AIARCOASC Docs

Client-Side defence

Script inventory, automated CSP, and card-skimming defence for in-browser code.

What it is

Shield's edge inserts a tiny inline script (CSP-aware) on your pages that inventories every external script (origin, hash, behaviour) and reports back. From the inventory we auto-generate a CSP that allows only what you've approved. Card-skimming defence tracks behaviours: form field readers, exfil to non-allowlisted origins.

When to use it

  • Comply with PCI-DSS 6.4.3 / 11.6.1 for payment pages.
  • Detect a supply-chain attack on a third-party tag manager.
  • Auto-generate and roll a tight CSP without hand-curating.

Quickstart

asc shield client-side enable example.com --route '/checkout'
asc shield client-side scripts list example.com
client.shield.client_side.enable('example.com', route='/checkout')
await client.shield.clientSide.enable('example.com', { route: '/checkout' });

Limits & quotas

LimitDefaultBurstNotes
Inventoried scripts / page100
CSP report retention30 days

Pricing

See pricing. Pay-as-you-go, billed monthly via Stripe.

API surface

  • POST /v1/shield/client-side/enable
  • GET /v1/shield/client-side/scripts

Required scope(s): shield:write. See Scopes.

Security

All access is authenticated and scoped. See Auth & scopes and Network controls.