Skip to main content
Content Security Policy (CSP)

Base-Layer Client-Side Security for Everyone

We offer greater protection at a lower cost. Dangerous third-party scripts can be prevented with a properly configured Content Security Policy (CSP). You can deploy your CSP and use the cside endpoint included in your plan. We offer a single pane of glass to handle violations, reporting, and, combined with our client-side script, give you visibility into suspicious script behavior via full client-side forensics.
Grid
Content-Security-Policy:
script-src 'self'
Scriptapp.js
yoursite.com
Waiting for resources...
CSP Header Active
Why CSP is Essential Base-Layer Security

Why CSP is base-layer security

  • 01

    Control Script Sources at the Browser Level

    CSP headers tell the browser which domains are allowed to serve JavaScript on your site. Any script from an unauthorized source gets blocked before it can execute, preventing obvious attacks from unknown domains.

  • 02

    Automatic Policy Generation

    cside analyzes your website's script usage and generates optimized CSP policies automatically. No need to manually maintain a whitelist of approved domains; we handle the complexity for you.

  • 03

    Continuous Updates and Monitoring

    As your website evolves and adds new third-party integrations, cside keeps your CSP policies up to date and alerts you to violations in real-time through our unified security dashboard.

WITH CSIDE
  • 100% free CSP management and violation reporting
  • Automatic CSP policy generation and deployment
  • Real-time violation monitoring in unified dashboard
  • Combined CSP + client-side forensics for complete visibility
How it works

Everything you need for CSP management

Site Scanner
Ready
Detected
google.com
evil.com
cdn.js
tracker.xyz
analytics.js
Generated Policy
Awaiting scan...
01

Automatic Policy Generation

Analyze your site and generate optimized CSP policies that balance security with functionality

Policy Versions
Synced
1.0
v1.0
12 scripts
1.1
v1.1
14 scripts
CURRENT
02

Continuous Updates

Keep policies current as your website adds new scripts and third-party integrations over time

Violation Monitor
Live
Radar
142
Total Blocked
Recent Violations
03

Violation Dashboard

Monitor CSP violations in real-time with detailed reporting on blocked script attempts

Domain Whitelist2 domains
OK
stripe.com
OK
google-analytics.com
04

Full Management Control

Fine-tune policies, approve new domains, and manage CSP headers through an intuitive interface

Industries

Free security for all industries

eCommerce

Block unauthorized payment skimmers while allowing legitimate checkout scripts.

Healthcare & Pharma

Maintain baseline HIPAA compliance by controlling script sources on patient portals.

Payment Providers

Prevent unauthorized scripts from accessing sensitive payment processing pages.

CSP Report Endpoint Pricing

How cside compares against competitors

We offer greater protection at a lower cost. Dangerous third-party scripts can be prevented with a properly configured Content Security Policy (CSP). You can deploy your CSP and use the cside endpoint included in your plan. We offer a single pane of glass to handle violations, reporting, and, combined with our client-side script, give you visibility into suspicious script behavior via full client-side forensics.

cside
DataDome
Imperva Client Side Protection
Reflectiz
Report URI
Cloudflare Page Shield
Fastly Client-Side Protection
CSP Report Endpoint Price $0.00 / year Enterprise + $4,990.00 / year Pro plan + $5,100.00 / year Starting at $5,000.00 / year Starting at $659.00 / year Advanced add-on Enterprise only
Why cside

Why cside outperforms every alternative

01

Vs. Crawler-Based Solutions: We can see real user behavior, not just sanitized crawler views, and can catch attacks aimed at specific segments. This allows us to detect threats between periodic scans.

02

Vs. Content Security Policy (CSP): We monitor script payloads, not just the sources, and can detect breaches at trusted third-party sources. We can handle dynamic scripts CSPs can't control.

03

Vs. Client-Side Agents: Bad actors can't bypass our undetectable monitoring capabilities. We can provide historical script behavior tracking and a future-proof solution against evolving techniques.

FAQ

Questions, answered

01 Why do you offer CSP for free?

We believe every individual and operation should be able to secure themselves. The impact of a security incident reaches beyond the business, real human data is leaked and that can be disastrous. We understand that not every business has the resources to get the right security measures in place but the least we can do is provide options. Therefore, we want to contribute by offering this base level of security for free.

02 Why doesn't a Content Security Policy (CSP) make us PCI compliant?

Requirement 6.4.3 and 11.6.1 of PCI DSS mandates script contents and security impacting HTTP headers to be monitored for changes. A Content Security Policy can only control the sources of where scripts are fetched from and some of the actions it takes. It has no visibility on the script payload. It cannot meet all the requirements of client-side security to meet PCI DSS demands.

03 Does a CSP provide enough security?

CSP is a good starting point when it comes to client-side security. Depending on your needs it can provide enough security but it's not the highest level achievable and can be a painful thing to maintain with many adopters facing issues when scripts change. A CSP cannot see the contents of the script. Should they turn malicious how tight you set your CSP will define whether the malicious behaviour would be detected.

04 Are Content Security Policies enough to be PCI 6.4.3 & 11.6.1 compliant or stop attacks?

CSP products let you list trusted domains and endpoints to send data to. The browser will then block everything else. But it never looks at the JavaScript itself. If an attacker slips bad code onto an approved CDN CSP would not catch it.

Cside works the other way around: every script is analyzed on the payload level. We hash them and in case a malicious change took place either serve a clean version from before or blocked before the browser sees it. Our solution offers a dedicated dashboard view for PCI DSS compliance, it was even reviewed by VikingCloud which wrote a white paper about it.

05 How does cside's CSP endpoint compare to other CSP report endpoints?

You can deploy a Content Security Policy and use the cside endpoint included in your plan. We offer a single pane of glass to handle CSP reporting and combined with our client-side script security solution. Giving you full visibility into suspicious script behavior.

While other vendors charge separately for CSP report endpoints. With cside this functionality is included in your plan at no extra cost. Our integrated approach means CSP violations appear in the same dashboard as your other client-side security insights.

06 Does a Content Security Policy (CSP) help me with GDPR compliance?

In some ways it might but its not an explicit requirement. Adopting security best practices is an indicative requirement of GDPR. And CSP would be a good baseline security measure to adopt. But the more fundamental security benefit is that you can define the script sources you wish to allow and prevent unexpected data exfiltration events. That goes a long way in the context of GDPR. It surely helps, but note that CSP is a tricky thing to maintain and has often caused incidents for those who adopt it.

Didn't find what you were looking for?

Talk to a CSP expert
Free forever

Deploy CSP without breaking the bank

100% free CSP management. Sign up and configure in minutes.

Get free CSP
Book a demo
Book a demo