X
Akamai
+1-8774252624
+1-8774252624
Login
Control Center
Access the Akamai platform
Cloud Manager
Manage your cloud resources
Try Akamai
Under Attack?
Login
Control Center
Access the Akamai platform
Cloud Manager
Manage your cloud resources

Client-Side Protection & Compliance

Defend your site from client-side threats. Ease compliance with PCI DSS v4.0

Watch video (1:36)

Client-Side Protection & Compliance

Defend your site from client-side threats. Ease compliance with PCI DSS v4.0

Watch video (1:36)
Screenshot of the Client-Side Protection & Compliance analytics dashboard

Strengthen your web page integrity

Client-Side Protection & Compliance helps protect against end-user data exfiltration and shield websites from JavaScript threats. It analyzes script behavior in real time, provides actionable insights in a single dashboard view, and delivers alerts to mitigate harmful script activity. Designed for PCI DSS v4.0, the solution helps businesses meet new script security requirements and safeguards against client-side attacks.

Read product brief
View reference architecture
Screenshot of the Client-Side Protection & Compliance analytics dashboard

Root out the insidious client-side threats you can’t see

Accelerate PCI DSS v4.0 compliance

Streamline workflows for PCI DSS v4.0 script security requirements 6.4.3 and 11.6.1.

Discover attacks in real time with a proven solution

Achieve comprehensive detection and defense against client-side attacks. Mitigate attacks with one click.

Reveal malicious code and vulnerabilities

Get real-time visibility into the cyberthreats and vulnerabilities within all your scripts.

How Client-Side Protection & Compliance works

Set Up

Inject simple scripts into each monitored page without meaningfully impacting performance.

Assess

Monitor and assess script activity from the browser while machine learning techniques analyze the risk of unauthorized action.

Alert

Get real-time alerts, with detailed information about mitigation, if an active threat or attack is found.

Mitigate

Immediately restrict malicious scripts from accessing and exfiltrating sensitive data on protected pages with one click.

CPC PCI DSS v.4 Whitepaper

Akamai Client-Side Protection & Compliance PCI DSS v4.0 Assessment

Get an independent security assessor’s validation of the ways Akamai can help you meet key requirements in PCI DSS v4.0.

Download white paper

Features

  • Behavior detection and protection allows monitoring of scripts in real time and protects against client-side attacks
  • Streamlined PCI DSS v4.0 workflows
  • Flexible deployment at the edge or from origin

 

  • Vulnerability-focused policy continuously analyzes URLs for Common Vulnerabilities and Exposures (CVE)
  • Create and manage policies for zero-day vulnerabilities and recurring threats without exposing sensitive data

  • User-friendly reporting capabilities including dashboards to see script data at a glance and detailed incident reports
  • Prioritized real-time security alerts with risk scores and insights on how to mitigate attacks

Client-Side Protection & Compliance use cases

PCI DSS v4.0 Compliance

Comply with PCI DSS v4.0

Compliance and auditing tasks can be a massive burden for security teams. Client-Side Protection & Compliance addresses the new client-side security requirements outlined in PCI DSS v4.0, which is scheduled to take effect in March 2025. WIth one simple tool, you can inventory, justify, and monitor all scripts observed on protected payment pages — with actionable alerts that notify security teams on unauthorized solution tampering and suspicious script behavior in real time.

Web Skimming and Magecart Attacks

Rapid defense against client-side attacks

Malicious or compromised JavaScript resources within the browser allow web skimming, formjacking, and Magecart attacks to steal payment card data, user credential details, or personally identifiable information. The attacker injects malicious code or malware into a website’s sensitive payment pages to extract and harvest personal information. 

The data exfiltration that results from these types of attacks not only damages customer trust and brand loyalty, but also subjects organizations to substantial fines. 

Client-Side Protection & Compliance’s behavioral detection technology constantly analyzes the behavior of script execution, in real-user sessions, to identify suspicious or outright malicious behavior, and notifies security teams with actionable insights for immediate mitigation.

Client-Side Visibility

Reveal JavaScript vulnerabilities

Keeping web applications secure against data breaches requires comprehensive defense — and visibility. While many organizations defend against data exfiltration by focusing on protecting connections among their servers and end users through a web application firewall (WAF), there’s a blind spot when it comes to client-side activities. 

Client-Side Protection & Compliance goes beyond what WAFs can see or defend against on the client side. It helps organizations secure sensitive information by providing extensive visibility into script vulnerabilities and behaviors. 

Client-Side Protection & Compliance’s advanced dashboard allows security teams to analyze suspicious activity at a granular level, and rapidly take action on threats to the security of payment card data and personally identifiable information. 

Frequently Asked Questions (FAQ)

Client-Side Protection & Compliance does not collect PII data, input/form data, innerHTML (strings/texts), European Union General Data Protection Regulation–related data, or payment data (PCI DSS).

Client-Side Protection & Compliance as a solution is PCI compliant. It also helps businesses directly address requirements 6.4.3 and 11.6.1 in the latest PCI DSS v4.0, released in March 2022. Compliance with these requirements will be mandatory as of March of 2025.

Client-Side Protection & Compliance injects JavaScript in the beginning of your page code and then monitors what happens — what the callouts are doing and what is risky between the web server and the client.

Client-Side Protection & Compliance works for the most simple to the most complex sites.

Akamai architects its products with the understanding that our customers cannot have any latency — their business depends on it. Client-Side Protection & Compliance, like all Akamai’s products, is highly efficient, and any impact to your app/site performance should not impact the user experience.

Client-Side Protection & Compliance does not require change notifications or manual updates

The edge is responsible for injecting the Client-Side Protection & Compliance code as the first resource. This is done synchronously so the Client-Side Protection & Compliance code is always the first to run; there is nothing the web page can do to avoid it. This includes third-party JavaScript that might have been corrupted. However, if the end user’s browser has malware on it (e.g., a corrupted extension), the browser can do things to the page before it even loads, including killing all scripts on the page. In this case, Client-Side Protection & Compliance cannot protect that user from an attack, as it will not be the first script that runs. This is always true with malware and client-side browsers.

JavaScript obfuscation is a series of code transformations that turn plain, easy-to-read JavaScript code into a modified version that is extremely hard to understand and reverse engineer. This means that all function and variable names are converted to meaningless names. A limited number of objects are not obfuscated, such as strings and calls to a native browser functions. JavaScript as a language doesn’t have built-in access to things like making network requests or interacting with the page; those are provided as native functions the browser makes available in the global context. Since the native function names are part of the browser, they cannot be obfuscated.

Resources

A Walk on the Client Side Infographic

Get a visual breakdown of the dangers of web skimming and third-party JavaScript — and how PCI DSS v4.0 is addressing it.

View infographic

PCI DSS v4.0 JavaScript Security Checklist

Read about upcoming requirements in PCI DSS v4.0 and how Client-Side Protection & Compliance can help organizations meet them.

Read checklist
A person with black glass is shown with their face lit by the light of a computer screen

Have questions?

Solving problems is what we live for. Reach out — even if you’re not sure what your next step is. You’ll hear back from an expert today.

Thanks for your request! An Akamai expert will reach out soon.