Skip to main content

Integration

By default, pagent uses opt-in tracking: it uses cookie-less tracking for up to 24h and sets a permanent cookie only once opt-in is triggered. No cookies are created by our SDK unless you explicitly give it consent. Here is the default integration: 
<head>
  <!-- pagent SDK Script - Default (Opt-In Required) -->
  <script data-client-key="[YOUR_KEY]" src="https://cdn.pagent.ai/js/sdk.js"></script>
</head>

Disabling Opt-In (Testing Only)

For testing purposes only, you can disable the opt-in requirement using the data-disable-opt-in flag. This will set cookies immediately upon page load.
⚠️ Warning: The data-disable-opt-in flag should only be used for testing purposes. In production, especially in the EU, you should use the default opt-in behavior to comply with GDPR requirements. 
<head>
  <!-- pagent SDK Script - Testing Only (Opt-In Disabled) -->
  <script data-client-key="[YOUR_KEY]" data-disable-opt-in src="https://cdn.pagent.ai/js/sdk.js"></script>
</head>
Once you have consent from your user, execute the opt-in command as follows: 
window._pgnt = window._pgnt || [];
window._pgnt.push({ kind: "opt-in" });
Alternatively, you can have a script injected into your page upon consent using your own tooling, like below: 
<script>
    window._pgnt = window._pgnt || [];
    window._pgnt.push({ kind: "opt-in" });
</script>
If you need to explicitly opt a user out of tracking and experimentation, you can use the opt-out command: 
window._pgnt.push({ kind: "opt-out" });
This is useful for:
  • Implementing a custom consent banner or preference center
  • Respecting user privacy choices programmatically
  • Compliance with GDPR, CCPA, or other privacy regulations
Important: When a user opts out after previously giving consent, all pagent cookies will be removed from their browser. This ensures complete data removal when consent is withdrawn.

Cookieless tracking

Pagent can also operate completely without cookies. In this cookieless mode we still need to recognise a visitor long enough to keep A/B tests consistent, but we do so only for 24 hours and without storing any data in the browser. Because no persistent identifier is written, this mode typically does not require a cookie banner.

How visitor consistency works

When the SDK loads it derives a short-lived, deterministic seed: 
seed = SHA-256(salt + ip + userAgent)
  • salt – a random 64-byte string generated by our backend and rotated every 24h
  • ip – the visitor’s IP address (truncated, e.g. /24 for IPv4, /56 for IPv6)
  • userAgent – the browser’s user-agent string
The seed exists only in memory. Once the salt rotates after 24 hours the identifier can no longer be reproduced, effectively resetting the visitor. Cookieless tracking is the default behavior before calling opt-in: experiments stay consistent within the 24-hour window, yet no long-term tracking occurs until consent is given.