If a hacker injects code into your checkout pages, a CSP automatically blocks the code from sending your customer’s payment information to the hacker’s domain.
Browser Hijacking & Ad Injection
Computer malware causes unwanted (and sometimes competitive) ads to appear on your users’ browsers. A CSP prevents these ads from even loading on your website.
Unauthorized Piggyback Tags
One tag could be loading multiple tags from vendors you have not authorized. A CSP eliminates this security and GDPR/CCPA risk.
…and would have prevented these Magecart attacks
40K
credit cards stolen
Sep 2017 – Jun 21, 2018
565K
credit cards stolen
(and $230M in fines)
Aug 21, 2018 – Sep 5, 2018
45M
credit cards stolen
Aug 14, 2018 – Sep 18, 2018
How the Blue Triangle CSP Manager works
Inventory the domains that have access to your site.
We start off by identifying what first and third-party domains are loading on your site. See who owns the domains, what pages they’re loading on, and what files they’re loading. This is powered by our Real User and Synthetic Monitoring.
Determine what domains to whitelist.
Now that you know what domains are loading on your site, quickly create a whitelist of approved domains, as well as what type of files they are allowed to load.
Auto-generate your Content Security Policy (CSP).
Once you approve the whitelist, Blue Triangle automatically generates a comprehensive CSP header and meta-tag that you can deploy in seconds.
Deploy CSP and stay secure.
Your CSP blocks any unknown or malicious domains from accessing your site. We’ll alert you as soon as a domain you have not whitelisted tries to access your site.
Not ready to block? Then stay in alert-only mode as you fine-tune your CSP.
