1 file changed, 54 insertions(+), 4 deletions(-)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml
index 4346b8982..0d650e8c6 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml
@@ -37,6 +37,10 @@
          There is a separate <a href="@Model.TransfersCookiesUrl">cookies page for the transfers part of this service.</a>
       </p>
 
+      <h2 class="govuk-heading-m">Analytics cookies (optional)</h2>
+
+      <h3 class="govuk-heading-s">Google Analytics</h3>
+
       <p class="govuk-body">
          With your permission, we use Google Analytics to collect data about how you use the service. This information helps us improve our service.
          These cookies do not collect your name or address, they do collect a unique user identifier
@@ -50,19 +54,32 @@
          <li>what you click on while you’re visiting the site</li>
       </ul>
       <p class="govuk-body">Google is not allowed to share our analytics data with anyone.</p>
+
+      <h3 class="govuk-heading-s">Azure Application Insights</h3>
+
+      <p class="govuk-body">We use Azure Application Insights software to collect information about how you use this website. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.</p>
+      <p class="govuk-body">Azure Application Insights stores information about:</p>
+      <ul class="govuk-list govuk-list--bullet">
+         <li>the pages you visit on this website</li>
+         <li>how long you spend on each page</li>
+         <li>how you got to the site</li>
+         <li>what you click on while you're visiting the site</li>
+      </ul>
+      <p class="govuk-body">We don't allow Microsoft to use or share our analytics data.</p>
+
       <form method="post">
          <div class="govuk-form-group">
             <fieldset class="govuk-fieldset">
                <legend class="govuk-fieldset__legend govuk-fieldset__legend--m">
                   <h3 class="govuk-fieldset__heading">
-                     Do you accept Google Analytics cookies?
+                     Do you accept analytical cookies?
                   </h3>
                </legend>
                <div class="govuk-radios">
                   <div class="govuk-radios__item">
                      <input class="govuk-radios__input" id="cookie-consent-accept" name="consent" type="radio" value="true" checked="@Model.Consent">
                      <label class="govuk-label govuk-radios__label" for="cookie-consent-accept">
-                        Yes, opt in to Google Analytics cookies
+                        Yes, opt in to analytical cookies
                      </label>
                   </div>
                   <div class="govuk-radios__item">
@@ -76,6 +93,7 @@
          </div>
          <input type="submit" name="commit" value="Save changes" class="govuk-button" data-qa="submit" data-module="govuk-button" data-disable-with="Save changes">
       </form>
+
       <h2 class="govuk-heading-l">How we use cookies</h2>
       <h3 class="govuk-heading-m">Essential cookies</h3>
       <p class="govuk-body">
@@ -119,7 +137,10 @@
          </tr>
          </tbody>
       </table>
-      <h3 class="govuk-heading-m">Measuring website usage (Google Analytics)</h3>
+
+      <h2 class="govuk-heading-m">Analytical cookies</h2>
+
+      <h3 class="govuk-heading-s">Google Analytics</h3>
       <p class="govuk-body">Google Analytics sets the following cookies:</p>
       <table class="govuk-table" aria-label="Google analytics cookies">
          <thead class="govuk-table__header">
@@ -152,5 +173,34 @@
          </tr>
          </tbody>
       </table>
+
+      <h3 class="govuk-heading-s">Application Insights</h3>
+      <p class="govuk-body">Azure Application Insights sets the following cookies:</p>
+      <table class="govuk-table" aria-label="App Insights cookies">
+         <thead class="govuk-table__head">
+            <tr class="govuk-table__row">
+               <th scope="col" class="govuk-table__header">Name</th>
+               <th scope="col" class="govuk-table__header">Purpose</th>
+               <th scope="col" class="govuk-table__header">Expires</th>
+            </tr>
+         </thead>
+         <tbody class="govuk-table__body">
+            <tr class="govuk-table__row">
+               <td class="govuk-table__cell">ai_session</td>
+               <td class="govuk-table__cell">This helps us track activity happening over a single browser session</td>
+               <td class="govuk-table__cell">1 hour</td>
+            </tr>
+            <tr class="govuk-table__row">
+               <td class="govuk-table__cell">ai_user</td>
+               <td class="govuk-table__cell">This helps us to identify the number of distinct users accessing the site over time by tracking if you've visited before</td>
+               <td class="govuk-table__cell">1 year</td>
+            </tr>
+            <tr class="govuk-table__row">
+               <td class="govuk-table__cell">ai_authuser</td>
+               <td class="govuk-table__cell">This helps us to identify authenticated users and how they interact with the site</td>
+               <td class="govuk-table__cell">When you close your browser</td>
+            </tr>
+         </tbody>
