Performance & Security
Frequently asked questions regarding Crobox's performance and use of cookies.
Last updated
Was this helpful?
Frequently asked questions regarding Crobox's performance and use of cookies.
Last updated
Was this helpful?
No. Static images do not affect your page speed once uploaded as badges (they are ). Images should be optimized before they are uploaded. If you have a big image (e.g., 1MB) as your thumbnail you should first resize it. Sizing itself won’t affect your page speed, but it will affect how the badge looks.
Our Javascript Snippet is loaded from a CDN with more than 34 data centers around the globe ensuring a fast response no matter the location.
The average size of the snippet is below 50kb (+- 20kb gzip) which means it loads on average within 50 milliseconds.
Next to its low latency and small size the snippet is loaded using the and attributes making sure it's not blocking parsing of the page so as to not add any delay to the page rendering.
Crobox loads scripts, fonts, images and fetches data from 2 domains, so you need to add:
cdn.crobox.io
api.crobox.com
to the script-src
, font-src
, img-src
, fetch-src
sections (or default-src
if not using those specifics) sections.
Crobox also creates the stylesheets dynamicly so you will need to add 'unsafe-inline'
the style-src
section.
Other third-parties that might be used are Google Fonts and Unsplash, so their resources also need to be whitelisted, if not already included.
Depending on how strict the policy is applied you might also have to add 'unsafe-eval'
to script-src
since this is used for the Crobox preview mode.
The Crobox Javascript Snippet normally waits on the DOMContentLoaded
event before it starts executing the logic.
From that logic it will request a promotion from our API to show to the visitor. The average response time of our promotion endpoint is around 15ms. This ensures that the whole roundtrip and rendering to the DOM happens within the blink of an eye.
Any user can easily opt-out; clients don't need any custom integration for this. After opting out, the Crobox tracking cookie (if available) will be deleted and a new cookie will be set indicating that the specific user does not want to be tracked over (new) sessions. After opting out, no personal data will be collected anymore and no profile will be created / updated.
The client is the owner of the data, but the data is stored at external servers managed by Crobox. Part of the data can be accessed using our dashboard and/or Application Program Interface (API). Data is stored separately from other clients and is not used for or by other clients, domains and/or used for other abstraction or reporting means.
Crobox tracks click behavior of individual users. This behavior is collected, processed and then encoded into a personal profile. Click behavior is interpreted as - though not limited to - tracking events and/or page views of a specific user to record whether he/she engages with a specific link, image and/or product.
Crobox uses cookies in order to identify users across multiple sessions. Without using cookies, we are unable to identify users during their life cycle resulting in incomplete profiles. However, if the client can provide us with a unique identifier (UUID) indicating a unique user, we don't need to store cookies at all.\
Crobox is in the exact same cookies policy category as Google Analytics tracking. Our cookie policy is based on any other advertising technology and/or platform. Crobox is a first party cookie such as any other A/B testing or analytical tool.
The cookie controlled by Crobox contains a randomly unique identifier (UUID) that tracks the user over multiple sessions. Its expiration date is set to 180 days. If the client has the possibility to send us an UUID, there is no cookie setting required resulting in no Crobox cookie stored at all.
This is the responsibility of the client. Crobox only sets the expiration date to 180 days.
We comply with most stringent security policies. All data is stored in a EU-based datacenter. But we do use services from US-based companies for distribution and backup.
Any eCommerce platform such as Demandware, Magento, Intershop, or Woocommerce.
Please contact us for an overview of all security measurements taken at .