A CSP provides a foundation of security by controlling which sources can load scripts on your pages and which external connections can be made.
CSP rolled out in 2013 and is supported by all major browsers. It is a browser native feature that is not dependent on any external tools or services which makes it a great fallback solution.
We believe every individual and organization should be able to secure themselves, regardless of budget constraints.
cside offers greater protection at a lower cost. A properly configured Content Security Policy (CSP) can help prevent dangerous third-party script sources from being fetched. With cside, you can deploy a Content Security Policy and use the cside endpoint included in your plan. We offer a single pane of glass to handle violations, reporting, and combined with our client-side script, give you visibility into suspicious script behavior via full client-side forensics.
| |  cside |  DataDome |  Imperva Client Side Protection |  Reflectiz |  Report URI |  Cloudflare Page Shield |  Fastly Client-Side Protection |
|---|---|---|---|---|---|---|---|
| CSP Report Endpoint Price | $0.00 / year | Enterprise + $4,990.00 / year | Pro plan + $5,100.00 / year | Starting at $5,000.00 / year | Starting at $659.00 / year | Enterprise only | Enterprise only |
"We believe security should be accessible to everyone. That's why we offer CSP management for free."
FAQ
Frequently Asked Questions
We fundamentally believe every individual and operation should be able to secure themselves. We understand that not every business has the resources to get the right security measures in place. Therefore, we want to contribute to this belief by offering this base-level of security for free.
Requirement 6.4.3 and 11.6.1 of PCI DSS mandates scripts and HTTP headers to be monitored for changes. A Content Security Policy can only control the sources of where scripts are fetched from. It has no view inside the script payload, hence cannot spot changes which are required to meet PCI DSS demands.
CSP is a great base-layer when it comes to client-side security. Depending on your needs, it can provide enough security, but it's not the highest level achievable. A CSP cannot see the contents of the script. Thus, should they turn malicious, you will be susceptible to an attack. If you run a limited level of considered safe scripts, and depending on your internal risk evaluation, a CSP is a great way to start. Especially with free offerings like ours.
CSP products let you list 'good' domains and tell the browser to block everything else. That stops obvious out-of-scope hosts and ticks PCI 6.4.3, but it never looks at the JavaScript itself. If an attacker slips bad code onto an approved CDN, CSP would not catch it.
cside works the other way around: every third-party script is fetched through our edge, hashed, scanned, and either served clean or blocked before the browser sees it. Because we keep the full payload and header record, we also cover PCI 11.6.1 without any manual lists to maintain.
A properly configured Content Security Policy (CSP) can help prevent dangerous third-party script sources from being fetched. With cside, you can now deploy a Content Security Policy and use the cside endpoint included in your plan. We offer a single pane of glass to handle violations, reporting, and combined with our client-side script, give you visibility into suspicious script behavior via full client-side forensics.
While other vendors charge separately for CSP report endpoints, cside includes this functionality in your plan at no extra cost. Our integrated approach means CSP violations appear in the same dashboard as your other security insights, providing a complete picture of your client-side security posture.