+      </table>
    </div>
-</div>
\ No newline at end of file
+</div>

From dda4773c1e69f87c9b6da3edf847391aa01abae9 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Thu, 13 Jun 2024 15:13:05 +0100
Subject: [PATCH 14/16] Corrected line ending

---
 .../Pages/Public/CookiePreferences.cshtml.cs  | 210 +++++++++---------
 1 file changed, 105 insertions(+), 105 deletions(-)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml.cs b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml.cs
index 5ae661ec5..aee0d9b9a 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml.cs
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml.cs
@@ -1,105 +1,105 @@
-using Dfe.PrepareConversions.Configuration;
-using Dfe.PrepareConversions.Models;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.RazorPages;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using System;
-
-namespace Dfe.PrepareConversions.Pages.Public;
-
-public class CookiePreferences : PageModel
-{
-   private const string CONSENT_COOKIE_NAME = ".ManageAnAcademyConversion.Consent";
-   private readonly ILogger<CookiePreferences> _logger;
-   private readonly IOptions<ServiceLinkOptions> _options;
-
-   public CookiePreferences(ILogger<CookiePreferences> logger, IOptions<ServiceLinkOptions> options)
-   {
-      _logger = logger;
-      _options = options;
-   }
-
-   public bool? Consent { get; set; }
-   public bool PreferencesSet { get; set; }
-   public string ReturnPath { get; set; }
-
-   public string TransfersCookiesUrl { get; set; }
-
-   public ActionResult OnGet(bool? consent, string returnUrl)
-   {
-      ReturnPath = returnUrl;
-      TransfersCookiesUrl = $"{_options.Value.TransfersUrl}/cookie-preferences?returnUrl=%2Fhome";
-
-      if (Request.Cookies.ContainsKey(CONSENT_COOKIE_NAME))
-      {
-         Consent = bool.Parse(Request.Cookies[CONSENT_COOKIE_NAME] ?? string.Empty);
-      }
-
-      if (consent.HasValue)
-      {
-         PreferencesSet = true;
-
-         ApplyCookieConsent(consent);
-
-         if (!string.IsNullOrEmpty(returnUrl))
-         {
-            return Redirect(returnUrl);
-         }
-
-         return RedirectToPage(Links.Public.CookiePreferences);
-      }
-
-      return Page();
-   }
-
-   public IActionResult OnPost(bool? consent, string returnUrl)
-   {
-      ReturnPath = returnUrl;
-
-      if (Request.Cookies.ContainsKey(CONSENT_COOKIE_NAME))
-      {
-         Consent = bool.Parse(Request.Cookies[CONSENT_COOKIE_NAME] ?? string.Empty);
-      }
-
-      if (consent.HasValue)
-      {
-         Consent = consent;
-         PreferencesSet = true;
-
-         CookieOptions cookieOptions = new() { Expires = DateTime.Today.AddMonths(6), Secure = true, HttpOnly = true };
-         Response.Cookies.Append(CONSENT_COOKIE_NAME, consent.Value.ToString(), cookieOptions);
-
-         if (consent.Value is false)
-         {
-            ApplyCookieConsent(false);
-         }
-
-         return Page();
-      }
-
-      return Page();
-   }
-
-   private void ApplyCookieConsent(bool? consent)
-   {
-      if (consent.HasValue)
-      {
-         CookieOptions cookieOptions = new() { Expires = DateTime.Today.AddMonths(6), Secure = true, HttpOnly = true };
-         Response.Cookies.Append(CONSENT_COOKIE_NAME, consent.Value.ToString(), cookieOptions);
-      }
-
-      if (consent is false)
-      {
-         foreach (string cookie in Request.Cookies.Keys)
-         {
-            if (cookie.StartsWith("_ga") || cookie.Equals("_gid"))
-            {
-               _logger.LogInformation("Expiring Google analytics cookie: {cookie}", cookie);
-               Response.Cookies.Append(cookie, string.Empty, new CookieOptions { Expires = DateTime.Now.AddDays(-1), Secure = true, SameSite = SameSiteMode.Lax, HttpOnly = true });
-            }
-         }
-      }
-   }
-}
+using Dfe.PrepareConversions.Configuration;
+using Dfe.PrepareConversions.Models;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using System;
+
+namespace Dfe.PrepareConversions.Pages.Public;
+
+public class CookiePreferences : PageModel
+{
+   private const string CONSENT_COOKIE_NAME = ".ManageAnAcademyConversion.Consent";
+   private readonly ILogger<CookiePreferences> _logger;
+   private readonly IOptions<ServiceLinkOptions> _options;
+
+   public CookiePreferences(ILogger<CookiePreferences> logger, IOptions<ServiceLinkOptions> options)
+   {
+      _logger = logger;
+      _options = options;
+   }
+
+   public bool? Consent { get; set; }
+   public bool PreferencesSet { get; set; }
+   public string ReturnPath { get; set; }
+
+   public string TransfersCookiesUrl { get; set; }
+
+   public ActionResult OnGet(bool? consent, string returnUrl)
+   {
+      ReturnPath = returnUrl;
+      TransfersCookiesUrl = $"{_options.Value.TransfersUrl}/cookie-preferences?returnUrl=%2Fhome";
+
+      if (Request.Cookies.ContainsKey(CONSENT_COOKIE_NAME))
+      {
+         Consent = bool.Parse(Request.Cookies[CONSENT_COOKIE_NAME] ?? string.Empty);
+      }
+
+      if (consent.HasValue)
+      {
+         PreferencesSet = true;
+
+         ApplyCookieConsent(consent);
+
+         if (!string.IsNullOrEmpty(returnUrl))
+         {
