Why do WAF logs miss evidence of client-side data theft?

This site uses cookies and other technologies that let us and the companies we work with collect information about your device and usage of the site to enable functionality, analytics, and advertising. See our Cookie Notice for details.

Find out more in our privacy policy and cookie notice.

Only the initial delivery of third-party scripts to browsers can be captured by WAF logs. Malicious JavaScript steals user data, bypassing your infrastructure via direct browser-to-attacker communication. You can see through your WAF logs the script that was delivered successfully, but it's blind when it comes to the data collected, manipulated, or exfiltrated that happens on the client-side.

Can cside work alongside my existing WAF without conflicts?

We monitor an entirely different dimension of the application stack; hence, there is no interference.

Does cside's JavaScript proxy add latency like a WAF does to all traffic?

cside only adds 8-20 milliseconds to specific dynamic JavaScript files we proxy, with static scripts cached for faster loading.

How does cside's approach compare to the complexity of managing a WAF?

cside is much simpler because we're only handling JavaScript files, not your entire web infrastructure.

What happens if cside's proxy goes down? Will my website break?

Your website will continue working as intended with our fail-open design and 99.99% uptime SLA.