Client-Side Protection
Client-Side Protection (CSP) provides visibility and control over third-party scripts running on your web pages. Monitor script behavior, manage authorization status, and configure security policies to protect against client-side attacks like Magecart and formjacking.
NOTE: The Client-Side Protection API is available to customers with the Client-Side Protection product enabled. Contact your Fastly account team for access.
Data model
name | string | CSP directive name (e.g., script-src, style-src). | |
values | array | Directive values. | |
config | object | Type-specific configuration. | |
type | string | Notification type. | |
description | string | Page description. | |
id | string | Unique page identifier. | |
notifications | array | Notification configurations for this page. | |
paths | array | URL paths to monitor. | |
website_id | string | Parent website ID. | |
directives | array | ||
authorization_status | string | Script authorization status. | |
authorized_hash | string | Hash of authorized script content. | |
current_hash | string | Current script content hash. | |
justification | string | Reason for authorization decision. | |
page_id | string | Parent page ID. | |
source | string | Script source (inline or external URL). | |
urls | array | URLs where this script was observed. | |
domain | string | Website domain. | |
page_ids | array | IDs of pages associated with this website. |