+            return Redirect(returnUrl);
+         }
+
+         return RedirectToPage(Links.Public.CookiePreferences);
+      }
+
+      return Page();
+   }
+
+   public IActionResult OnPost(bool? consent, string returnUrl)
+   {
+      ReturnPath = returnUrl;
+
+      if (Request.Cookies.ContainsKey(CONSENT_COOKIE_NAME))
+      {
+         Consent = bool.Parse(Request.Cookies[CONSENT_COOKIE_NAME] ?? string.Empty);
+      }
+
+      if (consent.HasValue)
+      {
+         Consent = consent;
+         PreferencesSet = true;
+
+         CookieOptions cookieOptions = new() { Expires = DateTime.Today.AddMonths(6), Secure = true, HttpOnly = true };
+         Response.Cookies.Append(CONSENT_COOKIE_NAME, consent.Value.ToString(), cookieOptions);
+
+         if (consent.Value is false)
+         {
+            ApplyCookieConsent(false);
+         }
+
+         return Page();
+      }
+
+      return Page();
+   }
+
+   private void ApplyCookieConsent(bool? consent)
+   {
+      if (consent.HasValue)
+      {
+         CookieOptions cookieOptions = new() { Expires = DateTime.Today.AddMonths(6), Secure = true, HttpOnly = true };
+         Response.Cookies.Append(CONSENT_COOKIE_NAME, consent.Value.ToString(), cookieOptions);
+      }
+
+      if (consent is false)
+      {
+         foreach (string cookie in Request.Cookies.Keys)
+         {
+            if (cookie.StartsWith("_ga") || cookie.Equals("_gid"))
+            {
+               _logger.LogInformation("Expiring Google analytics cookie: {cookie}", cookie);
+               Response.Cookies.Append(cookie, string.Empty, new CookieOptions { Expires = DateTime.Now.AddDays(-1), Secure = true, SameSite = SameSiteMode.Lax, HttpOnly = true });
+            }
+         }
+      }
+   }
+}

From 4cc6f4dc0482f05ec4b5bc485bd96a9de6d482b2 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Thu, 13 Jun 2024 15:13:27 +0100
Subject: [PATCH 15/16] Expire App Insights cookies on rejection choice

---
 .../Pages/Public/CookiePreferences.cshtml.cs               | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml.cs b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml.cs
index aee0d9b9a..e66ff6ea5 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml.cs
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Public/CookiePreferences.cshtml.cs
@@ -94,11 +94,18 @@ private void ApplyCookieConsent(bool? consent)
       {
          foreach (string cookie in Request.Cookies.Keys)
          {
+            // Google Analytics
             if (cookie.StartsWith("_ga") || cookie.Equals("_gid"))
             {
                _logger.LogInformation("Expiring Google analytics cookie: {cookie}", cookie);
                Response.Cookies.Append(cookie, string.Empty, new CookieOptions { Expires = DateTime.Now.AddDays(-1), Secure = true, SameSite = SameSiteMode.Lax, HttpOnly = true });
             }
+            // App Insights
+            if (cookie.StartsWith("ai_"))
+            {
+               _logger.LogInformation("Expiring App insights cookie: {cookie}", cookie);
+               Response.Cookies.Append(cookie, string.Empty, new CookieOptions { Expires = DateTime.Now.AddYears(-1), Secure = true, SameSite = SameSiteMode.Lax, HttpOnly = true });
+            }
          }
       }
    }

From 1da70f36819b31c69964ff6b8ba770a46c6a183b Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Thu, 13 Jun 2024 15:19:08 +0100
Subject: [PATCH 16/16] Build pipeline for minifying App Insights JS

---
 .../Pages/Shared/_Layout.cshtml               |  23 +-
 .../Shared/_LayoutNoHeaderAndFooter.cshtml    |  23 +-
 .../wwwroot/package-lock.json                 | 289 ++++++++++++++++++
 .../wwwroot/package.json                      |   4 +-
 .../wwwroot/src/application-insights.js       |  16 +
 .../wwwroot/webpack.appinsights.config.js     |   9 +
 6 files changed, 327 insertions(+), 37 deletions(-)
 create mode 100644 Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/src/application-insights.js
 create mode 100644 Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/webpack.appinsights.config.js

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
index b02ed6c0b..1d70cc2a9 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_Layout.cshtml
@@ -62,25 +62,12 @@
       <!-- Application insights -->
       <script type="text/javascript" integrity="sha384-g/ZkzetdQypWdY0NBZT5r2L3BR9/hURD8OBcd1rEaBpgX6QC7EaTL+o+mzWrBcXW" crossorigin="anonymous" src="https://js.monitor.azure.com/scripts/b/ext/ai.clck.2.8.18.min.js"></script>
       <script type="text/javascript" asp-add-nonce>
-         // Load the Click analytics plugin
-         var clickPluginInstance = new Microsoft.ApplicationInsights.ClickAnalyticsPlugin();
-         // Application Insights JavaScript (Web) SDK Loader Script code
