Client-Side defence
Script inventory, automated CSP, and card-skimming defence for in-browser code.
What it is
Shield's edge inserts a tiny inline script (CSP-aware) on your pages that inventories every external script (origin, hash, behaviour) and reports back. From the inventory we auto-generate a CSP that allows only what you've approved. Card-skimming defence tracks behaviours: form field readers, exfil to non-allowlisted origins.
When to use it
- Comply with PCI-DSS 6.4.3 / 11.6.1 for payment pages.
- Detect a supply-chain attack on a third-party tag manager.
- Auto-generate and roll a tight CSP without hand-curating.
Quickstart
asc shield client-side enable example.com --route '/checkout'
asc shield client-side scripts list example.comclient.shield.client_side.enable('example.com', route='/checkout')await client.shield.clientSide.enable('example.com', { route: '/checkout' });Limits & quotas
| Limit | Default | Burst | Notes |
|---|---|---|---|
| Inventoried scripts / page | 100 | — | |
| CSP report retention | 30 days | — |
Pricing
See pricing. Pay-as-you-go, billed monthly via Stripe.
API surface
POST /v1/shield/client-side/enableGET /v1/shield/client-side/scripts
Required scope(s): shield:write. See Scopes.
Security
All access is authenticated and scoped. See Auth & scopes and Network controls.