azure AppInsights and third-party script CORS problem


I have application insights enabled on my app website, and then have a third-party script loaded that communicates with its own website.

The problem is that app insights instruments the global XMLHttpRequest object, and when that script tries to fetch data from its own site it gets CORS error because it’s sent actually from app insights (different origin).

How can I worka round the issue? Can I tell app insights not to instrument the XMLHttpRequest? (I don’t really need it)

To clarify the the problem:

// this instrumetns XMLHttpRequest
const appInsights = new ApplicationInsights({
  config: {

// this fails because XMLHttpRequest is instrumented (CORS error)
<script><script type="text/javascript" src=""></script>

The Error (in the latest Chrome browser):

Access to XMLHttpRequest at 
from origin 'http://localhost:3333' has been blocked by CORS policy: 
Request header field traceparent is not allowed by Access-Control-Allow-Headers in preflight response.

(anonymous) @ InstrumentHooks.js:97       <<<<<< this is app insights code
f @ fetchWidgetData.js:78                 <<< this is third-party javascript
loadWidget @ WidgetShell.js:498
(anonymous) @ throttle.js:21
start @ WidgetShell.js:581
v @ startOnceReady.js:55
I @ startOnceReady.js:96
(anonymous) @ startOnceReady.js:111
captureErrors @ ErrorLogger.js:119
b @ startOnceReady.js:110
(anonymous) @ start.js:18
s @ bootstrap:19
(anonymous) @ bootstrap:97
(anonymous) @ conversations-embed.js:1


Got the solution here

Basically the problem was caused by traceparent header sent by app insights. There is an option to disable that for specific third-party sites in app insights config, the correlationHeaderExcludedDomains option did the trick:

const insights = new ApplicationInsights({
  config: {
    instrumentationKey: ...
    correlationHeaderExcludedDomains: ['', ''],

Answered By – Nikolay

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published