The future of business starts with developers

Learn more
Company The team behind better online experiences Network Map A new architecture for the modern internet Industry Analyst Relations See what industry analysts say about Fastly News Recent updates and announcements Platform The platform behind better, faster and more secure digital experiences Customer Stories See how the best of the web succeed Events Connect with Fastly at an event Careers Join the team that's building a better internet

The Fastly Edge Cloud Platform

See All Products
Content Delivery (CDN) Deliver fast, personalized experiences globally Live Streaming Deliver seamless live streaming experiences Streaming Video (VoD) Deliver exceptional on-demand video experiences Media Shield Optimize multi-CDN deployments On-the-Fly Packager Dynamically package on-demand video content in real time Image Optimization Rapid image processing at the edge Load Balancer Granular control over routing decisions TLS Encryption Reduce the complexity of TLS management Origin Connect Connect directly to Fastly IP Addresses Easily manage IP addresses HTTP/3 & QUIC Modern protocols Domain Research API Instant, accurate domain name discovery Object Storage Get direct access to large files at the edge with zero egress fees
Next-Gen WAF Modern web app and API security, anywhere Bot Management Detect and mitigate bot attacks DDoS Protection Automated mitigation of disruptive and distributed attacks API Security Secure your API endpoints Client-Side Protection Defend against client-side attacks AI Bot Management Stop AI bots from scraping website content
Edge Compute Take your apps to the edge — our instant platform helps you build amazing experiences for your users Key Value Store The fastest key value store you can get, but as easy to use as your familiar database tools Websockets & Fanout Real-time messaging, at global scale, with complete personalization and easy setup Developer SDKs Program the same services we use to build Fastly products Enterprise Serverless The most powerful serverless platform, built on open standards and integrated with Fastly’s full suite of products AI Accelerate your AI workloads and improve efficiency with semantic caching Object Storage Get direct access to large files at the edge with zero egress fees Programmable Cache Get full programmatic access to the same legendary caching that powers our CDN. MCP Server AI-powered control for your Fastly services.
Real-time Logging Stream and analyze logs in real-time Edge Observer Explore live and historical traffic data Domain Inspector Assess domain level insights Origin Inspector View complete origin to edge insights Alerts Create notifications for service-related metrics Log Explorer & Insights Interact with actionable insights

Extraordinary services for exceptional results

See All Services
Professional Services Expert help to migrate or optimize your delivery service Live Entertainment Services Live streaming experiences that scale with your audiences Support Plans World class support from start to finish Managed CDN Maximized control and flexibility Managed Security Expertly managed web application protection Customer Support Fastly Support helping you grow better, together

Innovative digital solutions

See all our solutions
Streaming Media Deliver stellar live and on-demand streaming Emerging Media High performance for emerging media brands Digital Publishing Real-time journalism with improved reader experiences eCommerce Fast, personalized experiences at scale Financial Services Integrated security to protect customer data High Tech Instantly scale your performance as you grow Travel & Hospitality Online tailored experiences for your guests and visitors Online Education Deliver secure learning experiences at scale Gaming Fuel your players’ next win with ultra-fast, secure game downloads
Infrastructure Savings Achieve lower, more predictable cloud spend Multi-cloud Optimization Reduce complexity and unify cloud resources Customer Trust Learn more about Fastly’s Customer Trust initiatives Privacy Enablement Learn how to protect your user's data Sustainability Dashboard See your electricity use and GHG emissions for the Fastly platform

Empowering every developer to build incredible experiences

Try Fastly Free
Developers Build something amazing today Fast Forward Creating a more trustworthy internet Dev Tools Dev tools built for teams - with an edge Developer SDKs Program the same services we use to build Fastly products Community Join developers around the world Sign up Create a free developer account

Help build a fast, safe, and engaging internet with Fastly

Why Partner with Fastly Help deliver safe, fast and engaging experiences Cloud Partners Learn about the benefits of combining Fastly with your cloud services Channel Partners Enhance your offerings & capabilities with Fastly products Technology & Integration Partners Explore our partner ecosystem
Partner Portal Login Access all your Fastly partner resources Become a Partner Enhance your business by reselling or referring Fastly products Find a Partner Let us help connect you with the right partner for your needs

Get Help with Fastly

Documentation Get the most out of Fastly Resource Library Explore data sheets, reports, and more Fastly Academy Hands on learning with Fastly products Learning Center Learn about Internet technology Blog Our latest thoughts and ideas Security Research Stronger security through research Fastly's POV Explore expert and industry insights
Support Center How can we help? Contact Us Get in touch today

Fastly Client-Side Protection

Fastly Client-Side Protection provides script inventory and management to defend against client-side exploits and helps your organization meet certain PCI DSS compliance requirements.

