It is possible to use Chameleon on all your sites. To do so, you just need to use the same Chameleon code snippet you've used to install it in the first place.
Using Chameleon on multiple domains and subdomains
You can show Chameleon Experiences on any domain or subdomain where you've installed your Chameleon snippet. Just make sure that the site uses a secure (HTTPS) connection, as this is required to load the Chameleon Builder.
If you are logged in, you will be identified as an administrator for your Chameleon account and you will be able to use the Chameleon Builder wherever your snippet is installed.
Note: All admin users on your account will have access to the Chameleon Builder on all sites within your account. You can invite other collaborators here.
You can control which Experiences show on which pages using the URL matching for each step. You can also use wildcards or user variables to match dynamic parts of the URL.
You can load the Chameleon Builder on your local computer if you would like to first test locally before deploying to production. To do this, you will add your Chameleon code snippet locally and reload the page.
For security reasons, Chameleon can only be loaded on secure HTTPS connections. To load your local sites on an HTTPS connection, you will need to use one of two strategies:
Use a reverse proxy, such as ngrok to load your locally hosted pages on an HTTPS domain.
Use a Flag in Chrome to forcefully consider a local domain as secure.
Lastly, due to a recent update in how Chrome handles cookies, you may need to disable the Chrome flags "SameSite by default cookies" and "Cookies without SameSite must be secure".
Note: We recommend implementing the Chameleon code snippet directly on all your environments (staging and production). Your end-users will not notice this - Experiences are not published without explicit action from you, and doing so will save you engineering time.
A note about authentication
To keep you authenticated (to identify you as an admin and show the Chameleon Builder) we store your authentication information in an encrypted, HttpOnly, secure cookie that is only served to us over a secure connection (HTTPS).