- Optimizely Web Experimentation
- Optimizely Personalization
Optimizely Web Experimentation and Optimizely Personalization use Transport Layer Security (TLS) for 100% of CDN traffic to protect against Man In The Middle attacks and meet customer compliance requirements.
Performance and security
Optimizely works to minimize the impact of TLS on both CPU and performance. For more details, see TLS has exactly one performance problem: it is not used widely enough.
Optimizely TLS encryption is highly secure, maintaining an A grade from SSLLabs.
HSTS
Optimizely's CDN cdn.optimizely.com
sends the HSTS header. This header informs clients to connect to cdn.optimizely.com over HTTPS regardless of whether it is using the http://
or https://
URL. Performance impact should be negligible, due to the TLS optimizations in use.
PCI CDN
Customers who have PCI-enabled accounts and load their assets from cdn-pci.optimizely.com
have all of their assets served over TLS.
Ciphersuites
Ciphersuites are reviewed at least annually and updated to address security risks and meet PCI compliance requirements for TLS.
Opting out of TLS
Optimizely has an alternative CDN available at cdn-s-optional.optimizely.com
for customers who want to opt-out of TLS. This domain points to Optimizely's same primary CDN but does not send the HSTS header. To transition to this CDN, change your cdn.optimizely.com
URLs to point to cdn-s-optional.optimizely.com
.
For information on how to change your cdn.optimizely.com
URLS to cdn-s-optional
, see Implement the one-line JavaScript snippet and change <script src="//cdn.optimizely.com
to <script src="//cdn-s-optional.optimizely.com
If you have any questions, contact your Customer Success Manager.
Please sign in to leave a comment.