Improving the PCA setup UI – a look behind the scenes with our senior developer

We’ve seen quite a few changes in recent weeks at PCA Predict. Since the revelations regarding the future growth of the company, we’ve been in overdrive trying to smarten up and improve the delivery of our services.

One part of that has been taking a look at our install process and seeing how we can improve the setup for our customers. As our products have increased in complexity behind the scenes, we’ve always tried to keep the user interactions as slick and easy as we possibly can. One issue that’s always nagged us is the need for our customers to head off to their own websites halfway through the install process.

We spent a long time getting our on-page setup right, and we’d like to think we have done a pretty good job, but the customer can become disconnected from our service at this point, and it’s difficult for us to hand hold people and help them if that’s where they get stuck.

In an attempt to address this we’ve rewritten the way our services are set up, and we’re excited to get the new system out into the world and see what everyone thinks of it. We’ve brought the services together, meaning that rather than have a series of setup guides and individual approaches to each of our services we now have a single tag that is installed across a user’s website and can deploy our services automatically. For our customers this means that they only have to schedule dev time once, and then other departments or disciplines can setup services without the need for any coding knowledge.

In our new setup flow, rather than needing to visit your Live website to complete the setup of our services, we will now load the website in a frame, right within our account section, removing the need to leave the setup process or display setup messages on your Live website.


As with most things web, the complexity of implementation is always more complicated than you first think, and one of the major stumbling blocks we arrived at was how to get around the problem of X-Frame-Options (XFO) – headers that prevent us from loading sites within frames.

To address this issue we use a proxy to load the user’s site and manipulate the headers, allowing us to open their page within a frame and continue with the setup. Of course this approach comes with its own drawbacks. For example, many of our customers are ecommerce vendors, which means our flagship product is often used in their checkout pages, which in turn can generally only be accessed by adding something to your cart and checking out.

In sites with no XFO headers this isn’t a problem, the user continues through to their checkout and sets up the service(s) just as normal. However once we’ve run the sites via the proxy, the cookies required to add items to baskets become a little trickier. Again we get around this by examining the headers and mimicking the cookies of all requests, translating the cookies into our proxy domain and then back into the user’s site domain when required. All good. However, the web is pretty secure these days, and there are some things we just can’t easily get around. One of these is ‘request verification tokens’; these auto-generated tokens are designed to prevent things like ‘man in the middle’ attacks, they do a pretty good job of preventing these attacks. Unfortunately that’s essentially what our proxy approach is (though a kind hearted, good natured one), and we are therefore defeated by these security steps… which we can’t really blame people for… much!

We see this as the start in what we hope will be a constant stream of incremental improvements to our services and setup processes over the coming months. Not all of our services are integrated into the new PCA Platform just yet, which is something we will be addressing as soon as we can. We’re really excited about the possibilities that this new approach will give us and we look forward to hearing exactly what our customers think of the changes we’re making.