We monitor an entirely different dimension of the application stack; hence, there is no interference. Our platform co-exists with your existing security solutions. Your main website inbound traffic is continuously protected by your WAF, while cside focuses on client-side JavaScript security. Your WAF handles incoming requests, while we handle outgoing requests from browsers to third-party scripts. We can assure that there is no conflict or overlap in functionality.
Does a CSP provide enough security?
CSP is a great base-layer for client-side security, but it cannot see script contents. Depending on your needs and risk profile, it may or may not be sufficient.
Why doesn't a Content Security Policy (CSP) make us PCI compliant?
PCI DSS requires monitoring scripts for changes. CSP can only control sources, not inspect payloads, so it cannot meet PCI DSS requirements.
Why do you offer CSP for free?
We fundamentally believe every individual and operation should be able to secure themselves, regardless of resources.
Does cside's JavaScript proxy add latency like a WAF does to all traffic?
cside only adds 8-20 milliseconds (the blink of an eye typically lasts between 100 and 400 milliseconds) of latency to the specific, highly dynamic JavaScript files we proxy.