About the Client-Side Protection controls

Last updated 2025-03-14

In the Fastly control panel, use the Client-Side Protection menu to access the pages associated with Client-Side Protection:

Log in to the Fastly control panel.
Go to Security > Client-Side Protection and then select the link to one of the following pages:
- Inventory, where you can view the client-side scripts and select response headers that Fastly observes for a Page.
- Reports, where you can view unique policy violation reports.
- Policy, where you can manage your policy for a Page.
- Pages, where you can add and edit Pages.
- Website, where you can add and edit websites.
If you navigated to the Inventory, Reports, or Policy page, click the menu to the right of the Page name and select the appropriate Page.

About the Inventory page

The Inventory page has two tabs: Scripts and Response headers. The Scripts tab displays the list of observed scripts for a Page. From this tab, you can:

use the search bar and authorization status menu to filter the listed scripts.
click the pencil to the right of a script to add an authorization status for a script.

The Response headers tab displays the last-logged values for select, security-impacting response headers that Fastly observes for a Page.

About the Reports page

The Reports page displays unique policy violations. For each report, the following information is available:

Directive: the directive whose enforcement caused the violation.
Blocked URI: the URI of the resource that violated the policy. Depending on the policy's protection mode, this resource was either blocked or logged.
Status code: the HTTP status code of the resource that violated the policy.
Disposition: whether the resource that violated the policy was blocked or logged per the policy's protection mode.
Count: the number of times the exact violation was reported.
Last seen: the date and time the last instance of the policy violation was reported.
First seen: the date and time the first instance of the policy violation was reported.

You can use the search bar, the Date range menu, and Directives menu to filter the list of reports.

About the Policy page

From the Policy page, you can create and manage a policy that applies to one Page. A policy is made up of directives, which tell the end user's browser what resources it's allowed to load and from where.

If a policy doesn't exist for a page, click Create policy. Once the policy has been created, you can use the Protection mode menu to change the policy's protection mode and modify directive values by:

clicking Add value to the right of a directive to add a value.
clicking the pencil to the right of a value to edit the value.
clicking the trash to the right of a value to delete the value.

When you make a change to a policy, a draft of the policy is created. You must activate the draft policy to push the change to the active policy. Once the draft policy is activated, the active policy will reflect the change and the draft policy is deleted.

About the Pages page

The Pages page displays a list of your existing Pages. From this page, you can:

click Add Page to create a new Page.
click the pencil to the right of a Page to edit the Page.
click the trash to the right of a Page to delete the Page.

About the Website page

The Website page displays a list of your websites. From this page, you can:

click Add website to add a new website.
click the pencil to the right of a website to edit the website.
click the trash to the right of a website to delete the website.

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Network services

Security

Compute

Quick start

Building blocks

Integrations

Tutorials

Demos

Use Cases

Code Examples

Starter Kits