Datasheet

Fastly Client-Side Protection

Security

Fastly Client-Side Protection helps defend against client-side attacks and enables your organization to meet certain PCI DSS compliance requirements.

On this page

Protect website users without slowing down business

Modern digital experiences are powered by the interactions between application servers and client-side scripts. Application developers often use common third-party scripts, code libraries, and dependencies to build their public-facing web applications. Though this practice speeds up and simplifies delivery, it has the potential to introduce unknown security vulnerabilities.

Any vulnerabilities in third-party scripts can leave users vulnerable to client-side attacks, where cyber criminals modify code at runtime to launch cross-site scripting (XSS) attacks, credit card skimming (Magecart) attacks, and other types of malicious activity.

Figure 1: Client-side attack

Figure 1: Client-side attack

Defend against client-side attacks

Fastly Client-Side Protection provides a simple set of tools for script inventory and management right within the Fastly dashboard. It allows website owners to monitor scripts on pages and control what is loaded and executed in user browsers to protect their websites from client-side attacks.

Fastly Client-Side Protection provides you with the ability to inventory and control the resources (e.g., scripts, images, and fonts) that load on an end user’s browser from defined areas of your web applications by building and enforcing content security policies. When a resource violates your content security policy, the end user browser will block or log the resource depending on the option you choose. Based on these policy violation reports, you can adjust your content security policies as needed to address any issues.

You can also provide a justification as to why each client-side script is or is not allowed. These capabilities help you guard against cross-site scripting attacks (e.g., Magecart attacks) and enable you to maintain compliance with Payment Card Industry Data Security Standard (PCI DSS) 4.0.1 - Sections 6.4.3 and 11.6.1.

Benefits

  • Build comprehensive inventory of scripts and justifications in minutes

  • Monitor third-party scripts in real time and detect unauthorized activity

  • Alert on any unauthorized or malicious scripts

  • Maintain compliance with PCI DSS 4.0.1 Sections 6.4.3 and 11.6.1

  • Manage third-party scripts in the Fastly dashboard without a separate tool

    Figure 2: How Fastly Client-Side Protection works

    Figure 2: How Fastly Client-Side Protection works


    Getting started with Fastly Client-Side Protection

    Fastly Client-Side Protection gives your organization the visibility to fully document, understand, and manage your client-side attack surfaces. Best of all, it only takes minutes to build your inventory. Spend less time worrying about security and get back to delighting your customers. 


    Ready to get started? Contact us.

Are you ready for the PCI DSS compliance deadline?

  • Standards from OWASP, NIST, PCI-DSS, and others have identified client-side protection as critical to complement existing server-side protections against cyber attacks.

  • Client-side security is an essential component of PCI-DSS 4.0, which mandates that businesses must maintain a full inventory and business justification of every script on their payment pages, along with methods for determining integrity and authorization.

  • To avoid penalties, organizations that process payment card data must comply with PCI-DSS 4.0 requirements by March 31, 2025.

Datasheet
New PCI DSS Requirements

PCI DSS 4.0 requirement 6.4.2 mandates organizations a WAF solution by March 2025. See why Fastly's Next-Gen WAF is an ideal solution.

Read more
White Paper
Streamline PCI DSS 4.0 Compliance with Fastly

Dive into the complexities of PCI DSS 4.0 and see how Fastly's Next-Gen WAF simplifies compliance while offering superior protection.

Download whitepaper
White Paper
Navigating the OWASP Top 10

Gain helpful insights, examples and strategies for improved web application security.

Read whitepaper

Meet a more powerful global network.

Our network is all about greater efficiency. With our strategically placed points of presence (POPs), you can scale on-demand and deliver seamlessly during major events and traffic spikes. Get the peace of mind that comes with truly reliable performance — wherever users may be browsing, watching, shopping, or doing business.

410 Tbps

Edge network capacity1

150 ms

Mean purge time with Instant Purge™

>1.8 trillion

Daily requests served4

~90% of customers

Run Next-Gen WAF in blocking mode3

See our network

As of December 31, 2024

As of December 31, 2019

As of March 31, 2021

As of July 31, 2023

Support plans

Fastly offers several support plans to meet your needs: standard, gold and enterprise.

Standard

Free of charge and available as soon as you sign up with Fastly.

Gold

Proactive alerts for high-impact events, expedited 24/7 incident response times, and a 100% uptime Service Level Agreement (SLA) guarantee.

Enterprise

Gives you the added benefits of emergency escalation for support cases and 24/7 responses for inquiries (not just incidents).

Fastly
© Fastly 2025