Analyze the Data

How do I investigate and analyze a specific script or incident in the Code Defender console

The Code Defender Script Analyzer provides an in-depth analysis of individual scripts' details, actions and risk.

This feature provides a detailed view of all script actions. Every document object model (DOM) interaction, network and storage action of all scripts is readily available in the dashboard. The Analyzer dashboard also shows scripts that started, stopped or have ongoing actions on any given day, as well as script actions over time.


Analyzing the Script

The Script Analyzer is accessed either by the top navigation tab, or by clicking on any script ID in the Code Defender console and clicking Analyze this script. In the Analyzer tab, you can search for a specific script or you can select any script from the Search dropdown. The list of scripts that appear in the dropdown corresponds to the filters selected in the Filters bar (selected application(s) + selected host domain(s) + selected time frame). Changing any of the filters results changes the scripts presented in the dropdown list.

1826 3162

Identity Card

The script's details give insight into the script's source (vendor), where on the site it is running, and the risk it poses to the site.

  • Last seen The date on which the script was last observed on the site
  • First seen The date on which the script was first observed on the site
  • Vendor A link to the script’s source. This link opens the vendor site in a new tab
    When a script has no associated vendor, you are encouraged to input the vendor details
    Click Add missing info and fill in the relevant details in the ADD VENDOR dialog
  • Vendor Description Details on the script source/vendor
  • Users% The % of users affected by the script. Note: this is not the % of users affected by the incident. To see the % of users affected by the incident refer to the incident details.
  • Pages% Percent of pages on your site being accessed by the script
  • Script type First or Third Party
  • Host Domain The domain on which the script is running. This link opens the vendor site in a new tab
  • Page types The type of pages the scripts runs on (e.g. login, purchase page)
  • Top Pages for the Script The pages on your site where the script was frequently detected


All incidents triggered by the script's action(s) from the last 3 months. Expand the Incident to access additional details. Note that the last seen field indicates whether the incident is still Ongoing.


Script Connections Map


Source (1st Col.)

The source(s) that load the script. When this column is empty, this indicates that the script is loaded directly from the DOM.

Scripts in this column can be selected and analyzed.

Script (2nd Col.)

The script currently being analyzed.

Actions Performed By the Analyzed Script (3rd and 4th Col.)

Loaded Scripts

All the scripts that are loaded from the script being analyzed. When this column is empty, this indicates that no other scripts are loaded by the script.

External Domains Communications

All the domains the script is communicating with and the number of interactions the script has with the domain. When this column is empty, this indicates that the script is not communicating with any external domains.

Value Access

All input value fields being accessed by the script.

Cookie set

All cookies being set by the script.

Script-External Domains Connections

All the domains the script is communicating with. Each domain includes its risk score, the types of interactions (actions) that were observed (e.g. XHR, Fetch, IFrame Load etc.), and whether the communication was in-bound or out-bound.


Script Actions Per Category

All the actions performed by the script in the last 30 days, broken down to 3 main category types: Network, DOM and Storage. Each action includes the observed values (and the value type).