5-Minute Quick Start
Go from zero to monitoring your website's third-party scripts in under 5 minutes.
Get cside running on your website in 5 minutes. By the end of this guide, you’ll have real-time visibility into every third-party script loading in your visitors’ browsers.
What you’ll need
- A website you want to protect
- Access to your site’s HTML or build process
Quick start
Create your account
Go to dash.cside.com/auth/signup and sign up. Verify your email with the 6-digit code sent to your inbox.
Choose your plan:
| Plan | Price | Best for |
|---|---|---|
| Free | $0/mo | Testing and small sites (up to 2,500 page views/mo) |
| Business | From $99/mo | Production sites needing threat blocking and rollbacks |
| Enterprise | Custom | High-traffic sites, SSO, dedicated support |
Add your domain
In the dashboard, click Add Domain and enter your domain (e.g., example.com). Domains are wildcarded by default, so www.example.com and shop.example.com are automatically included.
Choose your protection mode:
- Direct Mode (Easiest) — Monitors scripts in the browser and fetches them server-side for verification. No latency added.
- Scan Mode (No code changes) — Crawler-based analysis. Enterprise only.
Start with Direct Mode. See Onboarding for details on each mode.
Add the cside script
Choose the method that matches your stack:
Add this as the first script in your <head>:
<script src="https://proxy.csidetm.com/script.js" referrerpolicy="origin"></script>npm install @cside.dev/nextApp Router (layout.tsx):
import { CSideScript } from '@cside.dev/next';
export default function Layout({ children }) {
return (
<>
<CSideScript />
{children}
</>
);
}Pages Router (_document.tsx):
import { CSideScript } from '@cside.dev/next';
export default function Document() {
return (
<Html>
<Head>
<CSideScript />
</Head>
<body>
<Main />
<NextScript />
</body>
</Html>
);
}Add to your build script in package.json:
{
"scripts": {
"build": "your-build-command && npx @cside.dev/cli@latest example.com"
}
}The CLI automatically injects the cside monitoring script into your HTML files. Works with Astro, Gatsby, Hugo, Eleventy, Docusaurus, and any framework that outputs static HTML.
npm install @cside.dev/vite// vite.config.ts
import cside from '@cside.dev/vite';
export default defineConfig({
plugins: [cside()],
});Activate and verify
- In the dashboard, go to Domains in the left sidebar
- Click Activate next to your domain
- Visit your website — you should see script traffic appear in the dashboard within seconds
You’re protected
Once activated, cside will:
- Monitor every third-party script loaded in your visitors’ browsers
- Detect malicious or suspicious script behavior in real time
- Alert you when threats are found (configure notification endpoints for Slack, Jira, Linear, or webhooks)
- Block threats automatically (Business plan and above)
Next steps
- Adjust your CSP — Configure Content Security Policy to work with cside
- Set up notifications — Get alerts in Slack, Jira, Linear, or via webhooks
- PCI DSS compliance — See how cside helps meet PCI DSS 4.0 Requirements 6.4.3 and 11.6.1
- Test on staging first — Try cside on a staging environment before going to production
Thanks for your feedback!