What is cside? cside is a browser-layer security platform that gives organisations complete visibility and control over the third-party JavaScript running on their websites. It intercepts every script before it reaches the user, captures the full payload, and analyses runtime behaviour in real time. Third-party scripts power modern websites. Analytics, chat, payments, advertising, and session replay tools all inject JavaScript that runs directly in your visitors' browsers. You didn't write that code. You don't control when it changes. And you have no idea what it does at runtime. That is the client-side blind spot. The three problems cside solves 1) Every third-party script is a blind spot. Analytics, chat, payments, ads: you didn't write it, you don't control it, and you have no idea what it does at runtime inside a real browser. 2) PCI DSS 4.0.1 requirements 6.4.3 and 11.6.1 are now enforced. Most companies have no idea how to meet them, and their existing vendors don't cover it. WAFs, CDNs, and tag managers were never built for this problem. 3) AI agents and bots are now targeting high-value web workflows including checkout, login, and form submission in ways that WAFs and CDN-layer tools were never designed to catch. The attack surface has moved into the browser. The tools haven't. What you get with cside 1) Visibility you have never had. Every script on every page, classified, behavioural-profiled, and monitored continuously. Not what a scanner saw on its last crawl. What actually ran in a real user's browser, in real time. 2) Compliance, done. 6.4.3 and 11.6.1 documentation generated automatically. Auditor-ready output without manual effort. QSA-validated. No CSV exports to fill in by hand. 3) Real-time blocking. Malicious or anomalous script behaviour stopped at the browser layer before data leaves the page. Not flagged for review after the fact. Stopped before exfiltration occurs. Why CSPs and crawlers cannot solve this A Content Security Policy tells the browser which domains are allowed to load scripts. It has no visibility into what those scripts execute. A script served from a trusted domain, after being compromised through a supply chain attack, passes every CSP check and still skims card data from your checkout page. Crawlers and scanners have a different problem. Bad actors detect them and serve clean content to the scanner, then flip to malicious for real users. What the scanner saw and what your customers experienced are two different things. WAFs and CDNs operate at the network layer. They cannot see inside the browser. They check what loads, not what executes. cside sits in the delivery path of every script. It captures what scripts actually do in real user sessions. Deployment: One script tag. Under ten minutes. No managed crawl setup, no session tokens, no captcha bypasses required. Pricing: Free tier available to see your script exposure before buying. Business and Enterprise tiers for teams managing compliance, multi-domain environments, and advanced governance. Transparent pricing. No contract required to prove compliance to your QSA before you commit. Frequently asked questions 1) What makes cside different from a Content Security Policy?: A CSP controls which domains scripts can load from. It cannot analyse what those scripts execute at runtime. cside captures the full payload of every script and analyses its behaviour inside real user browsers, giving you the runtime visibility that CSP was never designed to provide. 2) What PCI DSS requirements does cside address?: cside is built specifically around requirements 6.4.3 and 11.6.1 of PCI DSS 4.0.1. It generates the authorised script inventory required by 6.4.3 and provides the ongoing change detection and monitoring required by 11.6.1, with QSA-validated audit-ready output. 3) How is cside different from a WAF or CDN security feature?: WAFs and CDNs operate at the network or server layer and have no visibility into what JavaScript executes inside a user's browser. cside operates at the browser layer. It is a dedicated product for client-side security, not a feature bolted onto an existing network tool. 4) Does cside detect AI agents and bots?: Yes. cside detects AI agents and bots targeting high-value web workflows including checkout, login, and form submission, covering a threat class that network-layer tools were not designed to address.