5-Minute Quick Start
Go from zero to monitoring your website's third-party scripts in under 5 minutes.
Get cside running on your website in 5 minutes. By the end of this guide, you’ll have real-time visibility into every third-party script loading in your visitors’ browsers.
What you’ll need
- A website you want to protect
- Access to your site’s HTML or build process
Quick start
Create your account
Go to dash.cside.com/auth/signup and sign up. Verify your email with the 6-digit code sent to your inbox.
Choose your plan:
| Plan | Price | Best for |
|---|---|---|
| Free | $0/mo | Testing and small sites (up to 2,500 page views/mo) |
| Business | From $99/mo | Production sites needing threat blocking and rollbacks |
| Enterprise | Custom | High-traffic sites, SSO, dedicated support |
Add your domain
In the dashboard, click Add Domain and enter your domain (e.g., example.com). Domains are wildcarded by default, so www.example.com and shop.example.com are automatically included.
Choose your protection mode:
- Direct Mode (Easiest): Monitors scripts in the browser and fetches them server-side for verification. No latency added.
- Scan Mode (No code changes): Crawler-based analysis. Enterprise only.
Start with Direct Mode. See Onboarding for details on each mode.
Add the cside script
Choose the method that matches your stack:
Add this as the first script in your <head>:
<script src="https://proxy.csidetm.com/script.js" referrerpolicy="origin"></script>npm install @cside.dev/nextApp Router (layout.tsx):
import { CSideScript } from '@cside.dev/next';
export default function Layout({ children }) {
return (
<>
<CSideScript />
{children}
</>
);
}Pages Router (_document.tsx):
import { CSideScript } from '@cside.dev/next';
export default function Document() {
return (
<Html>
<Head>
<CSideScript />
</Head>
<body>
<Main />
<NextScript />
</body>
</Html>
);
}Add to your build script in package.json:
{
"scripts": {
"build": "your-build-command && npx @cside.dev/cli@latest example.com"
}
}The CLI automatically injects the cside monitoring script into your HTML files. Works with Astro, Gatsby, Hugo, Eleventy, Docusaurus, and any framework that outputs static HTML.
npm install @cside.dev/vite// vite.config.ts
import cside from '@cside.dev/vite';
export default defineConfig({
plugins: [cside()],
});GTM does not guarantee script load order, so other scripts may execute before cside can intercept them. For production, use direct script installation to make sure cside loads first.
- Open the GTM Template Gallery and search for cside
- Click Add to workspace
- Create a new tag using the cside template and set the trigger to All Pages
- Publish your GTM container
If you use Claude Code, Cursor, or another AI coding assistant, it can add cside for you. See the full prompt on the AI assistant page, or paste this into your terminal:
Add cside client-side security monitoring to this project. Install the
right package for the framework (@cside.dev/next for Next.js,
@cside.dev/vite for Vite, @cside.dev/cli for static sites) or add
<script src="https://proxy.csidetm.com/script.js" referrerpolicy="origin"></script>
as the first script in the <head> for any other setup. Then check if the
project has a Content Security Policy (in HTTP headers, meta tags,
helmet.js, next.config.js, or hosting config). If the CSP has explicit
script-src or connect-src directives listing specific domains, add
proxy.csidetm.com to both. If the CSP uses broad rules like
"default-src https:", no changes are needed.Activate and verify
- In the dashboard, go to Domains in the left sidebar
- Click Activate next to your domain
- Visit your website - you should see script traffic appear in the dashboard within seconds
You’re protected
Once activated, cside will:
- Monitor every third-party script loaded in your visitors’ browsers
- Detect malicious or suspicious script behavior in real time
- Alert you when threats are found (configure notifications for email, Slack, Jira, Linear, or webhooks)
- Block threats automatically (Business plan and above)
Next steps
- Adjust your CSP: Configure Content Security Policy to work with cside
- Set up notifications: Get alerts via email, Slack, Jira, Linear, S3, or webhooks
- PCI DSS compliance: See how cside helps meet PCI DSS 4.0 Requirements 6.4.3 and 11.6.1
- Test on staging first: Try cside on a staging environment before going to production
Thanks for your feedback!