--- title: Client-Side Protection summary: Client-Side Protection (CSP) provides visibility and control over third-party scripts running on your web pages. Monitor script behavior, manage authorization status, and configure security policies to protect against client-side attacks like Magecart and formjacking. url: https://www.fastly.com/documentation/reference/api/client-side-protection --- Client-Side Protection (CSP) provides visibility and control over third-party scripts running on your web pages. Monitor script behavior, manage authorization status, and configure security policies to protect against client-side attacks like Magecart and formjacking. ## Data model | Field | Type | Description | |-------|------|-------------| | `name` | string | CSP directive name (e.g., script-src, style-src). | | `values` | array | Directive values. | | `config` | object | Type-specific configuration. | | `type` | string | Notification type. | | `description` | string | Page description. | | `id` | string | Unique page identifier. | | `notifications` | array | Notification configurations for this page. | | `paths` | array | URL paths to monitor. | | `website_id` | string | Parent website ID. | | `directives` | array | | | `authorization_status` | string | Script authorization status. | | `authorized_hash` | string | Hash of authorized script content. | | `current_hash` | string | Current script content hash. | | `justification` | string | Reason for authorization decision. | | `page_id` | string | Parent page ID. | | `source` | string | Script source (inline or external URL). | | `urls` | array | URLs where this script was observed. | | `domain` | string | Website domain. | | `page_ids` | array | IDs of pages associated with this website. | ## API endpoints ### List websites **GET** `/client-side-protection/v1/websites` List all websites configured for Client-Side Protection. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `limit` | integer | query | No | Limit how many results are returned. | | `page` | integer | query | No | Page number of the collection to request. | ### Create website **POST** `/client-side-protection/v1/websites` Create a new website for Client-Side Protection monitoring. ### Get website **GET** `/client-side-protection/v1/websites/{website_id}` Get details for a specific website. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `website_id` | string | path | Yes | Website identifier. | ### Delete website **DELETE** `/client-side-protection/v1/websites/{website_id}` Delete a website and all associated pages, scripts, and policies. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `website_id` | string | path | Yes | Website identifier. | ### Update website **PATCH** `/client-side-protection/v1/websites/{website_id}` Update a website's configuration. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `website_id` | string | path | Yes | Website identifier. | ### List pages **GET** `/client-side-protection/v1/pages` List all pages. Optionally filter by website. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `limit` | integer | query | No | Limit how many results are returned. | | `page` | integer | query | No | Page number of the collection to request. | | `website_id` | string | query | No | Filter pages by website ID. | ### Create page **POST** `/client-side-protection/v1/pages` Create a new page for monitoring. ### Get page **GET** `/client-side-protection/v1/pages/{page_id}` Get details for a specific page. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `page_id` | string | path | Yes | Page identifier. | ### Delete page **DELETE** `/client-side-protection/v1/pages/{page_id}` Delete a page and all associated scripts and policies. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `page_id` | string | path | Yes | Page identifier. | ### Update page **PATCH** `/client-side-protection/v1/pages/{page_id}` Update a page's configuration. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `page_id` | string | path | Yes | Page identifier. | ### List scripts **GET** `/client-side-protection/v1/pages/{page_id}/scripts` List all scripts detected on a page. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `limit` | integer | query | No | Limit how many results are returned. | | `page_id` | string | path | Yes | Page identifier. | | `page` | integer | query | No | Page number of the collection to request. | ### Get script **GET** `/client-side-protection/v1/pages/{page_id}/scripts/{script_id}` Get details for a specific script. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `page_id` | string | path | Yes | Page identifier. | | `script_id` | string | path | Yes | Script identifier. | ### Update script **PATCH** `/client-side-protection/v1/pages/{page_id}/scripts/{script_id}` Update a script's authorization status or justification. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `page_id` | string | path | Yes | Page identifier. | | `script_id` | string | path | Yes | Script identifier. | ### List policies **GET** `/client-side-protection/v1/pages/{page_id}/policies` List all Content Security Policies for a page. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `limit` | integer | query | No | Limit how many results are returned. | | `page_id` | string | path | Yes | Page identifier. | | `page` | integer | query | No | Page number of the collection to request. | ### Create policy **POST** `/client-side-protection/v1/pages/{page_id}/policies` Create a new Content Security Policy for a page. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `page_id` | string | path | Yes | Page identifier. | ### Get policy **GET** `/client-side-protection/v1/pages/{page_id}/policies/{policy_id}` Get details for a specific policy. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `page_id` | string | path | Yes | Page identifier. | | `policy_id` | string | path | Yes | Policy identifier. | ### Update policy **PATCH** `/client-side-protection/v1/pages/{page_id}/policies/{policy_id}` Update a policy's configuration. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `page_id` | string | path | Yes | Page identifier. | | `policy_id` | string | path | Yes | Policy identifier. | ### List policy reports **GET** `/client-side-protection/v1/pages/{page_id}/policies/{policy_id}/reports` List CSP violation reports for a policy. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `limit` | integer | query | No | Limit how many results are returned. | | `page_id` | string | path | Yes | Page identifier. | | `page` | integer | query | No | Page number of the collection to request. | | `policy_id` | string | path | Yes | Policy identifier. | ### List security headers **GET** `/client-side-protection/v1/pages/{page_id}/headers` List security headers detected on a page. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `limit` | integer | query | No | Limit how many results are returned. | | `page_id` | string | path | Yes | Page identifier. | | `page` | integer | query | No | Page number of the collection to request. | ### List header events **GET** `/client-side-protection/v1/pages/{page_id}/events` List security header change events for a page. **Parameters:** | Name | Type | In | Required | Description | |------|------|----|---------|--------------| | `limit` | integer | query | No | Limit how many results are returned. | | `page_id` | string | path | Yes | Page identifier. | | `page` | integer | query | No | Page number of the collection to request. |