Think of it this way: a WAF sits between your users and your entire website, proxying all HTTPS traffic. cside's hybrid proxy is much more targeted and only proxies the JavaScript files from third-party sources, leaving your main website traffic completely untouched. Your users connect directly to your website as normal, but when their browser requests a third-party script, that single request gets routed through our proxy for analysis before delivery.
CSP is a great base-layer for client-side security, but it cannot see script contents. Depending on your needs and risk profile, it may or may not be sufficient.
PCI DSS requires monitoring scripts for changes. CSP can only control sources, not inspect payloads, so it cannot meet PCI DSS requirements.
We fundamentally believe every individual and operation should be able to secure themselves, regardless of resources.
Because client-side security monitors an entirely different dimension of the application stack, there is no interference.