> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kameleoon.com/llms.txt
> Use this file to discover all available pages before exploring further.

# FAQ

> Answers to common technical questions about Kameleoon implementations, security, and performance.

Kameleoon regularly updates this list with common questions from customers.

<AccordionGroup>
  <Accordion title="What are the Kameleoon domains that I need to whitelist?" id="what-are-the-kameleoon-domains-that-i-need-to-whitelist">
    If your website restricts the loading of resources (scripts, images, media, CSS) via the standard **Content-Security-Policy (CSP)** HTTP header, update your site's CSP to allow Kameleoon resources to load.

    #### Easy setup (with wildcards)

    <Warning>
      `script-src` always trumps `default-src`. Do not use this setup if you already use the complete setup in your CSP.
    </Warning>

    Add the following content to your CSP header configuration:

    ```html theme={null}
    default-src https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net wss://*.kameleoon.com https://*.experimentation.dev;
    ```

    #### Complete setup (fully detailed)

    <Warning>
      Kameleoon regularly adds new features to the product, which could result in additional URLs. List all possible hosts and resource types (script, image, etc.) explicitly in the CSP header.
    </Warning>

    Replace `[your-site-code]` with your Kameleoon [site code](/user-manual/faq#how-do-i-find-my-sitecode) in each line where it appears and add this to your configuration:

    ```html theme={null}
    script-src https://[your-site-code].kameleoon.xx https://static.kameleoon.com https://graphical-editor.kameleoon.com https://simulation.kameleoon.com https://client-config.kameleoon.com https://sdk-config.kameleoon.eu https://electra.kameleoon.com https://aibuilder.kameleoon.com https://static.experimentation.dev 'unsafe-eval';
    style-src https://static.kameleoon.com https://static.products.kameleoon.com https://graphical-editor.kameleoon.com https://simulation.kameleoon.com https://electra.kameleoon.com https://aibuilder.kameleoon.com https://static.experimentation.dev 'unsafe-inline'; 
    connect-src https://[your-site-code].kameleoon.xx https://static.kameleoon.com https://eu-data.kameleoon.io https://eu-data.kameleoon.eu https://na-data.kameleoon.io https://na-data.kameleoon.eu https://editor.kameleoon.com https://graphical-editor.kameleoon.com https://simulation.kameleoon.com https://api.kameleoon.com https://customers.kameleoon.com https://logger.kameleoon.io https://client-config.kameleoon.com https://sdk-config.kameleoon.eu https://api.products.kameleoon.com https://static.experimentation.dev https://sdk-config.experimentation.dev https://eu-data.experimentation.dev wss://electra.kameleoon.com;
    img-src https://[your-site-code].kameleoon.xx https://storage.kameleoon.eu https://storage.kameleoon.io https://graphical-editor.kameleoon.com https://simulation.kameleoon.com https://static.kameleoon.com https://images.products.kameleoon.com https://static.experimentation.dev;
    frame-src 'self' https://graphical-editor.kameleoon.com https://static.experimentation.dev;
    ```

    Each URL in the CSP policy serves a specific purpose:

    ##### Web Experimentation

    * `https://[your-site-code].kameleoon.xx`: Loads the Kameleoon Web Experimentation Application Script, `engine.js` (previously named `kameleoon.js`).
    * `https://(eu|na)-data.kameleoon.(eu|io)`: Used for tracking.
    * `https://logger.kameleoon.io`: Sends tracking data for logging.
    * `https://data.kameleoon.net`: Required if you use the Kameleoon Simulation tool to QA experiments across multiple subdomains.

    ##### Feature Experimentation (Client-side SDKs)

    * `https://client-config.kameleoon.com`: Required for SDK versions \< 2.1.0.
    * `https://sdk-config.kameleoon.eu`: Required for SDK versions >= 2.1.0.
    * `https://(eu|na)-data.kameleoon.(eu|io)`: Used for tracking.
    * `https://logger.kameleoon.io`: Sends tracking data for logging.