Security

Protect website users without slowing down business

Modern digital experiences are powered by the interactions between application servers and client-side scripts. Application developers often use common third-party scripts, code libraries, and dependencies to build their public-facing web applications. Though this practice speeds up and simplifies delivery, it has the potential to introduce unknown security vulnerabilities.

Any vulnerabilities in third-party scripts can leave users vulnerable to client-side attacks, where cyber criminals modify code at runtime to launch cross-site scripting (XSS) attacks, credit card skimming (Magecart) attacks, and other types of malicious activity.

Figure 1: Client-side attack

Defend against client-side attacks

Fastly Client-Side Protection provides a simple set of tools for script inventory and management right within the Fastly dashboard. It allows website owners to monitor scripts on pages and control what is loaded and executed in user browsers to protect their websites from client-side attacks.

Fastly Client-Side Protection provides you with the ability to inventory and control the resources (e.g., scripts, images, and fonts) that load on an end user’s browser from defined areas of your web applications by building and enforcing content security policies. When a resource violates your content security policy, the end user browser will block or log the resource depending on the option you choose. Based on these policy violation reports, you can adjust your content security policies as needed to address any issues.

You can also provide a justification as to why each client-side script is or is not allowed. These capabilities help you guard against cross-site scripting attacks (e.g., Magecart attacks) and enable you to maintain compliance with Payment Card Industry Data Security Standard (PCI DSS) 4.0.1 - Sections 6.4.3 and 11.6.1.

Benefits

  • Build comprehensive inventory of scripts and justifications in minutes

  • Monitor third-party scripts in real time and detect unauthorized activity

  • Alert on any unauthorized or malicious scripts

  • Maintain compliance with PCI DSS 4.0.1 Sections 6.4.3 and 11.6.1

  • Manage third-party scripts in the Fastly dashboard without a separate tool

    Figure 2: How Fastly Client-Side Protection works


    Getting started with Fastly Client-Side Protection

    Fastly Client-Side Protection gives your organization the visibility to fully document, understand, and manage your client-side attack surfaces. Best of all, it only takes minutes to build your inventory. Spend less time worrying about security and get back to delighting your customers. 


    Ready to get started? Contact us.

Are you ready for the PCI DSS compliance deadline?

  • Standards from OWASP, NIST, PCI-DSS, and others have identified client-side protection as critical to complement existing server-side protections against cyber attacks.

  • Client-side security is an essential component of PCI-DSS 4.0, which mandates that businesses must maintain a full inventory and business justification of every script on their payment pages, along with methods for determining integrity and authorization.

  • To avoid penalties, organizations that process payment card data must comply with PCI-DSS 4.0 requirements by March 31, 2025.

Related Resources

  • New PCI DSS Requirements

    PCI DSS 4.0 requirement 6.4.2 mandates organizations a WAF solution by March 2025. See why Fastly's Next-Gen WAF is an ideal solution.

  • Streamline PCI DSS 4.0 Compliance with Fastly

    Dive into the complexities of PCI DSS 4.0 and see how Fastly's Next-Gen WAF simplifies compliance while offering superior protection.

    Download whitepaper

  • Navigating the OWASP Top 10

    Gain helpful insights, examples and strategies for improved web application security.

    Read whitepaper

Our network map

A more powerful global network

We built our network with intention. By design, we run fewer POPs than our competitors, but they’re much more powerful so we can cache more and serve it faster. Our network is fully software defined. We can do anything, and do it faster.

Take a closer look
An illustration with a grayscale globe covered by red location pins

  • On average

    150 ms

    purge time with Instant Purge™

    1

  • More than

    1.8 trillion

    Daily requests served

    2

  • Almost

    90%

    Of customers run Next-Gen WAF in blocking mode

    3

  • Key Fact

    427 Tbps

    Edge Capacity

  • Up to

    32%

    faster time to first byte (TTFB) than other CDNs

    5

Support Plans

Fastly offers several support plans to meet your needs: standard, gold and enterprise.

  • Standard

    Free of charge and available as soon as you sign up with Fastly.

  • Gold

    Proactive alerts for high-impact events, expedited 24/7 incident response times, and a 100% uptime Service Level Agreement (SLA) guarantee.

  • Enterprise

    Gives you the added benefits of emergency escalation for support cases and 24/7 responses for inquiries (not just incidents).

Ready to get started?

Get in touch
Talk to an expert