Performance, Security, & Reliability

Verint XM Cloud Deployment is designed to provide optimal security and a reliably delivered network with minimal impact on your site's performance. This topic offers an overview of our efforts here to ensure a safe, dependable, and efficient data collection process.


All Verint XM Web SDK code is hosted on a Content Delivery Network (CDN) which is backed by Amazon Cloudfront. By partnering with a recognized industry-leader, Verint is able to provide microsecond time-to-first-byte performance, which is the time from connection with the server to the start of web page content downloading.

In addition to a robust network, Verint has also adopted an architecture that minimizes the potential impact of an outage of resources on your website. The gateway code is inserted asynchronously into the page, meaning that even if the origin server is unreachable or slow to respond, page performance is unaffected. In other words, even in the unlikely worst-case scenario where content is temporarily unreachable, this has virtually no impact on your website other than the omission of features during the outage.

Finally, in order to increase performance, the product has been divided across multiple files (around 10 files). By applying parallelism, the time for downloading product files is greatly reduced. In addition to these efforts, Verint continuously monitors and optimizes download performance.

Deferred Loading Mode

Although the code is already optimized to prevent performance impacts to your site, an additional mode is offered to provide even more confidence about limiting the impact to your website performance. In the Deferred Loading Mode, the code places itself last in the page load order (meaning it does not load until the Window onload event). This option can be implemented by the Verint Support Team. One potential drawback of the Deferred Loading Mode is that you may miss out on activity that happens before the code is loaded.

Caching / Compression of Resources

Whenever possible, Verint XM leverages caching and compression to improve performance. However, there are two special exceptions (these exceptions do not occur in newer versions of the Web SDK, starting with 19.6.0+):

  • Caching of resource: The code calls the endpoint to ensure services are operational before activating the rest of the code. Since up-to-the-minute information on service status is required, Verint cannot specify an expiry date for this resource. However, a timed cache is used in the browser.
  • Compression of resource: Due to the small size of this file (~600 bytes), Verint's CDN vendor (Amazon Cloudfront) does not allow compression of this file. (They only compress files larger than 1,000 bytes). Since the file is so small, there is no significant benefit to compression.

Third-Party Cookies

Verint XM uses what are called third-party cookies to keep track of users across their experience. These cookies are just text files that reside in the browser of the visitor to the website. The difference between first and third-party cookies depends on who has the right to access the information inside the cookie. A first-party cookie can only be read by the owner of the site who created it. A third-party cookie can only be read by the external vendor who has a presence on the site. Since Verint is an external vendor, our cookies are defined as third-party.

Historically, there has been industry scrutiny on cookies, specifically as they relate to privacy and ownership of information. Verint XM uses cookies to determine things like whether a user is new or returning, how many pages they’ve visited, etc. as these are inputs into the triggering logic for survey invitations. This is an important part of our service and a necessary tool in how our products function.

In situations where you cannot allow third-party cookies on your site, you have the option of hosting the code yourself and using only first-party cookies. Ask your Verint representative to learn more about this option.

Use of JSON

Verint XM uses Javascript Object Notation (JSON) formatting to encode and store information. In simple terms, a JSON object is a bit of code comprised of one or more name:value data points, such as pagesViewed:3, language:en, previoslyInvited:false. (Verint XM does not use JSONP).

These JSON objects can appear in the Verint XM cookie, be transmitted and stored on Verint XM servers, or converted (or parsed) into another persistence format so that the data can be migrated into various Verint XM products for display and analysis. Any requests for JSON objects follow Cross-Origin Resource Sharing (CORS) standard.

To parse JSON, Verint XM uses the browser-native JSON.parse() function to deserialize JSON strings and does not use the eval() function. This means the function is built into web browsers to take the data out of the JSON format and into a more readable format. The exclusion of the eval() function is important as JSON.parse() only parses information, and does not expose users to script-injection attacks. The eval() approach, on the other hand, parses the data by executing it as part of a script, which can open up security vulnerabilities.


Verint XM provides end-to-end 128-bit encryption of all hosted resources using TLS 1.2 protocol. 128-bit encryption is considered to be among the most secure encryption options available.