    ##### Graphic Editors

    * `https://static.kameleoon.com`: (deprecated) Loads static resources for the old graphic editor.
    * `https://editor.kameleoon.com`: (deprecated) Used by the old graphic editor.
    * `https://graphical-editor.kameleoon.com`: Used by the new graphic editor.
    * `https://storage.kameleoon.(eu|io)`: Loads images used in experiments created with the graphic editors.

    ##### Prompt-Based Experimentation (PBX)

    * `https://aibuilder.kameleoon.com`: Used by the prompt-based editor.
    * `https://electra.kameleoon.com`: Used by the prompt-based editor.
    * `https://storage.kameleoon.(eu|io)`: Loads images in the prompt-based editor.
    * `https://api.kameleoon.com`: Loads account-related information.
    * `https://sdk-config.kameleoon.eu`: Controls Kameleoon feature flags activated in the prompt-based editor.
    * `wss://electra.kameleoon.com` : Used for data exchange.

    ##### Simulation

    * `https://api.kameleoon.com`: Used by the old simulation.
    * `https://simulation.kameleoon.com`: Used by the new simulation.

    ##### Product Recommendation

    * `https://static.products.kameleoon.com`: Loads resources for the Product Recommendation module.
    * `https://api.products.kameleoon.com`: API used by the Product Recommendation module.
    * `https://images.products.kameleoon.com`: Loads product images for recommendations.

    ##### APIs & Integrations

    * `https://api.kameleoon.com`: Required if you intend to use the Automation API for testing directly from the browser.
    * `https://customers.kameleoon.com`: Required if you use the [SDK API](../feature-experimentation/get-started/overview#api) or a custom integration developed by Kameleoon.

    ##### Internal Resources

    <Note>
      By default, `engine.js` does not include simulation paths or application-specific information to minimize script size. To provide these details, load the full script `kameleoonFull.js`, which supplies `engine.js` with necessary data on internal resources and loading instructions.
    </Note>

    * `https://static.kameleoon.com`: Loads internal resources.
    * `https://static.experimentation.dev`: Loads internal resources.
    * `https://sdk-config.experimentation.dev`: Controls Kameleoon feature flags activated in the Kameleoon product.
    * `https://eu-data.experimentation.dev`: Sends tracking data for logging purposes.

    <Warning>
      The domain for your Kameleoon scripts `https://[your-site-code].kameleoon.xx` may vary from one project to another. Projects use either `kameleoon.eu` or `kameleoon.io` depending on their creation date. Use the domain displayed in the Kameleoon App for your project.
    </Warning>
  </Accordion>

  <Accordion title="Will Kameleoon's script (engine.js) slow down my website?">
    No. Kameleoon’s script uses cutting-edge technology to run asynchronously (when using the async installation snippet) and remains fully cached by the browser for 90 minutes. It never blocks page loading, even during rare CDN incidents (99.99% uptime). On average, the script loads in under 70ms over a 4G connection or faster network conditions.

    Kameleoon further minimizes impact through advanced compression techniques, combining TypeScript and Brotli, resulting in a base script size of just 28.4 KB.

    #### CDN delivery and scalability

    The `engine.js` script is served via the **Cloudflare CDN**, which means it scales automatically regardless of your website’s traffic volume. There are no loading or slowness issues at any traffic level—Cloudflare’s global network handles delivery, so neither spikes nor sustained high traffic affect script performance for your visitors.

    #### Caching

    By default, the browser caches `engine.js` for 90 minutes, minimizing repeat load times for returning visitors. If your use case requires a shorter cache duration, this can be reduced—down to as little as 1 minute—on request. [Contact Kameleoon support](https://www.kameleoon.com/contact) to adjust this setting for your account.

    #### Important considerations

    Script size may increase depending on the number of experiments you run and their content (CSS/JavaScript).

    For experiments or personalization campaigns that do not need to load immediately, use the “DELAYED” [tag](/user-manual/experimentation/web-experimentation/advanced-experiment-features/predefined-tags). This delays loading non-essential experiments until after the first page load. Kameleoon intelligently manages these: it only downloads configuration after 10 seconds of idle time or when a visitor is targeted and allocated a variation other than the control. This approach ensures minimal impact on load performance while still delivering full functionality for prioritized experiments.

