Client-side Mitigation

Client Side Mitigation (CSM) is a client-side JavaScript-based blocking functionality. This provides granular control over legitimate scripts, so the customer can add specific actions to the denylist and enforce compliance with PCI, PII, and other privacy regulations.
Security teams can add to denylist specific actions and stop scripts from accessing sensitive PII and PCI information without removing or disabling the script entirely.
This lets third-party scripts, such as Google Analytics, continue to receive approved events and data points, while blocking access to sensitive data fields, like emails, phone numbers, credit card information, and SSN.

How does CSM work?

In essence, our Client Side Mitigation solution is based on the browser native object extension mechanism and wrapped browser objects. This allows us to observe and prevent (if necessary) actions such as field value access, network requests, and Cookie setter.

Enabling CSM

To enable CSM for your domain, please reach out to your customer success manager.
For the enablement to be completed promptly, please make sure the following are in place:

• The HUMAN Sensor snippet is in the 1st party mode.
• The HUMAN Sensor snippet is placed in the section of the HTML page.

Following these recommendations will ensure optimal detection and mitigation.

How to add actions to a denylist

1. Either on the Dashboard or the Analyzer screens, click an incident. In the menu that opens, select Add to deny list (block incident).

2. In the Block & Add to denylist window that opens, click Add to denylist

A new mitigation rule is added to the list of rules.

To view and delete denied actions, go to the Deny List page.
Since actions can be related to more than one incident, adding an incident to the denylist also affects other incidents.