Performance & Security

Frequently asked questions regarding Crobox's performance and use of cookies.

Do Static Images influence my page speed or loading time?

No. Static images do not affect your page speed once uploaded as badges (they are “lazy-loaded”). Images should be optimized before they are uploaded. If you have a big image (e.g., 1MB) as your thumbnail you should first resize it. Sizing itself won’t affect your page speed, but it will affect how the badge looks.

What is the impact on performance when including the Crobox Javascript Snippet?

Our Javascript Snippet is loaded from a CDN with more than 34 data centers around the globe ensuring a fast response no matter the location.

The average size of the snippet is below 50kb (+- 20kb gzip) which means it loads on average within 50 milliseconds.

Next to its low latency and small size the snippet is loaded using the async and deferattributes making sure it's not blocking parsing of the page so as to not add any delay to the page rendering.

What if my website enforces a Content Security Policy header and want to integrate Crobox?

Crobox loads scripts, fonts, images and fetches data from 2 domains, so you need to add to the script-src font-src img-src fetch-src (or default-src if not using those specifics) sections. Next Crobox creates the stylesheets dynamicly so 'unsafe-inline' must be in the style-src section. Other third-parties that might be used are Google Fonts and Unsplash, so the resources of them also needs to be whitelisted if not already included. Depending on how strict the policy is applied you might also have to add 'unsafe-eval' to script-src since this is used for the Crobox preview mode.

How fast does a Crobox Promotion become visible to a website visitor?

The Crobox Javascript Snippet normally waits on the DOMContentLoaded event before it starts executing the logic.

From that logic it will request a promotion from our API to show to the visitor. The average response time of our promotion endpoint is around 15ms. This ensures that the whole roundtrip and rendering to the DOM happens within the blink of an eye.

Does Crobox offer opt-out functionality?

Any user can easily opt-out; clients don't need any custom integration for this. After opting out, the Crobox tracking cookie (if available) will be deleted and a new cookie will be set indicating that the specific user does not want to be tracked over (new) sessions. After opting out, no personal data will be collected anymore and no profile will be created / updated.

Who is the owner of Crobox's data?

The client is the owner of the data, but the data is stored at external servers managed by Crobox. Part of the data can be accessed using our dashboard and/or Application Program Interface (API). Data is stored separately from other clients and is not used for or by other clients, domains and/or used for other abstraction or reporting means.

What is Crobox tracking?

Crobox tracks click behavior of individual users. This behavior is collected, processed and then encoded into a personal profile. Click behavior is interpreted as - though not limited to - tracking events and/or page views of a specific user to record whether he/she engages with a specific link, image and/or product.

Does Crobox use cookies?

Crobox uses cookies in order to identify users across multiple sessions. Without using cookies, we are unable to identify users during their life cycle resulting in incomplete profiles. However, if the client can provide us with a unique identifier (UUID) indicating a unique user, we don't need to store cookies at all.\

Crobox is in the exact same cookies policy category as Google Analytics tracking. Our cookie policy is based on any other advertising technology and/or platform. Crobox is a first party cookie such as any other A/B testing or analytical tool.

The cookie controlled by Crobox contains a randomly unique identifier (UUID) that tracks the user over multiple sessions. Its expiration date is set to 180 days. If the client has the possibility to send us an UUID, there is no cookie setting required resulting in no Crobox cookie stored at all.

This is the responsibility of the client. Crobox only sets the expiration date to 180 days.

What is Crobox's security policy?

We comply with most stringent security policies. All data is stored in a EU-based datacenter. But we do use services from US-based companies for distribution and backup.

Please contact us for an overview of all security measurements taken at

What platforms does Crobox support?

Any eCommerce platform such as Demandware, Magento, Intershop, or Woocommerce.

Last updated