    #### Web Experimentation (engine.js)

    The engine.js processes outgoing requests through an internal queue that runs approximately every 500 ms. The queue batches events and recursively sends additional batches if needed. On page unload or cleanup, the engine forces immediate processing of all queued events. In Safari, the engine persists unsent events to session storage to prevent data loss.

    The engine also sends an activity event every 15 seconds when a scroll or click is detected. When no activity is detected, the engine makes no additional tracking calls.

    #### Feature Experimentation (SDKs)

    For feature flag and SDK use cases, Kameleoon performs flag evaluations locally after initialization. Tracking requests to the Data API are batched and flushed in the background rather than sent individually per evaluation. Batching reduces request volume and avoids performance degradation during traffic spikes. The flush interval is configurable in the SDK, with a default of 1 second.

    #### Data API rate limits

    Kameleoon applies rate limits to the Data API to protect service reliability. Limits are based on your contractual Monthly Unique Visitors (MUV) and the requester's IP address. If you exceed those limits, the API returns HTTP 429.

    These limits apply to all requests that reach the Data API, including the tracking calls that `engine.js` sends automatically and the batched tracking requests that SDKs send. In environments where many visitors share a single IP address (such as offices or corporate networks), IP-based limits can apply even when your overall MUV stays within contract.

    For server-side integrations, you can lift IP-based limits by authenticating your requests. If your use case requires higher limits, [contact Kameleoon support](https://www.kameleoon.com/contact) to discuss options.

    #### Platform scalability

    The Kameleoon platform uses horizontal scaling, auto-scaling infrastructure, load balancing, and regular load and stress testing. For more detail, see [How does Kameleoon's platform support scalability and elasticity?](#how-does-kameleoons-platform-support-scalability-and-elasticity).
  </Accordion>

  <Accordion title="Why does the Kameleoon engine (engine.js application file) use the eval() function?">
    The Kameleoon JavaScript engine requires the `eval()` function to add custom code to Kameleoon, such as custom data and custom JavaScript, when implementing variations of a page. The `eval()` function allows Kameleoon to dynamically execute this custom code at runtime.

    If you use a Content Security Policy (CSP) directive that prevents the use of the `eval()` function, implement the following JavaScript snippet before the Kameleoon installation tag:

    ```html theme={null}
    <script>
    window.kameleoonQueue = window.kameleoonQueue || [];

    function excludeKameleoonEval() {
    	Kameleoon.Utils.runProtectedScript = function (code, fileName) {
    		const script = document.createElement("script");

    		const wrappedCode = "(function () {\n" + code + "\n})();";
    		script.innerHTML = wrappedCode;

    		if (fileName) {
    			script.innerHTML += "\n//# sourceURL=" + fileName;
    		}

    		document.head.appendChild(script);
    	};
    }

    kameleoonQueue.push({
    	level: "IMMEDIATE",
    	command: excludeKameleoonEval
    }); 
    </script>

    //Add the Kameleoon Installation tag here. Refer to this documentation: https://developers.kameleoon.com/developer-docs/web-experimentation/implementation-and-deployment/standard-implementation.mdx
    <script src="//SITE_CODE.kameleoon.eu/engine.js" fetchpriority="high" async></script>
    ```

    <Note>
      If your CSP blocks `eval()`, implementing the code snippet will not remove these restrictions. To ensure full functionality, adjust the relevant CSP directive to allow `eval()` or similar functions. Otherwise, certain advanced targeting or customization features in Kameleoon remain inaccessible due to browser security enforcement.
    </Note>

    The Kameleoon Graphic Editor (including the simulation panel) also requires the `eval()` function. However, you can work around this requirement by installing the Kameleoon Chrome Extension and enabling the **Dev Tools > Tag injection > Bypass policies** setting to override the policies locally. You must also provide your sitecode. Enabling the **Bypass policies** setting allows you to use the Graphic editor in a Chrome browser.