-         !(function (cfg){function e(){cfg.onInit&&cfg.onInit(i)}var S,u,D,t,n,i,C=window,x=document,w=C.location,I="script",b="ingestionendpoint",E="disableExceptionTracking",A="ai.device.";"instrumentationKey"[S="toLowerCase"](),u="crossOrigin",D="POST",t="appInsightsSDK",n=cfg.name||"appInsights",(cfg.name||C[t])&&(C[t]=n),i=C[n]||function(l){var d=!1,g=!1,f={initialize:!0,queue:[],sv:"7",version:2,config:l};function m(e,t){var n={},i="Browser";function a(e){e=""+e;return 1===e.length?"0"+e:e}return n[A+"id"]=i[S](),n[A+"type"]=i,n["ai.operation.name"]=w&&w.pathname||"_unknown_",n["ai.internal.sdkVersion"]="javascript:snippet_"+(f.sv||f.version),{time:(i=new Date).getUTCFullYear()+"-"+a(1+i.getUTCMonth())+"-"+a(i.getUTCDate())+"T"+a(i.getUTCHours())+":"+a(i.getUTCMinutes())+":"+a(i.getUTCSeconds())+"."+(i.getUTCMilliseconds()/1e3).toFixed(3).slice(2,5)+"Z",iKey:e,name:"Microsoft.ApplicationInsights."+e.replace(/-/g,"")+"."+t,sampleRate:100,tags:n,data:{baseData:{ver:2}},ver:4,seq:"1",aiDataContract:undefined}}var h=-1,v=0,y=["js.monitor.azure.com","js.cdn.applicationinsights.io","js.cdn.monitor.azure.com","js0.cdn.applicationinsights.io","js0.cdn.monitor.azure.com","js2.cdn.applicationinsights.io","js2.cdn.monitor.azure.com","az416426.vo.msecnd.net"],k=l.url||cfg.src;if(k){if((n=navigator)&&(~(n=(n.userAgent||"").toLowerCase()).indexOf("msie")||~n.indexOf("trident/"))&&~k.indexOf("ai.3")&&(k=k.replace(/(\/)(ai\.3\.)([^\d]*)$/,function(e,t,n){return t+"ai.2"+n})),!1!==cfg.cr)for(var e=0;e<y.length;e++)if(0<k.indexOf(y[e])){h=e;break}var i=function(e){var a,t,n,i,o,r,s,c,p,u;f.queue=[],g||(0<=h&&v+1<y.length?(a=(h+v+1)%y.length,T(k.replace(/^(.*\/\/)([\w\.]*)(\/.*)$/,function(e,t,n,i){return t+y[a]+i})),v+=1):(d=g=!0,o=k,c=(p=function(){var e,t={},n=l.connectionString;if(n)for(var i=n.split(";"),a=0;a<i.length;a++){var o=i[a].split("=");2===o.length&&(t[o[0][S]()]=o[1])}return t[b]||(e=(n=t.endpointsuffix)?t.location:null,t[b]="https://"+(e?e+".":"")+"dc."+(n||"services.visualstudio.com")),t}()).instrumentationkey||l.instrumentationKey||"",p=(p=p[b])?p+"/v2/track":l.endpointUrl,(u=[]).push((t="SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details)",n=o,r=p,(s=(i=m(c,"Exception")).data).baseType="ExceptionData",s.baseData.exceptions=[{typeName:"SDKLoadFailed",message:t.replace(/\./g,"-"),hasFullStack:!1,stack:t+"\nSnippet failed to load ["+n+"] -- Telemetry is disabled\nHelp Link: https://go.microsoft.com/fwlink/?linkid=2128109\nHost: "+(w&&w.pathname||"_unknown_")+"\nEndpoint: "+r,parsedStack:[]}],i)),u.push((s=o,t=p,(r=(n=m(c,"Message")).data).baseType="MessageData",(i=r.baseData).message='AI (Internal): 99 message:"'+("SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details) ("+s+")").replace(/\"/g,"")+'"',i.properties={endpoint:t},n)),o=u,c=p,JSON&&((r=C.fetch)&&!cfg.useXhr?r(c,{method:D,body:JSON.stringify(o),mode:"cors"}):XMLHttpRequest&&((s=new XMLHttpRequest).open(D,c),s.setRequestHeader("Content-type","application/json"),s.send(JSON.stringify(o))))))},a=function(e,t){g||setTimeout(function(){!t&&f.core||i()},500),d=!1},T=function(e){var n=x.createElement(I),e=(n.src=e,cfg[u]);return!e&&""!==e||"undefined"==n[u]||(n[u]=e),n.onload=a,n.onerror=i,n.onreadystatechange=function(e,t){"loaded"!==n.readyState&&"complete"!==n.readyState||a(0,t)},cfg.ld&&cfg.ld<0?x.getElementsByTagName("head")[0].appendChild(n):setTimeout(function(){x.getElementsByTagName(I)[0].parentNode.appendChild(n)},cfg.ld||0),n};T(k)}try{f.cookie=x.cookie}catch(p){}function t(e){for(;e.length;)!function(t){f[t]=function(){var e=arguments;d||f.queue.push(function(){f[t].apply(f,e)})}}(e.pop())}var r,s,n="track",o="TrackPage",c="TrackEvent",n=(t([n+"Event",n+"PageView",n+"Exception",n+"Trace",n+"DependencyData",n+"Metric",n+"PageViewPerformance","start"+o,"stop"+o,"start"+c,"stop"+c,"addTelemetryInitializer","setAuthenticatedUserContext","clearAuthenticatedUserContext","flush"]),f.SeverityLevel={Verbose:0,Information:1,Warning:2,Error:3,Critical:4},(l.extensionConfig||{}).ApplicationInsightsAnalytics||{});return!0!==l[E]&&!0!==n[E]&&(t(["_"+(r="onerror")]),s=C[r],C[r]=function(e,t,n,i,a){var o=s&&s(e,t,n,i,a);return!0!==o&&f["_"+r]({message:e,url:t,lineNumber:n,columnNumber:i,error:a,evt:C.event}),o},l.autoExceptionInstrumented=!0),f}(cfg.cfg),(C[n]=i).queue&&0===i.queue.length?(i.queue.push(e),i.trackPageView({})):e();})({
-            src: "https://js.monitor.azure.com/scripts/b/ai.3.gbl.min.js",
-            crossOrigin: "anonymous",
-            cfg: {
-               connectionString: '@Configuration["ApplicationInsights:ConnectionString"]',
-               extensions: [ clickPluginInstance ],
-               extensionConfig: { [clickPluginInstance.identifier] : {
-                  autoCapture : true,
-                  dataTags: { useDefaultContentNameOrId: true }
-               } },
-            }
-         });
-
-         // Set Authenticated User Context
-         window.appInsights.setAuthenticatedUserContext("@authenticatedUserId", null, true);
+         window.appInsights = {
+            connectionString: '@Configuration["ApplicationInsights:ConnectionString"]',
+            authenticatedUserId: '@authenticatedUserId'
+         }
       </script>
+      <script type="text/javascript" src="~/dist/application-insights.min.js" asp-add-nonce></script>
       <!-- End Application insights -->
     }
 
diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml
index a305cd2ce..a171fd3e5 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Pages/Shared/_LayoutNoHeaderAndFooter.cshtml
