Find the right plan for your team

For PCI DSS compliance (requirements 6.4.3 and 11.6.1), only your payment and checkout pages count toward your cside limit, not your entire website. To find your payment page views, filter by your /checkout, /payment, or /cart URLs in GA4 under Reports > Engagement > Pages and Screens.

A payment page is any page where a cardholder enters, reviews, or confirms card data, including checkout forms, payment confirmation screens, and stored card management pages. Monitoring these pages for unauthorized script changes is required by PCI DSS 4.0.1 requirements 6.4.3 and 11.6.1. Only payment page views count toward your cside limit, not total site traffic.

Yes. The cside Fingerprint product detects account takeover (ATO) and credential stuffing at the browser layer, before a login attempt reaches the server. cside identifies automated login bots by their scripted typing cadence, absent mouse movement, device fingerprint mismatches, and autofill injection patterns inconsistent with human behaviour. AI agent detection is included in the Fingerprint Business plan and identifies sessions driven by autonomous agents such as OpenAI Operator or Amazon Buy For Me.

cside has a permanent free plan at $0/month covering up to 2,500 payment page views. For PCI DSS compliance, pricing is based only on views of your payment and checkout pages, not your total site traffic. Script Security Business starts at $99/month for up to 100,000 payment page views, scaling to $399/month for 500,000. Fingerprint Business is $99/month. Enterprise pricing is custom. No credit card is required to start on any free plan.

Script Security monitors every third-party script on your site in 100% of visitor sessions, with no sampling. It automates PCI DSS 4.0.1 compliance for requirements 6.4.3 and 11.6.1, and detects Magecart and web skimming attacks. Because cside runs in every session, not a sample, you catch targeted attacks that only fire for specific users, geographies, or times. It is priced by payment page views per month.

Fingerprint provides browser fingerprinting, device fingerprinting, AI agent detection, account takeover prevention, credential stuffing detection, and chargeback evidence capture. It is priced by API calls. Both are included in the Enterprise plan.

Yes. Both Script Security Business and Fingerprint Business include a 14-day free trial. The free plan on both products is permanent: it does not expire and does not require a trial period.

Deployment takes under five minutes. Add one script tag to your site and cside begins monitoring immediately with no performance impact. PCI DSS 4.0.1 script inventory for requirements 6.4.3 and 11.6.1 populates within the first 24 hours of real traffic. AI-written script justifications are generated automatically.

Enterprise includes custom payment page view limits, 90-day script and fingerprint data retention, 99.9% uptime SLA, SSO, multi-team organisation layer, dedicated account manager, SIEM integrations, S3 log push, compliance platform integrations (Vanta, Drata), AWS Marketplace billing, ACH payment, and custom enterprise terms. It covers both Script Security and Fingerprint.

No. cside is a single lightweight script tag. It does not sit in front of your traffic, does not act as a proxy, and does not intercept or modify requests between your users and your servers. Some competitors use a proxy or reverse-proxy architecture, which introduces latency and a single point of failure. cside never does this. Your payment pages load exactly as they do today. cside observes what executes in the browser and alerts you. It does not sit in the critical path of any transaction.

cside fingerprinting detects AI agents, autonomous browsers, and headless automation frameworks through a combination of browser automation signals, environment tampering checks, and behavioural fingerprints. The Fingerprint Events API returns a bot field for every identification call, covering AI browser agents such as OpenAI Operator, Claude for Chrome, and Perplexity Comet, as well as headless browsers like Puppeteer, Playwright, and Selenium, and classic scrapers. Detection runs server-side after the client-side script submits a fingerprint, so it cannot be bypassed by modifying browser headers alone.

Winning a card dispute requires session-level evidence captured at transaction time, not reconstructed after a chargeback is filed. Visa and Mastercard dispute processes increasingly require device fingerprints, browser session timelines, script activity logs, and behavioural signals as proof. cside captures full session context automatically for every transaction with 100% session coverage and no sampling. When a dispute is filed, a pre-built evidence package is ready to export in seconds. Merchants using cside for chargeback evidence see an average 40% increase in dispute win rates (platform data, 2024-2025).

cside integrates directly with Chargebacks911 (CB911) for end-to-end dispute management. The Chargeback Evidence feature, available in the Fingerprint Enterprise plan, captures device fingerprints tied to order IDs at transaction time and formats pre-built evidence packages that meet CB911's dispute submission requirements. When a dispute is raised, your evidence package exports in seconds rather than hours. The integration removes the manual work of assembling evidence after the fact and gives your disputes team the session-level proof that card network arbitration increasingly requires.

A pageview is counted each time a page on your monitored site loads in a browser and the cside script executes. For PCI DSS compliance pricing, only views of your payment and checkout pages count toward your limit, not total site traffic.

API usage is measured in fingerprint requests. Each time your application calls sendClientTelemetry, it counts as one call. Your dashboard gives you a live view of request volume across all monitored properties.

Yes, on the Enterprise plan. cside supports MTU-based pricing as an alternative to pageview or API call volume. You pay based on the number of unique users fingerprinted each month rather than total request count. This model works well for sites with high repeat-visit traffic, where per-request pricing would otherwise inflate costs without adding coverage.