---
title: Add Client-Side Protection API
summary: null
url: >-
  https://www.fastly.com/documentation/reference/changes/2026/03/add-client-side-protection-api
---

The [Client-Side Protection API](https://www.fastly.com/documentation/guides/security/client-side-protection/) is now available. Client-Side Protection provides visibility and control over third-party scripts running on your web pages, helping protect against client-side attacks like Magecart and formjacking.

The API includes endpoints for managing:

- **Websites**: Configure domains for Client-Side Protection monitoring
- **Pages**: Define URL paths to monitor within each website and configure notification settings
- **Scripts**: View detected scripts and manage authorization status (`authorized` or `unauthorized`)
- **Policies**: Create and manage Content Security Policies with report or enforce modes
- **Reports**: View CSP violation reports for each policy
- **Headers/Events**: Monitor security header changes on your pages