Kameleoon

Overview

Kameleoon is an enterprise A/B testing, multivariate testing, and personalization platform used by digital teams at e-commerce retailers, financial institutions, and media companies. Its JavaScript SDK fetches experiment configurations from Kameleoon's CDN, evaluates visitor segment rules, and injects page modifications for assigned experiment variants — all before the page is visibly rendered, to prevent flickering.

What This Script Does

Kameleoon SDK

The Kameleoon script is typically loaded synchronously (blocking) in the <head> of the page to ensure experiment variants are applied before first paint. The script fetches the site's experiment configuration from {siteCode}.kameleoon.eu or {siteCode}.kameleoon.io and evaluates targeting rules against the current visitor's attributes.

Anti-Flicker Mechanism

To prevent the "flicker" of showing the control version before the variant loads, Kameleoon applies a CSS rule that hides the page body until the experiment configuration is received and the variant is selected. The page is then revealed with the correct variant applied. This blocking behavior means slow CDN responses directly impact page load performance.

Experiment Variant Assignment

Visitors are assigned to experiment variants based on URL rules, cookie values, JavaScript conditions, and custom visitor attributes. Assignments are stored in Kameleoon's cookies to ensure visitors see the same variant on return visits.

Cookies Set

• kameleoonVisitorCode — First-party persistent cookie. Stores the unique visitor identifier used for experiment assignment and consistency. Duration: 1 year.
• kameleoonExperimentData — First-party persistent cookie. Stores all current experiment assignments and variant IDs for the visitor. Duration: 1 year.
• kameleoonGoalData — First-party session cookie. Stores goal conversion events (clicks, form submissions) to be attributed to active experiments. Duration: session.
• kameleoonConsent — First-party persistent cookie. Stores the consent state passed by the site's CMP. Duration: 1 year.

Domains Contacted

• {siteCode}.kameleoon.eu — EU CDN endpoint. Serves the experiment configuration file containing all active experiments, targeting rules, and variant code.
• {siteCode}.kameleoon.io — Global CDN endpoint for non-EU deployments.
• api.kameleoon.com — API endpoint for server-side experiment data and real-time personalization.
• log.kameleoon.com — Analytics ingestion endpoint for experiment exposure and goal conversion events.

Data Collected Per Interaction

• Unique visitor code for experiment assignment continuity
• All active experiment IDs and assigned variant IDs
• Page URL and current URL path at each experiment evaluation
• Browser user-agent and viewport dimensions
• Goal conversion events (which pages, clicks, or form submissions triggered an experiment goal)
• Custom visitor attributes defined by the site operator (e.g., logged-in status, cart value, customer segment)
• Timestamps of first visit, current visit, and all goal events

Consent & Compliance

GDPR / ePrivacy: Kameleoon sets persistent first-party cookies and collects behavioral data for A/B testing and personalization. Kameleoon distinguishes between three consent modes: (1) no tracking at all, (2) anonymous tracking without persistent cookies, and (3) full tracking with cookies. Under the ePrivacy Directive, the persistent kameleoonVisitorCode cookie requires consent for non-essential purposes. Kameleoon's own documentation recommends CMP integration and provides a consent API. For A/B testing used purely to improve user experience (not for advertising profiling), some DPAs accept a legitimate interest basis, but this is contested.

CCPA / CPRA: Kameleoon collects behavioral data for site optimization on behalf of the operator. As a service provider under a data processing agreement, this does not constitute a sale. Operators must disclose Kameleoon in their privacy policy.

EU-US Data Privacy Framework: Kameleoon is a French company with EU data processing infrastructure. EU-hosted deployments (kameleoon.eu endpoints) keep data within the EU. For non-EU deployments, Kameleoon provides SCCs.

Consent Category: Functional / Analytics (mixed). A/B testing that improves user experience is functional; personalization linked to behavioral profiles is analytics or marketing.

Should You Block This Without Consent?

Conditional. Kameleoon's experiment assignment cookies are functional when used purely for A/B testing that improves the user experience. The persistent visitor identifier, however, requires ePrivacy consent for non-essential tracking. A compliant implementation uses Kameleoon's consent API to run in anonymous mode (no persistent cookies) until consent is granted, then enables full visitor tracking after consent.