    <Frame>
      ![Bypass policies setting in the Chrome extension](https://storage.googleapis.com/kameleoon-storage-documentation/developers/images/web-experimentation/faq/tag-injection.png)
    </Frame>

    Some features of Kameleoon are not available if a CSP directive blocks the `eval()` function. These limitations apply even if you use any code snippet or workaround mentioned in the FAQ. The following features will remain unavailable unless your CSP explicitly allows `eval()`:

    * Targeting a segment with a custom JavaScript condition (only supported when **the condition runs asynchronously**).

    <Frame>
      ![Targeting condition async setting](https://storage.googleapis.com/kameleoon-storage-documentation/developers/images/web-experimentation/faq/no-eval-run-async.png)
    </Frame>

    * Using custom data with custom JavaScript code.
    * Using acquisition channels with custom JavaScript code.
  </Accordion>

  <Accordion title="Can I use my server to act as a proxy for Kameleoon's tracking calls?" id="does-kameleoon-offer-on-premise-tracking-request-urls">
    Yes, Kameleoon offers this advanced option. Forward all HTTP requests received on your server to `(eu|na)-data.kameleoon.(eu|io)`. For example, if you choose `tracking.yourdomain.com` as your tracking domain, a tracking request would be a POST to `tracking.yourdomain.com`. Your server should then forward the request, along with all necessary data and parameters, to the `(eu|na)-data.kameleoon.(eu|io)` host. To enable this option, contact your Customer Success Manager.

    <Warning>
      When forwarding requests to `(eu|na)-data.kameleoon.(eu|io)`, ensure you rewrite the request URL to `(eu|na)-data.kameleoon.(eu|io)`. It is not enough to forward the request while keeping the original **Host:** HTTP header set to your domain. Set the **Host:** header to `(eu|na)-data.kameleoon.(eu|io)`.
    </Warning>
  </Accordion>

  <Accordion title="Can I use Subresource Integrity (SRI) with the Kameleoon application file?">
    Unfortunately, no. While SRI provides a useful security feature, the Kameleoon application file changes over time. If it did not, features like starting and stopping experiments instantly without a redeployment would be impossible. Since the file contents change, the resource hash also changes, meaning SRI cannot be used. Otherwise, the browser would block the resource as soon as it updates on the servers.
  </Accordion>

  <Accordion title="Why does my website load with a huge flash/flicker effect on Firefox?">
    This is a [known bug on Firefox](https://bugzilla.mozilla.org/show_bug.cgi?id=1404468). Until the Firefox team fixes it, follow this workaround: ensure your linked CSS resource is followed by a `<script>` tag (even an almost empty one).

    Example:

    ```html theme={null}
    <link href="https://www.example.com/web/style.css" media="all" rel="stylesheet" type="text/css" />
    <script>/**/</script>
    ```

    This removes the flashing effect entirely.
  </Accordion>

  <Accordion title="Can I use minified versions of the installation tags?">
    Kameleoon scripts are already short, and using a minified version does not meaningfully affect page load time because the code is already compressed using Brotli or Gzip. Kameleoon does not recommend minified versions, but if required, they are available below.

    #### Asynchronous loading with anti-flicker

    ```html theme={null}
    <script>
      var a=750;window.kameleoonQueue=window.kameleoonQueue||[];window.kameleoonStartLoadTime=Date.now();if(!document.getElementById("kameleoonLoadingStyleSheet")&&!window.kameleoonDisplayPageTimeOut){var b=document.getElementsByTagName("script")[0];var c="html::after { content: ''; position: fixed; inset: 0; background: #fff; z-index: 2147483647; }";var d=document.createElement("style");d.type="text/css";d.id="kameleoonLoadingStyleSheet";if(d.styleSheet){d.styleSheet.cssText=c}else{d.appendChild(document.createTextNode(c))}b.parentNode.insertBefore(d,b);window.kameleoonDisplayPage=function(e){if(!e){window.kameleoonTimeout=true}if(d.parentNode){d.parentNode.removeChild(d)}};window.kameleoonDisplayPageTimeOut=window.setTimeout(window.kameleoonDisplayPage,a)};
    </script>
    <script src="//SITE_CODE.kameleoon.eu/engine.js" fetchpriority="high" async></script>
    ```

    #### Unify session data across subdomains

    If you use the unified session data tag to [unify session data across subdomains](./technical-concepts/unify-session-data-storage-across-subdomains) with either the synchronous tag or the asynchronous tag without anti-flicker:

    ```html theme={null}
    <script>
      window.kameleoonIframeURL="https://www.customerdomain.com/path/to/kameleoon-iframe.html";var f=document.createElement("a");window.kameleoonLightIframe=false;f.href=window.kameleoonIframeURL;window.kameleoonIframeOrigin=f.origin||(f.protocol+"//"+f.hostname);if(location.href.indexOf(window.kameleoonIframeOrigin)!=0){window.kameleoonLightIframe=true;var g=function(event){if(window.kameleoonIframeOrigin==event.origin&&event.data.slice&&event.data.slice(0,9)=="Kameleoon"){window.removeEventListener("message",g);window.kameleoonExternalIFrameLoaded=true;if(window.Kameleoon){Kameleoon.Utils.runProtectedScript(event.data);Kameleoon.Analyst.load()}else{window.kameleoonExternalIFrameLoadedData=event.data}}};if(window.addEventListener){window.addEventListener("message",g,false)}var h=document.createElement("iframe");h.src=kameleoonIframeURL;h.id="kameleoonExternalIframe";h.style="float: left !important; opacity: 0.0 !important; width: 0px !important; height: 0px !important;";document.head.appendChild(h)};
    </script>
    ```

    If you use the unified session data tag and the asynchronous tag with anti-flicker, add the three script tags in the following order:

    1. Asynchronous tag with anti-flicker.
    2. Unified session data tag.
    3. Kameleoon installation tag.

    ```html theme={null}
    <script>
      var a=750;window.kameleoonQueue=window.kameleoonQueue||[];window.kameleoonStartLoadTime=Date.now();if(!document.getElementById("kameleoonLoadingStyleSheet")&&!window.kameleoonDisplayPageTimeOut){var b=document.getElementsByTagName("script")[0];var c="html::after { content: ''; position: fixed; inset: 0; background: #fff; z-index: 2147483647; }";var d=document.createElement("style");d.type="text/css";d.id="kameleoonLoadingStyleSheet";if(d.styleSheet){d.styleSheet.cssText=c}else{d.appendChild(document.createTextNode(c))}b.parentNode.insertBefore(d,b);window.kameleoonDisplayPage=function(e){if(!e){window.kameleoonTimeout=true}if(d.parentNode){d.parentNode.removeChild(d)}};window.kameleoonDisplayPageTimeOut=window.setTimeout(window.kameleoonDisplayPage,a)};
    </script>
    <script>
      window.kameleoonIframeURL="https://www.customerdomain.com/path/to/kameleoon-iframe.html";var f=document.createElement("a");window.kameleoonLightIframe=false;f.href=window.kameleoonIframeURL;window.kameleoonIframeOrigin=f.origin||(f.protocol+"//"+f.hostname);if(location.href.indexOf(window.kameleoonIframeOrigin)!=0){window.kameleoonLightIframe=true;var g=function(event){if(window.kameleoonIframeOrigin==event.origin&&event.data.slice&&event.data.slice(0,9)=="Kameleoon"){window.removeEventListener("message",g);window.kameleoonExternalIFrameLoaded=true;if(window.Kameleoon){Kameleoon.Utils.runProtectedScript(event.data);Kameleoon.Analyst.load()}else{window.kameleoonExternalIFrameLoadedData=event.data}}};if(window.addEventListener){window.addEventListener("message",g,false)}var h=document.createElement("iframe");h.src=kameleoonIframeURL;h.id="kameleoonExternalIframe";h.style="float: left !important; opacity: 0.0 !important; width: 0px !important; height: 0px !important;";document.head.appendChild(h)};
    </script>
    <script src="//SITE_CODE.kameleoon.eu/engine.js" fetchpriority="high" async></script>
    ```
  </Accordion>

  <Accordion title="Can I modify the installation tag Kameleoon provides?">
    Do not modify installation tags. Their code is extensively tested and optimized. Modifying them can result in a non-working setup. If an installation tag requires modification, contact your Customer Success Manager to coordinate with developers. Do not attempt independent modifications.
  </Accordion>