@@ -53,25 +53,12 @@
       <!-- Application insights -->
       <script type="text/javascript" integrity="sha384-g/ZkzetdQypWdY0NBZT5r2L3BR9/hURD8OBcd1rEaBpgX6QC7EaTL+o+mzWrBcXW" crossorigin="anonymous" src="https://js.monitor.azure.com/scripts/b/ext/ai.clck.2.8.18.min.js"></script>
       <script type="text/javascript" asp-add-nonce>
-         // Load the Click analytics plugin
-         var clickPluginInstance = new Microsoft.ApplicationInsights.ClickAnalyticsPlugin();
-         // Application Insights JavaScript (Web) SDK Loader Script code
-         !(function (cfg){function e(){cfg.onInit&&cfg.onInit(i)}var S,u,D,t,n,i,C=window,x=document,w=C.location,I="script",b="ingestionendpoint",E="disableExceptionTracking",A="ai.device.";"instrumentationKey"[S="toLowerCase"](),u="crossOrigin",D="POST",t="appInsightsSDK",n=cfg.name||"appInsights",(cfg.name||C[t])&&(C[t]=n),i=C[n]||function(l){var d=!1,g=!1,f={initialize:!0,queue:[],sv:"7",version:2,config:l};function m(e,t){var n={},i="Browser";function a(e){e=""+e;return 1===e.length?"0"+e:e}return n[A+"id"]=i[S](),n[A+"type"]=i,n["ai.operation.name"]=w&&w.pathname||"_unknown_",n["ai.internal.sdkVersion"]="javascript:snippet_"+(f.sv||f.version),{time:(i=new Date).getUTCFullYear()+"-"+a(1+i.getUTCMonth())+"-"+a(i.getUTCDate())+"T"+a(i.getUTCHours())+":"+a(i.getUTCMinutes())+":"+a(i.getUTCSeconds())+"."+(i.getUTCMilliseconds()/1e3).toFixed(3).slice(2,5)+"Z",iKey:e,name:"Microsoft.ApplicationInsights."+e.replace(/-/g,"")+"."+t,sampleRate:100,tags:n,data:{baseData:{ver:2}},ver:4,seq:"1",aiDataContract:undefined}}var h=-1,v=0,y=["js.monitor.azure.com","js.cdn.applicationinsights.io","js.cdn.monitor.azure.com","js0.cdn.applicationinsights.io","js0.cdn.monitor.azure.com","js2.cdn.applicationinsights.io","js2.cdn.monitor.azure.com","az416426.vo.msecnd.net"],k=l.url||cfg.src;if(k){if((n=navigator)&&(~(n=(n.userAgent||"").toLowerCase()).indexOf("msie")||~n.indexOf("trident/"))&&~k.indexOf("ai.3")&&(k=k.replace(/(\/)(ai\.3\.)([^\d]*)$/,function(e,t,n){return t+"ai.2"+n})),!1!==cfg.cr)for(var e=0;e<y.length;e++)if(0<k.indexOf(y[e])){h=e;break}var i=function(e){var a,t,n,i,o,r,s,c,p,u;f.queue=[],g||(0<=h&&v+1<y.length?(a=(h+v+1)%y.length,T(k.replace(/^(.*\/\/)([\w\.]*)(\/.*)$/,function(e,t,n,i){return t+y[a]+i})),v+=1):(d=g=!0,o=k,c=(p=function(){var e,t={},n=l.connectionString;if(n)for(var i=n.split(";"),a=0;a<i.length;a++){var o=i[a].split("=");2===o.length&&(t[o[0][S]()]=o[1])}return t[b]||(e=(n=t.endpointsuffix)?t.location:null,t[b]="https://"+(e?e+".":"")+"dc."+(n||"services.visualstudio.com")),t}()).instrumentationkey||l.instrumentationKey||"",p=(p=p[b])?p+"/v2/track":l.endpointUrl,(u=[]).push((t="SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details)",n=o,r=p,(s=(i=m(c,"Exception")).data).baseType="ExceptionData",s.baseData.exceptions=[{typeName:"SDKLoadFailed",message:t.replace(/\./g,"-"),hasFullStack:!1,stack:t+"\nSnippet failed to load ["+n+"] -- Telemetry is disabled\nHelp Link: https://go.microsoft.com/fwlink/?linkid=2128109\nHost: "+(w&&w.pathname||"_unknown_")+"\nEndpoint: "+r,parsedStack:[]}],i)),u.push((s=o,t=p,(r=(n=m(c,"Message")).data).baseType="MessageData",(i=r.baseData).message='AI (Internal): 99 message:"'+("SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details) ("+s+")").replace(/\"/g,"")+'"',i.properties={endpoint:t},n)),o=u,c=p,JSON&&((r=C.fetch)&&!cfg.useXhr?r(c,{method:D,body:JSON.stringify(o),mode:"cors"}):XMLHttpRequest&&((s=new XMLHttpRequest).open(D,c),s.setRequestHeader("Content-type","application/json"),s.send(JSON.stringify(o))))))},a=function(e,t){g||setTimeout(function(){!t&&f.core||i()},500),d=!1},T=function(e){var n=x.createElement(I),e=(n.src=e,cfg[u]);return!e&&""!==e||"undefined"==n[u]||(n[u]=e),n.onload=a,n.onerror=i,n.onreadystatechange=function(e,t){"loaded"!==n.readyState&&"complete"!==n.readyState||a(0,t)},cfg.ld&&cfg.ld<0?x.getElementsByTagName("head")[0].appendChild(n):setTimeout(function(){x.getElementsByTagName(I)[0].parentNode.appendChild(n)},cfg.ld||0),n};T(k)}try{f.cookie=x.cookie}catch(p){}function t(e){for(;e.length;)!function(t){f[t]=function(){var e=arguments;d||f.queue.push(function(){f[t].apply(f,e)})}}(e.pop())}var r,s,n="track",o="TrackPage",c="TrackEvent",n=(t([n+"Event",n+"PageView",n+"Exception",n+"Trace",n+"DependencyData",n+"Metric",n+"PageViewPerformance","start"+o,"stop"+o,"start"+c,"stop"+c,"addTelemetryInitializer","setAuthenticatedUserContext","clearAuthenticatedUserContext","flush"]),f.SeverityLevel={Verbose:0,Information:1,Warning:2,Error:3,Critical:4},(l.extensionConfig||{}).ApplicationInsightsAnalytics||{});return!0!==l[E]&&!0!==n[E]&&(t(["_"+(r="onerror")]),s=C[r],C[r]=function(e,t,n,i,a){var o=s&&s(e,t,n,i,a);return!0!==o&&f["_"+r]({message:e,url:t,lineNumber:n,columnNumber:i,error:a,evt:C.event}),o},l.autoExceptionInstrumented=!0),f}(cfg.cfg),(C[n]=i).queue&&0===i.queue.length?(i.queue.push(e),i.trackPageView({})):e();})({
-            src: "https://js.monitor.azure.com/scripts/b/ai.3.gbl.min.js",
-            crossOrigin: "anonymous",
-            cfg: {
-               connectionString: '@Configuration["ApplicationInsights:ConnectionString"]',
