Optimizely

Optimizely

Digital performance platform best known for its A/B testing and feature flagging product. The Optimizely script fetches experiment configurations on page load and delivers variants to users. Tracks conversion events to determine which experiences drive better outcomes.

Back to Vendor Library

Overview

Optimizely is a digital experience platform built around A/B testing, multivariate experimentation, personalization, and feature flagging. It is widely used by product and marketing teams to run controlled experiments on web interfaces, measure the statistical impact of design or copy changes, and roll out features progressively using server-side flags. Optimizely serves enterprise clients across retail, financial services, media, and SaaS sectors.

What This Script Does

Client-Side Experimentation (Web Experimentation)

  • Fetches the experiment datafile (JSON configuration) from Optimizely's CDN on each page load: cdn.optimizely.com/datafiles/<project_id>.json
  • Evaluates audience conditions (URL, cookie values, custom attributes) to determine experiment eligibility
  • Assigns the visitor to an experiment bucket and applies the variant: DOM mutations, CSS overrides, or redirect to variant URL
  • Must execute synchronously before page render to prevent flash of original content (FOOC) — typically loaded as a blocking <script> in <head>
  • Primary script: https://cdn.optimizely.com/js/<project_id>.js

Cookies Set

  • optimizelyEndUserId — persistent unique visitor identifier; first-party, 10 years (by default); the primary identity key for experiment assignment consistency
  • optimizelyBuckets — records the visitor's active experiment/variant assignments; first-party, 10 years
  • optimizelyPendingLogEvents — queues conversion events for batch transmission; first-party, session
  • optimizelySegments — stores visitor segmentation attributes for audience targeting; first-party, persistent

Conversion Tracking and Event Logging

  • Tracks conversion goals (clicks, page views, form submissions, revenue events) mapped to experiment variants
  • Sends event payloads to logx.optimizely.com for statistical analysis
  • Revenue and conversion events can be instrumented via the window.optimizely.push({type:"event",...}) API

Feature Flags and Full Stack

  • Server-side Optimizely (Full Stack) operates without client-side cookies; decisions are made server-side
  • Client-side SDK for React, Angular, etc. may use localStorage for flag assignment persistence

Data Transmitted

  • Visitor ID (optimizelyEndUserId), experiment assignments, conversion events, and page URLs transmitted to Optimizely's US-based servers
  • Optimizely is a US company; EU-US Data Privacy Framework participation covers data transfers

Consent & Compliance

Consent category: Functional / Analytics

Optimizely occupies a dual role. The functional aspect — rendering the correct page variant to provide a consistent user experience — can be argued as serving the user. The analytics aspect — tracking conversion events and building statistical models — requires consent under GDPR and ePrivacy. The persistent 10-year optimizelyEndUserId cookie is a significant identifier that unambiguously requires ePrivacy consent. Under GDPR, Optimizely processes behavioral event data tied to a persistent visitor ID, requiring a lawful basis (typically consent). Under CCPA, the behavioral tracking and profiling constitute data collection subject to disclosure.

Should You Block This Without Consent?

Conditional. Server-side feature flags without client-side tracking can operate without consent. The standard client-side implementation sets 10-year persistent cookies and tracks user behavior across sessions, which requires explicit consent under GDPR and ePrivacy. Block the client-side experimentation script until analytics or functional consent is obtained.

Visit website

Consent Categories

Functional
Analytics

Also Known As

optimizely GDPRoptimizely cookiesA/B testing consentoptimizely feature flags privacyoptimizely trackingEpiserver Optimizely

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Tracked Domains (1)

optimizely.comAnalytics

Frequently Asked Questions

Does Optimizely require visitor consent before loading?

Conditionally. Server-side feature flags without client-side tracking can run without consent. The standard client-side implementation sets a 10-year optimizelyEndUserId cookie and tracks behavioral conversion events across sessions, requiring explicit consent under GDPR and ePrivacy before the script loads.

What cookies does Optimizely set on visitor browsers?

Optimizely sets optimizelyEndUserId (10-year visitor ID for experiment consistency), optimizelyBuckets (active variant assignments, 10 years), optimizelySegments (audience attributes, persistent), and optimizelyPendingLogEvents (session queue for conversion events). All experiment assignments and events are sent to logx.optimizely.com.

How does ConsentStack manage Optimizely on my site?

ConsentStack classifies Optimizely as functional and analytics. For client-side experimentation, it blocks the script until consent is granted, then releases it so experiments can run. ConsentStack can gate behavioral tracking while allowing server-side flag decisions that require no client-side cookies or visitor identification.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Optimizely

ConsentStack automatically detects and manages Optimizely trackers so your site stays compliant with global privacy regulations.

Get started free