Using the Velaro Chat Widget with a Cookie Consent Platform (CMP)
5 min read
> Customer-facing KB content for help.velaro.com article 781. Updated 2026-06.
Summary
The Velaro widget is a chat service, not a tracking tool. How you classify it in your CMP depends on the experience you want to deliver. This article explains your options. Your legal and compliance team makes the final classification decision — we can tell you what the widget does technically, not what your DPO requires.
---
What the widget does on page load — technically
This matters for any CMP classification decision.
Standard embed (no boot flags): On page load the widget loads fully. It registers the visitor, writes session data to localStorage, and sets load-balancing cookies on api-visitor-us-east.velaro.com. Chat availability is checked and the launcher appears if agents are online.
With deferLoadUntilInteraction: true: On page load the widget fetches only your button appearance (colors, icon) and checks agent availability. No visitor is registered, no localStorage is written, no tracking cookies are set. The launcher button appears. When a visitor clicks the button, the full widget loads and the chat session begins.
With deferStorageUntilInteraction: true: The full widget mounts on page load but visitor registration and localStorage writes are held until the visitor opens the chat window.
Azure load-balancing cookies (ARRAffinity, ARRAffinitySameSite on api-visitor-us-east.velaro.com): These are set by Azure infrastructure regardless of boot flags. They contain no personal data, exist only to keep a visitor on a consistent server, and expire with the session. Every CMP has a Strictly Necessary / Essential / Required category for this type of cookie.
---
Choose your path
Path 1 — Let your CMP handle it (simplest)
Classify the Velaro widget as Functional / Preferences / Performance in your CMP. Your CMP's auto-blocking will hold the widget until the visitor consents to that category. Visitors who decline see no chat widget. No embed code changes are needed.
This is the correct path if your DPO is comfortable with the widget being visible only to visitors who have consented to Functional cookies.
Path 2 — Show the launcher to all visitors, defer tracking until click
Use this if your DPO requires the chat button to be visible to all visitors regardless of cookie choice, with no visitor data sent to Velaro until someone actively opens the chat.
Required changes — three things:
1. In your CMP auto-blocking: Move the Velaro CDN entry (eastprodcdn.azureedge.net) to Strictly Necessary / Essential. This prevents your CMP from blocking the widget script for visitors who have not consented to Functional cookies.
2. In your CMP cookie declaration: Classify the Azure load-balancing cookies as Strictly Necessary:
| Cookie | Host | Category |
|---|---|---|
ARRAffinity | api-visitor-us-east.velaro.com | Strictly Necessary |
ARRAffinitySameSite | api-visitor-us-east.velaro.com | Strictly Necessary |
3. In your embed code: Add deferLoadUntilInteraction: true to your boot command:
Velaro('boot', {
siteId: YOUR_SITE_ID,
deferLoadUntilInteraction: true
});Replace YOUR_SITE_ID with your numeric site ID. Remove any existing deferStorageUntilInteraction if present — these two flags are not interchangeable.
What this delivers: The chat launcher button (with your configured icon and color) is visible to all visitors. Agent availability shows in real time. No visitor is registered and no data is sent to Velaro until someone clicks the button. At that point the visitor has explicitly requested the chat service, and the full session loads.
---
CMP-by-CMP setup for Path 2
OneTrust
| What | Category |
|---|---|
eastprodcdn.azureedge.net (Velaro CDN) | Strictly Necessary — C0001 |
ARRAffinity on api-visitor-us-east.velaro.com | Strictly Necessary — C0001 |
ARRAffinitySameSite on api-visitor-us-east.velaro.com | Strictly Necessary — C0001 |
OneTrust's OtAutoBlock reads category assignments from your consent configuration. Changes can take several hours to propagate to production. Use OneTrust's Test script version to validate without waiting for propagation. Clear OptanonConsent and OptanonAlertBoxClosed cookies between tests.
Important: Do not add data-ot-ignore to the Velaro script element. This attribute bypasses OtAutoBlock's category check but also breaks the cross-window communication the widget relies on. The correct fix is to change the category to C0001, not to use data-ot-ignore.
---
Cookiebot (Usercentrics)
| What | Category |
|---|---|
| Velaro widget | Necessary (Path 2) or Preferences (Path 1) |
ARRAffinity / ARRAffinitySameSite | Necessary |
---
TrustArc
Classify eastprodcdn.azureedge.net under Required (Path 2) or Functional / Preference (Path 1). The Azure load-balancing cookies are Required.
---
Osano
| What | Category |
|---|---|
| Velaro widget | ESSENTIAL (Path 2) or STORAGE (Path 1) |
ARRAffinity / ARRAffinitySameSite | ESSENTIAL |
---
Termly
| What | Category |
|---|---|
| Velaro widget | Essential (Path 2) or Performance / Functionality (Path 1) |
ARRAffinity / ARRAffinitySameSite | Essential |
---
Choosing between the two paths
| Path 1 — CMP controls | Path 2 — Defer until click | |
|---|---|---|
| Widget visible to Strictly Necessary-only visitors | No | Yes |
| Embed code change required | No | Yes |
| CMP category change required | No | Yes (CDN → Strictly Necessary) |
| Data sent to Velaro before click | Yes (on consent) | No |
| Proactive chat invitations | Work normally | Not available before click |
If you use proactive chat invitations or timed pop-ups, those features require visitor data that is not collected before the click in Path 2. Proactive invites will not fire until the visitor opens the chat.
---
Need help?
Contact Velaro support to confirm your site ID, check your group configuration, or enable deferLoadUntilInteraction on your account.
Email
Was this article helpful?
Security and Compliance in Velaro V20