-               extensions: [ clickPluginInstance ],
-               extensionConfig: { [clickPluginInstance.identifier] : {
-                  autoCapture : true,
-                  dataTags: { useDefaultContentNameOrId: true }
-               } },
-            }
-         });
-
-         // Set Authenticated User Context
-         window.appInsights.setAuthenticatedUserContext("@authenticatedUserId", null, true);
+         window.appInsights = {
+            connectionString: '@Configuration["ApplicationInsights:ConnectionString"]',
+            authenticatedUserId: '@authenticatedUserId'
+         }
       </script>
+      <script type="text/javascript" src="~/dist/application-insights.min.js" asp-add-nonce></script>
       <!-- End Application insights -->
     }
 </head>
diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/package-lock.json b/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/package-lock.json
index a34dd1f54..d8c372b06 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/package-lock.json
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/package-lock.json
@@ -5,6 +5,7 @@
 	"packages": {
 		"": {
 			"dependencies": {
+				"@microsoft/applicationinsights-web": "^3.2.2",
 				"@ministryofjustice/frontend": "^1.8.1",
 				"accessible-autocomplete": "^2.0.4",
 				"dfe-frontend-alpha": "^1.0.1",
@@ -2355,6 +2356,149 @@
 				"@jridgewell/sourcemap-codec": "1.4.14"
 			}
 		},
+		"node_modules/@microsoft/applicationinsights-analytics-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-analytics-js/-/applicationinsights-analytics-js-3.2.2.tgz",
+			"integrity": "sha512-i6/7hYO7lFPE1rMARG6c4bGTuUJUiPb9GRfwMhzArpG39fqduCWpH6y2PdlwZzjyDQAxIOgBiSfLddgsAVoYOA==",
+			"dependencies": {
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			},
+			"peerDependencies": {
+				"tslib": "*"
+			}
+		},
+		"node_modules/@microsoft/applicationinsights-cfgsync-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-cfgsync-js/-/applicationinsights-cfgsync-js-3.2.2.tgz",
+			"integrity": "sha512-W4sQmQC9ZXN8ETYHcXQZl7kMACDkiC/a26OYx9IW8CzgZUI0U3hfDRonaj/1AMkM6zZbC2Zuto4vqpex7abJEg==",
+			"dependencies": {
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-async": ">= 0.5.1 < 2.x",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			},
+			"peerDependencies": {
+				"tslib": "*"
+			}
+		},
+		"node_modules/@microsoft/applicationinsights-channel-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-channel-js/-/applicationinsights-channel-js-3.2.2.tgz",
+			"integrity": "sha512-4ruoKxgZYYa+K8JJu8RMY0egKazS8xClbx70NQHa/rJ7JYFgN3OIEIBZtFoMcHR8Vg7MEsNE5/wV6o7WWJkVIA==",
+			"dependencies": {
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-async": ">= 0.5.1 < 2.x",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			},
+			"peerDependencies": {
+				"tslib": "*"
+			}
+		},
+		"node_modules/@microsoft/applicationinsights-common": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-common/-/applicationinsights-common-3.2.2.tgz",
+			"integrity": "sha512-e1C35gdkFSzWyUUR1S8FvisXW3nT3p6wWsLNs+vUKLOTQzsvW3XpNMVtNCq4MfHWiYDuz1lPSzo2eENaij1fVA==",
+			"dependencies": {
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			},
+			"peerDependencies": {
+				"tslib": "*"
+			}
+		},
+		"node_modules/@microsoft/applicationinsights-core-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-core-js/-/applicationinsights-core-js-3.2.2.tgz",
+			"integrity": "sha512-dF6LZ4ahdhoHufw+N7OXRDzWT8QN193Dvpd8GLqEZdR/KtCTofPSI63yumu+ZkzKYadf1S3w2xg0OmbdyXexoQ==",
+			"dependencies": {
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-async": ">= 0.5.1 < 2.x",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			},
+			"peerDependencies": {
+				"tslib": "*"
+			}
+		},
+		"node_modules/@microsoft/applicationinsights-dependencies-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-dependencies-js/-/applicationinsights-dependencies-js-3.2.2.tgz",
+			"integrity": "sha512-15EUVU6Kh0B400i/2YNy+V9xMhOwnpzAMTAiyFo90Q1SC5rJIsmzqjAWQnFmxAeq5YQoZ2FuQQpD2qsUajVEQQ==",
+			"dependencies": {
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-async": ">= 0.5.1 < 2.x",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			},
+			"peerDependencies": {
+				"tslib": "*"
+			}
+		},
+		"node_modules/@microsoft/applicationinsights-properties-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-properties-js/-/applicationinsights-properties-js-3.2.2.tgz",
+			"integrity": "sha512-ovT123foF4WquHdk6f51YpRacx7ZgST7iwqRA/jshy/7NVqlu05JbrVB8IlrxNausdaRwX5CvSCca+SQbOW0ZA==",
+			"dependencies": {
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			},
+			"peerDependencies": {
+				"tslib": "*"
+			}
+		},
+		"node_modules/@microsoft/applicationinsights-shims": {
+			"version": "3.0.1",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-shims/-/applicationinsights-shims-3.0.1.tgz",
+			"integrity": "sha512-DKwboF47H1nb33rSUfjqI6ryX29v+2QWcTrRvcQDA32AZr5Ilkr7whOOSsD1aBzwqX0RJEIP1Z81jfE3NBm/Lg==",
+			"dependencies": {
+				"@nevware21/ts-utils": ">= 0.9.4 < 2.x"
+			}
+		},
+		"node_modules/@microsoft/applicationinsights-web": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-web/-/applicationinsights-web-3.2.2.tgz",
