Cside handles SSL/TLS termination automatically at our edge for scripts we proxy. You don't need to provide, manage, or renew any certificates for our proxy service. Issuing SSL certificates is complex when domain names are different, but the cside proxy uses a set of cside domains, for which we already have SSL certificates in place. We handle all the cryptographic complexity behind the scenes, so there's no additional certificate management burden on your team.
Does a CSP provide enough security?
CSP is a great base-layer for client-side security, but it cannot see script contents. Depending on your needs and risk profile, it may or may not be sufficient.
Why doesn't a Content Security Policy (CSP) make us PCI compliant?
PCI DSS requires monitoring scripts for changes. CSP can only control sources, not inspect payloads, so it cannot meet PCI DSS requirements.
Why do you offer CSP for free?
We fundamentally believe every individual and operation should be able to secure themselves, regardless of resources.
Can cside work alongside my existing WAF without conflicts?
We monitor an entirely different dimension of the application stack; hence, there is no interference.