Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

The availability of features may depend on your plan type. Contact your Customer Success Manager if you have any questions.

Dev GuideAPI ReferenceUser Guide
Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideLegal TermsGitHubDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide
Legal TermsGitHubDev CommunityOptimizely AcademySubmit a ticket

Transport Layer Security

Describes Transport Layer Security (TLS) encryption for Optimizely Web Experimentation and Optimizely Personalization

Suggest Edits

Optimizely Web Experimentation and Optimizely Personalization use Transport Layer Security (TLS) for 100% of content delivery network (CDN) traffic to protect against Man In The Middle attacks and meet customer compliance requirements.

Optimizely works to minimize the impact of TLS on both CPU and performance. Optimizely TLS encryption is highly secure, maintaining an A grade from SSLLabs.

HSTS

Optimizely's CDN cdn.optimizely.com sends the HSTS header. This header informs clients to connect to cdn.optimizely.com over HTTPS regardless of whether it is using the http:// or https:// URL. Performance impact should be negligible, due to the TLS optimizations in use.

PCI CDN

Customers who have PCI-enabled accounts and load their assets from cdn-pci.optimizely.com have all of their assets served over TLS.

Ciphersuites

Ciphersuites are reviewed at least annually and updated to address security risks and meet PCI compliance requirements for TLS.

Opt out of TLS

Optimizely has an alternative CDN at cdn-s-optional.optimizely.com for customers who want to opt-out of TLS. This domain points to Optimizely's same primary CDN but does not send the HSTS header. To transition to this CDN, change your cdn.optimizely.com URLs to point to cdn-s-optional.optimizely.com. 

For information on how to change your cdn.optimizely.com URLS to cdn-s-optional, see Implement the one-line JavaScript snippet and change <script src="//cdn.optimizely.com to <script src="//cdn-s-optional.optimizely.com.

Updated about 11 hours ago