  <Accordion title="Can I add the installation tag in a separate external script?">
    Do not include any installation tag in its own separate, external script. For example, never do this:

    ```html theme={null}
    <script src="resources/scripts/kameloon-loader.js" fetchpriority="high" async></script>
    ```

    While this may technically work, it significantly affects Kameleoon performance and introduces a noticeable flicker effect. This setup creates the problems of using a tag manager without any associated benefits.
  </Accordion>

  <Accordion title="Is it possible to encrypt data in case of dedicated data-storage clusters (on-premises setup)?">
    Yes, partitions where data is stored can be encrypted. This option requires an additional setup cost. Contact your Customer Success Manager for more information.
  </Accordion>

  <Accordion title="Can I delay non-essential experiments until after the first page load?" id="can-i-delay-non-essential-experiments-until-after-the-first-page-load">
    Yes, you can delay non-essential experiments until after the first page load. To delay an experiment, add the `DELAYED` tag to the experiments you want to defer. For more information, see the [managing tags](/user-manual/experimentation/web-experimentation/manage-your-web-experiments/manage-your-experiments#Manage_tags) documentation.

    Kameleoon intelligently manages experiments tagged as "DELAYED." It only downloads configuration after 10 seconds of idle time or when the visitor is targeted and allocated a variation other than the control. Focus on delivering the best user experience by deferring resource-intensive tests.
  </Accordion>

  <Accordion title="How does Kameleoon's platform support scalability and elasticity?" id="how-does-kameleoons-platform-support-scalability-and-elasticity">
    Kameleoon's platform provides high scalability and elasticity, ensuring optimal performance as data volumes grow. The platform handles a mean load of 20,000 queries per second with peaks up to 100,000 queries. Key factors include:

    * **Scalable architecture**: Distributed and modular architecture allows for horizontal scaling.
    * **Auto-scaling infrastructure**: Cloud-based infrastructure automatically scales computational resources.
    * **Load Balancing**: Advanced techniques distribute traffic evenly across servers.
    * **Data ingestion and processing**: Robust APIs and a data broker manage large volumes of data efficiently.
    * **Testing for scalability**: Regular load and stress testing ensure the system handles extreme conditions.
    * **Elastic data storage**: Multi-tiered storage allows for rapid data access and long-term scalability.
  </Accordion>

  <Accordion title="Which databases and frameworks does Kameleoon use?">
    Kameleoon uses the following NoSQL databases and technologies in the data flow architecture:

    * Hadoop File System (along with Spark)
    * Cassandra
    * ClickHouse
    * Kafka
  </Accordion>

  <Accordion title="What network requests does the Kameleoon engine make?">
    The Kameleoon engine initiates several network requests to ensure seamless functionality:

    #### Segments Request

    * **Purpose**: Collects events for targeted segments by the visitor.
    * **Endpoint**: `https://${SITECODE}.kameleoon.io/audiences/segments.js`
    * **Method**: GET
    * **Note**: The browser caches the file for 90 minutes.

    #### Live-update Experiments Configuration Request

    * **Purpose**: Retrieves LIVE-UPDATE tagged experiments configuration.
    * **Endpoint**: `https://${SITECODE}.kameleoon.io/live-experiments/config.js`
    * **Method**: GET
    * **Note**: The browser caches the file for 2 minutes.

    #### Deferred Experiment Variation Request

    * **Purpose**: Loads variation data for [DELAYED tagged experiments](./faq#can-i-delay-non-essential-experiments-until-after-the-first-page-load).
    * **Endpoint**: `https://${SITECODE}.kameleoon.io/experiments/${action.id}/variations/${variationId}.js`
    * **Method**: GET
    * **Note**: The browser caches the file for 30 days.

    #### Deferred Personalization Variation Request

    * **Purpose**: Loads variation data for [DELAYED tagged personalizations](./faq#can-i-delay-non-essential-experiments-until-after-the-first-page-load).
    * **Endpoint**: `https://${SITECODE}.kameleoon.io/personalizations/${action.id}/variations/${variationId}.js`
    * **Method**: GET
    * **Note**: The browser caches the file for 30 days.

