Get Started for Free
We believe security should be accessible to everyone. That's why we offer CSP management for free.Simon Wijckmans
CEO, cside
We offer greater protection at a lower cost. Dangerous third-party scripts can be prevented with a properly configured Content Security Policy (CSP). You can deploy your CSP and use the cside endpoint included in your plan. We offer a single pane of glass to handle violations, reporting, and, combined with our client-side script, give you visibility into suspicious script behavior via full client-side forensics.
CSP headers tell the browser which domains are allowed to serve JavaScript on your site. Any script from an unauthorized source gets blocked before it can execute, preventing obvious attacks from unknown domains.
cside analyzes your website's script usage and generates optimized CSP policies automatically. No need to manually maintain a whitelist of approved domains; we handle the complexity for you.
As your website evolves and adds new third-party integrations, cside keeps your CSP policies up to date and alerts you to violations in real-time through our unified security dashboard.
Get Started for Free
We believe security should be accessible to everyone. That's why we offer CSP management for free.Simon Wijckmans
CEO, cside
We offer greater protection at a lower cost. Dangerous third-party scripts can be prevented with a properly configured Content Security Policy (CSP). You can deploy your CSP and use the cside endpoint included in your plan. We offer a single pane of glass to handle violations, reporting, and, combined with our client-side script, give you visibility into suspicious script behavior via full client-side forensics.
| | cside | DataDome | Imperva Client Side Protection | Reflectiz | Report URI | Cloudflare Page Shield | Fastly Client-Side Protection |
|---|---|---|---|---|---|---|---|
| CSP Report Endpoint Price | $0.00 / year | Enterprise + $4,990.00 / year | Pro plan + $5,100.00 / year | Starting at $5,000.00 / year | Starting at $659.00 / year | Enterprise only | Enterprise only |
FAQ
Frequently Asked Questions
We believe every individual and operation should be able to secure themselves. The impact of a security incident reaches beyond the business, real human data is leaked and that can be disastrous. We understand that not every business has the resources to get the right security measures in place but the least we can do is provide options. Therefore, we want to contribute by offering this base level of security for free.
Requirement 6.4.3 and 11.6.1 of PCI DSS mandates script contents and security impacting HTTP headers to be monitored for changes. A Content Security Policy can only control the sources of where scripts are fetched from and some of the actions it takes. It has no visibility on the script payload. It cannot meet all the requirements of client-side security to meet PCI DSS demands.
CSP is a good starting point when it comes to client-side security. Depending on your needs it can provide enough security but it's not the highest level achievable and can be a painful thing to maintain with many adopters facing issues when scripts change. A CSP cannot see the contents of the script. Should they turn malicious how tight you set your CSP will define whether the malicious behaviour would be detected.
CSP products let you list trusted domains and endpoints to send data to. The browser will then block everything else. But it never looks at the JavaScript itself. If an attacker slips bad code onto an approved CDN CSP would not catch it.
Cside works the other way around: every script is analyzed on the payload level. We hash them and in case a malicious change took place either serve a clean version from before or blocked before the browser sees it. Our solution offers a dedicated dashboard view for PCI DSS compliance, it was even reviewed by VikingCloud which wrote a white paper about it.
You can deploy a Content Security Policy and use the cside endpoint included in your plan. We offer a single pane of glass to handle CSP reporting and combined with our client-side script security solution. Giving you full visibility into suspicious script behavior.
While other vendors charge separately for CSP report endpoints. With cside this functionality is included in your plan at no extra cost. Our integrated approach means CSP violations appear in the same dashboard as your other client-side security insights.
In some ways it might but its not an explicit requirement. Leveraging security best practices is an indicative requirement of GDPR. And CSP would be a good baseline security measure to adopt. But the more fundamental security benefit is that you can define the script sources you wish to allow and prevent unexpected data exfiltration events. That goes a long way in the context of GDPR. It surely helps, but note that CSP is a tricky thing to maintain and has often caused incidents for those who adopt it.