The browser security platform for
fraud and account takeover.Magecart and script attacks.browser fingerprinting.PCI DSS 4.0.1 compliance.
cside fingerprints every visitor and inspects every third-party script in the browser, catching the fraud, account abuse and code attacks WAFs miss. PCI DSS 4.0.1 (6.4.3 and 11.6.1) evidence, validated by VikingCloud QSA.
Trusted by the best
Fingerprinting
The internet's most precise
device identity platform
Don't take our word for it. See it yourself.
Hello, visitor
VISIT SUMMARY
INCOGNITO
IP ADDRESS
GEOLOCATION
One platform, full browser runtime visibility
to catch fraud and stop attacks
Fully Automate PCI DSS Requirements 6.4.3 & 11.6.1
PCI DSS 4.0.1 requires continuous proof that every script on your payment pages is monitored and unchanged. cside automates inventory, tamper detection, and QSA-ready reports without touching your infrastructure.
Read more →- Automated script inventory for every payment page
- Continuous monitoring for unauthorized changes
- Audit-ready reports generated on demand
- VikingCloud-approved, accepted by leading QSAs
- Real-time alerts on script changes
Records anonymous session events for conversion attribution
cside AIFires conversion pixels on completed checkouts
cside AIVerified hash matches the previous approved version
cside AILoads support chat widget after user interaction
cside AIFirst-party telemetry agent — managed by cside
cside AI
Everything you need to secure the browser
Real-time Protection
Inspects every script before it reaches users, with zero latency
Complete Visibility
Analyzes exactly what each visitor's browser executes
Dynamic Detection Catches
Detect targeted attacks that only occur for specific users, times, or locations
AI-Powered Analysis
Surfaces sophisticated threats that traditional tools miss
100% Historical Tracking
Records every script payload for rapid incident response
Bypass Protection
Defeats CSP evasion, shadow DOM tricks, and obfuscated code
Seamlessly integrate with your favorite tools
Connect seamlessly with popular platforms and services to enhance your workflow.
Top Performer 
Highly Rated 
PCI DSS Validated 
“Works out of the box. Documentation is great. Free plan is generous. ”
“Straightforward to implement. Cleanly covers PCI DSS 6.4.3 and 11.6.1. ”
“ We started seeing real value within the first week. ”
Start free, scale when ready
No credit card required. Free plan stays free.
Free
Everything you need to get started
- Up to 2,500 pageviews per month
- Unlimited domains
- 1 payment page
- AI powered script compliance justification
Business
Enhanced protection for growing teams
- Unlimited domains
- 100 payment pages
- Client-side threat intelligence
- Full PCI compliance dashboard
Enterprise
Built for large-scale traffic
- Custom traffic limits
- 99.99% SLA
- SSO, Multi-team org layer
- Dedicated account manager
Free
Get started with device fingerprinting and basic intelligence signals.
- Up to 1,000 API calls per month
- Device Fingerprint ID
- Cross session recognition
- Basic intelligence signals
Business
Full-featured fingerprinting with advanced intelligence signals.
- $2 per 1,000 API calls
- All intelligence signals
- 30-day data retention
- AI agent detection
Enterprise
Everything in Business, plus chargeback evidence and dedicated support.
- Chargeback Fingerprinting
- 99.99% SLA
- SSO & Organization layer
- Dedicated account manager
Need more? See the full pricing breakdown.
View all plansQuestions, answered
The short version of what teams ask us before they sign up.
01 What is browser-layer security and why does my WAF not cover it?
Browser-layer security monitors what executes inside your visitors' browsers after a page loads: third-party scripts, AI agents, bots, outbound data requests, and session behaviour. A WAF inspects traffic at the server boundary and stops there. It cannot see JavaScript running client-side, data leaving the browser via third-party script calls, or AI agents operating inside a real browser session. Those events happen after the server has delivered a clean page. cside covers this gap with 100% session visibility and zero added latency, deployed via a single script tag.
02 What are PCI DSS 4.0.1 requirements 6.4.3 and 11.6.1, and how does cside satisfy them?
PCI DSS 4.0.1 requirement 6.4.3 mandates that organizations maintain a complete, authorized inventory of all scripts on their payment pages and document each script's purpose and integrity. Requirement 11.6.1 mandates continuous monitoring of payment page HTTP headers and script content for unauthorized changes. Both became mandatory on March 31, 2025. cside satisfies both automatically: it inventories every script in real visitor sessions, generates AI-written justifications per script, monitors headers in real time, and produces audit-ready reports accepted by QSAs. VikingCloud has validated cside for these requirements.
03 How does cside detect AI agents and bots that look like real visitors?
AI agent detection requires browser-layer behavioural analysis. AI agents operate inside real browser environments, rotate residential IPs, solve CAPTCHAs, and generate session patterns that defeat IP-based and signature-based detection. cside identifies them by what executes inside the session: atypical device fingerprints, scripted typing cadence with zero variance, absence of natural mouse movement, autofill injection into payment fields, and behavioural signals inconsistent with human navigation. Detection happens before the server registers a login or transaction event. cside achieves 99.7% device fingerprint accuracy across sessions (platform data, 2024 to 2025) with no SDK changes required.
04 What is a Magecart attack, and how does cside stop web skimming?
A Magecart attack is a web skimming attack in which malicious JavaScript is injected into a legitimate third-party script to steal payment card data and PII directly from the browser. The attack runs entirely client-side, after the server delivers a clean page. WAFs, SASTs, and pen tests see none of it. cside monitors every third-party script payload in real visitor sessions, not simulated crawls. When a script changes, cside detects it in under 60 seconds on average (platform data, 2024 to 2025), alerts the team, and logs the full payload for forensic investigation and PCI audit evidence.
05 How does cside help win chargeback disputes?
Winning a card dispute requires session-level evidence captured at transaction time, not reconstructed after a chargeback is filed. Visa and Mastercard dispute processes increasingly require device fingerprints, browser session timelines, script activity logs, and behavioural signals as proof. cside captures full session context automatically for every transaction. When a dispute is filed, a pre-built evidence package is ready to export in 2 seconds. Merchants using cside for chargeback evidence see an average 40% increase in dispute win rates (platform data, 2024 to 2025). cside integrates directly with Chargebacks911 for end-to-end dispute management.
Didn't find what you were looking for?
Talk to our teamReady to secure your client-side?
Get full visibility into every script running on your site. Prevent attacks, ensure compliance, and protect your customers, all from a single platform.
