Optimizely Web Experimentation uses Transport Layer Security (TLS) for 100% of its CDN traffic to protect against Man In The Middle attacks and meet customers’ compliance requirements. Learn more how to QA and debug Optimizely Web Experimentation experiments and campaigns.
Performance and security
Optimizely Web Experimentation acts to minimize the impact of TLS on both CPU and performance. For more details, visit the article on TLS has exactly one performance problem: it is not used widely enough.
Optimizely Web Experimentation TLS encryption is highly secure, maintaining an A grade from SSLLabs.
HSTS
Optimizely Web Experimentation's CDN cdn.optimizely.com will send the HSTS header. This header will inform clients to connect to cdn.optimizely.com over HTTPS regardless of whether it is using the http:// or https:// URL. Performance impact should be negligible, due to the TLS optimizations in use.
PCI CDN
Customers who have PCI-enabled accounts and load their assets from cdn-pci.optimizely.com have all of their assets served over TLS.
Ciphersuites
Ciphersuites are reviewed at least annually and updated to address security risks and meet PCI compliance requirements for TLS.
Opting out of TLS
Optimizely Web Experimentation has an alternative CDN available at cdn-s-optional.optimizely.com for customers who wish to opt-out of TLS. This domain will point to Optimizely Web Experimentation's same primary CDN but will not send the HSTS header. To transition to this CDN, change your cdn.optimizely.com URLs to point to cdn-s-optional.optimizely.com. Optimizely will commit to supporting this cdn-s-optional URL until at least April 30, 2019.
For information on how to change your cdn.optimizely.com URLS to cdn-s-optional, please see our Knowledge Base article on implementing the Optimizely Web Experimentation snippet and change <script src="//cdn.optimizely.com to <script src="//cdn-s-optional.optimizely.com
If you have any questions, contact your Customer Success Manager.
<%= heading %>