+			"integrity": "sha512-DBJ83Fe7nHzH7QgMKFQrBN/Gbhoo5JgMQkBzJeTb5hMfNZUFOBEHWjytBdU9MEZVpa+Vk+RPQ72IOc0txbnJYw==",
+			"dependencies": {
+				"@microsoft/applicationinsights-analytics-js": "3.2.2",
+				"@microsoft/applicationinsights-cfgsync-js": "3.2.2",
+				"@microsoft/applicationinsights-channel-js": "3.2.2",
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-dependencies-js": "3.2.2",
+				"@microsoft/applicationinsights-properties-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-async": ">= 0.5.1 < 2.x",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			},
+			"peerDependencies": {
+				"tslib": "*"
+			}
+		},
+		"node_modules/@microsoft/dynamicproto-js": {
+			"version": "2.0.3",
+			"resolved": "https://registry.npmjs.org/@microsoft/dynamicproto-js/-/dynamicproto-js-2.0.3.tgz",
+			"integrity": "sha512-JTWTU80rMy3mdxOjjpaiDQsTLZ6YSGGqsjURsY6AUQtIj0udlF/jYmhdLZu8693ZIC0T1IwYnFa0+QeiMnziBA==",
+			"dependencies": {
+				"@nevware21/ts-utils": ">= 0.10.4 < 2.x"
+			}
+		},
 		"node_modules/@ministryofjustice/frontend": {
 			"version": "1.8.1",
 			"resolved": "https://registry.npmjs.org/@ministryofjustice/frontend/-/frontend-1.8.1.tgz",
@@ -2370,6 +2514,19 @@
 				"jquery": "^3.6.0"
 			}
 		},
+		"node_modules/@nevware21/ts-async": {
+			"version": "0.5.1",
+			"resolved": "https://registry.npmjs.org/@nevware21/ts-async/-/ts-async-0.5.1.tgz",
+			"integrity": "sha512-O2kN8n2HpDWJ7Oji+oTMnhITrCndmrNvrHbGDwAIBydx+FWvLE/vrw4QwnRRMvSCa2AJrcP59Ryklxv30KfkWQ==",
+			"dependencies": {
+				"@nevware21/ts-utils": ">= 0.11.2 < 2.x"
+			}
+		},
+		"node_modules/@nevware21/ts-utils": {
+			"version": "0.11.2",
+			"resolved": "https://registry.npmjs.org/@nevware21/ts-utils/-/ts-utils-0.11.2.tgz",
+			"integrity": "sha512-80W8BkS09kkGuUHJX50Fqq+QqAslxUaOQytH+3JhRacXs1EpEt2JOOkYKytqFZAYir3SeH9fahniEaDzIBxlUw=="
+		},
 		"node_modules/@nodelib/fs.scandir": {
 			"version": "2.1.5",
 			"resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
@@ -17709,6 +17866,125 @@
 				"@jridgewell/sourcemap-codec": "1.4.14"
 			}
 		},
+		"@microsoft/applicationinsights-analytics-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-analytics-js/-/applicationinsights-analytics-js-3.2.2.tgz",
+			"integrity": "sha512-i6/7hYO7lFPE1rMARG6c4bGTuUJUiPb9GRfwMhzArpG39fqduCWpH6y2PdlwZzjyDQAxIOgBiSfLddgsAVoYOA==",
+			"requires": {
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			}
+		},
+		"@microsoft/applicationinsights-cfgsync-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-cfgsync-js/-/applicationinsights-cfgsync-js-3.2.2.tgz",
+			"integrity": "sha512-W4sQmQC9ZXN8ETYHcXQZl7kMACDkiC/a26OYx9IW8CzgZUI0U3hfDRonaj/1AMkM6zZbC2Zuto4vqpex7abJEg==",
+			"requires": {
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-async": ">= 0.5.1 < 2.x",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			}
+		},
+		"@microsoft/applicationinsights-channel-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-channel-js/-/applicationinsights-channel-js-3.2.2.tgz",
+			"integrity": "sha512-4ruoKxgZYYa+K8JJu8RMY0egKazS8xClbx70NQHa/rJ7JYFgN3OIEIBZtFoMcHR8Vg7MEsNE5/wV6o7WWJkVIA==",
+			"requires": {
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-async": ">= 0.5.1 < 2.x",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			}
+		},
+		"@microsoft/applicationinsights-common": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-common/-/applicationinsights-common-3.2.2.tgz",
+			"integrity": "sha512-e1C35gdkFSzWyUUR1S8FvisXW3nT3p6wWsLNs+vUKLOTQzsvW3XpNMVtNCq4MfHWiYDuz1lPSzo2eENaij1fVA==",
+			"requires": {
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			}
+		},
+		"@microsoft/applicationinsights-core-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-core-js/-/applicationinsights-core-js-3.2.2.tgz",
+			"integrity": "sha512-dF6LZ4ahdhoHufw+N7OXRDzWT8QN193Dvpd8GLqEZdR/KtCTofPSI63yumu+ZkzKYadf1S3w2xg0OmbdyXexoQ==",
+			"requires": {
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-async": ">= 0.5.1 < 2.x",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			}
+		},
+		"@microsoft/applicationinsights-dependencies-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-dependencies-js/-/applicationinsights-dependencies-js-3.2.2.tgz",
+			"integrity": "sha512-15EUVU6Kh0B400i/2YNy+V9xMhOwnpzAMTAiyFo90Q1SC5rJIsmzqjAWQnFmxAeq5YQoZ2FuQQpD2qsUajVEQQ==",
+			"requires": {
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-async": ">= 0.5.1 < 2.x",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			}
+		},
+		"@microsoft/applicationinsights-properties-js": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-properties-js/-/applicationinsights-properties-js-3.2.2.tgz",
+			"integrity": "sha512-ovT123foF4WquHdk6f51YpRacx7ZgST7iwqRA/jshy/7NVqlu05JbrVB8IlrxNausdaRwX5CvSCca+SQbOW0ZA==",
+			"requires": {
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			}
+		},
+		"@microsoft/applicationinsights-shims": {
+			"version": "3.0.1",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-shims/-/applicationinsights-shims-3.0.1.tgz",
+			"integrity": "sha512-DKwboF47H1nb33rSUfjqI6ryX29v+2QWcTrRvcQDA32AZr5Ilkr7whOOSsD1aBzwqX0RJEIP1Z81jfE3NBm/Lg==",
+			"requires": {
+				"@nevware21/ts-utils": ">= 0.9.4 < 2.x"
