Monthly Archives: April 2022

Optimizely Data Platform Visitor Groups

Posted on by
6

The Optimizely Data Platform (ODP) builds a picture of a customer, their interactions, and their behavior in comparison to other customers on a site.

This module exposes these insights in the form of visitor groups which can then be used to personalise content.

Features

There are currently five different visitor groups available. These are accessed via the ‘Data Platform’ group.

Real-Time Segments

Real-Time segments are new and are different from the ‘Calculated’ segments that are currently available on the platform.

Real-Time segments are based on the last 30 days of data whereas ‘Calculated’ segments are based on all the stored customer data and are calculated at regular intervals. They are more suited to reporting and journey orchestration. 

image-6

Note: You need to contact Optimizely to get Real-Time Segments enabled on your instance and there is currently no interface to create them.

Note 2: ‘Calculated’ Segments are not available via this visitor group criterion. 

Engagement Rank

This metric allows you to build personalisation based on how engaged the customer/visitor is with your site/brand.  This is biased toward more recent visits rather than historical visits.

image-5

This metric is calculated every 24 hrs.

Order Likelihood

As the name suggests, this criterion returns the likelihood that the customer will place an order.  

The possible values are:

  • Unlikely
  • Likely
  • Very Likely
  • Extremely Likely

This metric is calculated every 24 hrs.

Winback zone

Returns the ‘Winback Zone’ for the current customer.  This can be used to identify when a customer is altering their normal interaction patterns with the site; for example, are disengaging.

The options are:

  • Churned Customers
  • Winback Customers
  • Engaged Customers

This metric is calculated every 24hrs.

Observation

This criterion is can be used to build personalisation around 3 different customer order metrics.

  • Total Revenue
  • Order Count
  • Average Order Revenue

image-2

This metric is calculated every 24hrs.

Installation

Install the package directly from the Optimizely Nuget repository.

dotnet add package UNRVLD.ODP.VisitorGroups
Install-Package UNRVLD.ODP.VisitorGroups

Configuration (.NET 5.0)

Startup.cs

// Adds the registration for visitor groups
services.AddODPVisitorGroups();

appsettings.json All settings are optional, apart from the PrivateApiKey

{
   "EPiServer": {
      //Other config
      "OdpVisitorGroupOptions": {
         "OdpCookieName": "vuid",
         "CacheTimeoutSeconds": 10,
         "EndPoint": "https://api.zaius.com/v3/graphql",
         "PrivateApiKey": "key-lives-here"
       }
   }
}

Configuration (.Net Framework)

web.config All settings are optional, apart from the PrivateApiKey

  <appSettings>
    <add key="episerver:setoption:UNRVLD.ODP.OdpVisitorGroupOptions.OdpCookieName, UNRVLD.ODP.VisitorGroups" value="vuid" />
    <add key="episerver:setoption:UNRVLD.ODP.OdpVisitorGroupOptions.CacheTimeoutSeconds, UNRVLD.ODP.VisitorGroups" value="1" />
    <add key="episerver:setoption:UNRVLD.ODP.OdpVisitorGroupOptions.EndPoint, UNRVLD.ODP.VisitorGroups" value="https://api.zaius.com/v3/graphql" />
    <add key="episerver:setoption:UNRVLD.ODP.OdpVisitorGroupOptions.PrivateApiKey, UNRVLD.ODP.VisitorGroups" value="key-lives-here" />
  </appSettings>

Credits

I cannot take all the credit for this module, it was co-developed with David Knipe. Thanks for all the help.

Jhoose Security – Updated to support Episerver 11

Posted on by
Reply

I have updated the Jhoose security module to support any Episerver 11 site, the only dependency is .Net Framework 4.7.1.

Installation

Install the package directly from the Optimizley Nuget repository. This will install the admin interface along with the middleware to add the CSP header to the response.

Github: https://github.com/andrewmarkham/contentsecuritypolicy

dotnet add package Jhoose.Security.Admin
 --version 1.2.2.148 
Install-Package Jhoose.Security.Admin
 -Version 1.2.2.148

Configuration

The installation process will add the following nodes to the web.config file within your solution.

<configSections>
	<sectionGroup name="JhooseSecurity" type="Jhoose.Security.Configuration.JhooseSecurityOptionsConfigurationSectionGroup, Jhoose.Security">
		<section name="Headers" type="Jhoose.Security.Configuration.HeadersSection, Jhoose.Security" />
		<section name="Options" type="Jhoose.Security.Configuration.OptionsSection, Jhoose.Security" />
	</sectionGroup>
</configSections>

Register the module with the .Net pipeline

<system.webServer>
	<modules runAllManagedModulesForAllRequests="true">
		<add name="JhooseSecurityModule" type="Jhoose.Security.HttpModules.JhooseSecurityModule, Jhoose.Security" />
	</modules>
</system.webServer>

Configuration options for the module

<JhooseSecurity>
	<Options httpsRedirect="true">
		<Exclusions>
			<add path="/episerver" />
		</Exclusions>
	</Options>
	<Headers>
		<StrictTransportSecurityHeader enabled="true" maxAge="31536000" />
		<XFrameOptionsHeader enabled="true" mode="Deny|SameOrigin|AllowFrom" domain=""/>
		<XContentTypeOptionsHeader enabled="true" />
		<XPermittedCrossDomainPoliciesHeader enabled="true" mode="None|MasterOnly|ByContentType|All"/>
		<ReferrerPolicyHeader enabled="true" mode="NoReferrer|NoReferrerWhenDownGrade|Origin|OriginWhenCrossOrigin|SameOrigin|StrictOrigin|StrictOriginWhenCrossOrigin|UnsafeUrl"/>
		<CrossOriginEmbedderPolicyHeader enabled="true" mode ="UnSafeNone|RequireCorp"/>
		<CrossOriginOpenerPolicyHeader  enabled="true" mode="UnSafeNone|SameOriginAllowPopups|SameOrigin"/>
		<CrossOriginResourcePolicyHeader enabled="true" mode="SameSite|SameOrigin|CrossOrigin" />
	</Headers>
</JhooseSecurity>

Exclusions: Any request which starts with a path specified in this property will not include the CSP header. 

httpsRedirect: This attribute controls whether all requests should be upgraded to HTTPS.

Nonce HTML helper

It is possible to get a nonce added to your inline <script> and <style> tags.

@using Jhoose.Security.Core.HtmlHelpers;
<script @Html.AddNonce() src="/assets/js/jquery.min.js"></script>

Response Headers

The response headers can be controlled within the web.config

Server Header and X-Powered-By Header

These aren’t removed, the reason being

  1. When hosting within Optimizley DXP, the CDN will obfuscate the server value anyway.
  2. The header cannot be removed programmatically.
IIS 10
<!-- web.config -->
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <requestFiltering removeServerHeader="true" />
        </security>

        <httpProtocol>
            <customHeaders>
                <clear />
                <remove name="X-Powered-By" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>