    #### Previous Visits Request

    * **Purpose**: Obtains previous visits for [cross-device reconciliation](../cross-device-experimentation) and [real-time sync of visits](../sdks/web-sdks/js-sdk#synchronizing-custom-data-across-devices).
    * **Endpoint**: `https://(eu|na)-data.kameleoon.(eu|io)/visit/visitor`
    * **Method**: GET

    #### Tracking Events Request

    * **Purpose**: Records [events](../privacy-and-compliance/data-collection-backend) during visits.
    * **Endpoint**: `https://(eu|na)-data.kameleoon.(eu|io)/visit/events`
    * **Method**: POST

    <Note>
      Kameleoon sends an event every 15 seconds when a scroll or click occurs. This ensures correct session length tracking. If the engine detects no activity, it makes no additional tracking call.
    </Note>

    #### IP address Request

    * **Purpose**: Enables exclusion/inclusion of visitors based on IP address.
    * **Endpoint**: `https://(eu|na)-data.kameleoon.(eu|io)/ip`
    * **Method**: GET
    * **Note**: Kameleoon never stores IPs in databases. The visitor's browser employs the IP solely for comparison purposes.

    #### Geolocation Request

    * **Purpose**: Obtains geolocation data for targeting and analytics.
    * **Endpoint**: `https://(eu|na)-data.kameleoon.(eu|io)/geolocation`
    * **Method**: GET

    #### Current Weather Request

    * **Purpose**: Returns current weather conditions.
    * **Endpoint**: `https://(eu|na)-data.kameleoon.(eu|io)/weather/weather`
    * **Method**: GET

    #### Weather Forecast Request

    * **Purpose**: Returns a 5-day weather forecast.
    * **Endpoint**: `https://(eu|na)-data.kameleoon.(eu|io)/weather/forecast`
    * **Method**: GET

    #### Kameleoon Script Detection Request

    * **Purpose**: Detects the implementation status of the Kameleoon Script.
    * **Endpoint**: `https://(eu|na)-data.kameleoon.(eu|io)/active-script/event`
    * **Method**: POST

    #### Products Request

    * **Purpose**: Gathers product events for targeting and recommendations.
    * **Endpoint**: `https://(eu|na)-data.kameleoon.(eu|io)/product/events`
    * **Method**: POST

    #### Kameleoon Conversion Scores Request

    * **Purpose**: Retrieves predictive scores for targeting.
    * **Endpoint**: `https://(eu|na)-data.kameleoon.(eu|io)/predict/latestPredictionScoreHistograms`
    * **Method**: GET
  </Accordion>

  <Accordion title="Is my data isolated from other customers' data?" id="is-my-data-isolated-from-other-customers-data">
    Kameleoon's standard service runs on a multi-tenant SaaS architecture. Your data shares infrastructure with other tenants but is logically isolated from all other customer data through role-based access controls, environment segregation, and region-based hosting. No other tenant can access your data.

    If your security requirements call for physical isolation, Kameleoon offers a [single-tenant architecture option](https://docs.kameleoon.com/developer-docs/web-experimentation/self-hosting/simple-self-hosting-and-on-premises-options#dedicated-clusters-for-data-storage). Contact your Customer Success Manager to discuss single-tenant hosting before you sign your contract.
  </Accordion>

  <Accordion title="How does Kameleoon control employee access to my account?" id="how-does-kameleoon-control-employee-access-to-my-account">
    Kameleoon controls employee access to customer accounts under a least-privilege, role-based access model. Employees receive access only when a legitimate operational need requires it: service delivery, support, troubleshooting, security operations, or incident response. Access to your account is not broadly available within Kameleoon; only authorized personnel with a documented need can access it.

    #### Who can access your account

    Authorized access may include support or service personnel assigned to your account. Production-level access is restricted to specifically authorized technical personnel. All access to production systems requires multi-factor authentication (MFA) and is subject to regular reviews.

    #### What employees can do within your account

    Kameleoon employees cannot take unrestricted actions within your account. Role-based permissions, environment segregation, and tenant-level authorization controls constrain all activity. All access and administrative actions are logged and auditable.
  </Accordion>
</AccordionGroup>