+			}
+		},
+		"@microsoft/applicationinsights-web": {
+			"version": "3.2.2",
+			"resolved": "https://registry.npmjs.org/@microsoft/applicationinsights-web/-/applicationinsights-web-3.2.2.tgz",
+			"integrity": "sha512-DBJ83Fe7nHzH7QgMKFQrBN/Gbhoo5JgMQkBzJeTb5hMfNZUFOBEHWjytBdU9MEZVpa+Vk+RPQ72IOc0txbnJYw==",
+			"requires": {
+				"@microsoft/applicationinsights-analytics-js": "3.2.2",
+				"@microsoft/applicationinsights-cfgsync-js": "3.2.2",
+				"@microsoft/applicationinsights-channel-js": "3.2.2",
+				"@microsoft/applicationinsights-common": "3.2.2",
+				"@microsoft/applicationinsights-core-js": "3.2.2",
+				"@microsoft/applicationinsights-dependencies-js": "3.2.2",
+				"@microsoft/applicationinsights-properties-js": "3.2.2",
+				"@microsoft/applicationinsights-shims": "3.0.1",
+				"@microsoft/dynamicproto-js": "^2.0.3",
+				"@nevware21/ts-async": ">= 0.5.1 < 2.x",
+				"@nevware21/ts-utils": ">= 0.11.1 < 2.x"
+			}
+		},
+		"@microsoft/dynamicproto-js": {
+			"version": "2.0.3",
+			"resolved": "https://registry.npmjs.org/@microsoft/dynamicproto-js/-/dynamicproto-js-2.0.3.tgz",
+			"integrity": "sha512-JTWTU80rMy3mdxOjjpaiDQsTLZ6YSGGqsjURsY6AUQtIj0udlF/jYmhdLZu8693ZIC0T1IwYnFa0+QeiMnziBA==",
+			"requires": {
+				"@nevware21/ts-utils": ">= 0.10.4 < 2.x"
+			}
+		},
 		"@ministryofjustice/frontend": {
 			"version": "1.8.1",
 			"resolved": "https://registry.npmjs.org/@ministryofjustice/frontend/-/frontend-1.8.1.tgz",
@@ -17718,6 +17994,19 @@
 				"moment": "^2.27.0"
 			}
 		},
+		"@nevware21/ts-async": {
+			"version": "0.5.1",
+			"resolved": "https://registry.npmjs.org/@nevware21/ts-async/-/ts-async-0.5.1.tgz",
+			"integrity": "sha512-O2kN8n2HpDWJ7Oji+oTMnhITrCndmrNvrHbGDwAIBydx+FWvLE/vrw4QwnRRMvSCa2AJrcP59Ryklxv30KfkWQ==",
+			"requires": {
+				"@nevware21/ts-utils": ">= 0.11.2 < 2.x"
+			}
+		},
+		"@nevware21/ts-utils": {
+			"version": "0.11.2",
+			"resolved": "https://registry.npmjs.org/@nevware21/ts-utils/-/ts-utils-0.11.2.tgz",
+			"integrity": "sha512-80W8BkS09kkGuUHJX50Fqq+QqAslxUaOQytH+3JhRacXs1EpEt2JOOkYKytqFZAYir3SeH9fahniEaDzIBxlUw=="
+		},
 		"@nodelib/fs.scandir": {
 			"version": "2.1.5",
 			"resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/package.json b/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/package.json
index ada6dc7a5..8c8dfb3cf 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/package.json
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/package.json
@@ -2,7 +2,8 @@
 	"scripts": {
 		"build": "npm run build:assets & npm run build:frontend",
 		"build:frontend": "webpack",
-		"build:assets": "webpack --config webpack.assets.config.js",
+		"build:assets": "webpack --config webpack.assets.config.js & npm run build:assets:application-insights",
+		"build:assets:application-insights": "webpack --config webpack.appinsights.config.js",
 		"build:watch": "webpack --watch"
 	},
 	"devDependencies": {
@@ -17,6 +18,7 @@
 		"webpack-cli": "^4.10.0"
 	},
 	"dependencies": {
+		"@microsoft/applicationinsights-web": "^3.2.2",
 		"@ministryofjustice/frontend": "^1.8.1",
 		"accessible-autocomplete": "^2.0.4",
 		"dfe-frontend-alpha": "^1.0.1",
diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/src/application-insights.js b/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/src/application-insights.js
new file mode 100644
index 000000000..a786f777d
--- /dev/null
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/src/application-insights.js
@@ -0,0 +1,16 @@
+// App Insights frontend
+import { ApplicationInsights } from '@microsoft/applicationinsights-web'
+
+const clickPluginInstance = new Microsoft.ApplicationInsights.ClickAnalyticsPlugin();
+const appInsights = new ApplicationInsights({ config: {
+   connectionString: window.appInsights.connectionString,
+   extensions: [ clickPluginInstance ],
+   extensionConfig: { [clickPluginInstance.identifier] : {
+      autoCapture : true,
+      dataTags: { useDefaultContentNameOrId: true }
+   } },
+} });
+
+appInsights.loadAppInsights();
+appInsights.setAuthenticatedUserContext(window.appInsights.authenticatedUserId, null, true);
+appInsights.trackPageView();
diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/webpack.appinsights.config.js b/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/webpack.appinsights.config.js
new file mode 100644
index 000000000..d872596f9
--- /dev/null
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/wwwroot/webpack.appinsights.config.js
@@ -0,0 +1,9 @@
+const path = require('path');
+
+module.exports = {
+   entry: ['./src/application-insights.js', './node_modules/@microsoft/applicationinsights-web/dist/es5/applicationinsights-web.min.js'],
+   output: {
+      path: path.resolve(__dirname, 'dist'),
+      filename: 'application-insights.min.js',
+   }
+};

Name	Purpose	Expires
ai_session	This helps us track activity happening over a single browser session	1 hour
ai_user	This helps us to identify the number of distinct users accessing the site over time by tracking if you've visited before	1 year
ai_authuser	This helps us to identify authenticated users and how they interact with the site	When you close your browser