With Enflock, on an arbitrary website, you can see other visitors cursors and talk to them if they also started Enflock. Three buttons control Enflock behaviour. The rightmost button turns Enflock On or Off, it is usually Off when opening a new webpage. Middle button shows the shadow behind your cursor - that's how other visitors see you. It indicates how slow your Internet connection is, and it is usually Off. The leftmost button opens this website www.enflock.com

When the website owner enables Enflock, these three control buttons are always there. If you launch Enflock yourself, following instructions on the left, it works, with only one exception: website owner can explicitly prohibit to launch scripts from other websites. That is controlled by the Content Security Polilcy (CSP). Facebook, for example, does that. That is the only scenario when Enflock can't be launched. To confirm that that's the case, open Developer's Console (Chrome: Ctrl-Shift-I, FireFox: F12, IE: F12, then Console tab), reload website and look for the error message like this:

It means that website owner should explicitly allow running scripts from www.enflock.com

Corporate firewalls may break communication with Enflock server. In this case, when you "turn On" Enflock with the rightmost button , the following message is displayed either immediately or after about 20sec timeout:

Let your technical support update the firewall.

It's easy: first of all you have to decide which <div> element you want to carry those three buttons. Make sure that <div> element has "id" assigned. Then specify that <div> ID in the query as the "div" parameter, in this case "TargetDivID":
<script src="//enflock.com/enflock.js?state=On&shadow=Off&div=TargetDivID&top=10&right=20"></script>
Two other parameters "top" and "right" specify the offsets from the top right corner of that <div> element. In this case 10 pixels down, 20 pixels left. Parameter "state" On or Off specifies whether Enflock activates right on webpage loading or not. Parameter "shadow" On or Off tells Enflock to show your cursor shadow or not.

Send us your icons, we'll customize them for your website

It means that nobody has launched Enflock right now on your website: either because they can't find these 3 buttons , or simply because there are no visitors at the moment. In these situations we start three echo-robots, so you can talk to them to see and feel how it will work with real visitors.

That's good, it means we have to implement filtering by different criteria - contact us.

Approach somebody's cursor, and in a popup frame click the right icon . If that visitor is already in public chat, you join it. Otherwise, new chat starts.

Enflock works fully on desktop computers and laptops. Next release will take all extra advantages of touchscreens and handhelds. For now only some additional features are available.

No, it isn't. By definition: "Cross-Site Scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user's browser".
The keywords here are: "attack" and "malicious". In opposite, there are myriads scripts, loaded from a third-party's servers, to perform not illegal but legitimate services. The most known one is Google Analytics script, present almost in every webpage:
<script>
. . .
(window,document,'script','//www.google-analytics.com/analytics.js','ga');
. . .
</script>
That's why Facebook allowed scripts from *.google-analytics.com in its Content Security Policy - see the screenshot in the second FAQ above; or the website heatmap script by CrazyEgg:
<script>
. . .
a.src="//script.crazyegg.com/pages/scripts/0018/8369.js?";
</script>
Enflock does the same, launching its own script, which talks only back to the same server it was launched from (no "Cross-Site" tricks). Moreover, Enflock does not collect nor store any personalized information, like cookies, on its servers. Nothing stored means nothing to steal. All communication between visitors is not recorded anywhere, other than printed in their respective browsers and deleted upon webpage change.