Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiAppSec Cloud User Guide

    CSP Application

    CSP Application

    On the Application page, you can view and manage the status and configurations of Client-Side Protection applications.

    Field

    Description

    Name

    The internal name by which this application is displayed within the web portal GUI.

    Mode

    Defines how Client-Side Security operates for the application.

    • Monitoring: Records all client-side resource loading and behavior (scripts, domains accessed, security header changes, etc.) but does not block any actions.

    • Block: Records the same client-side activity as Monitoring and additionally blocks actions that are identified as malicious.

    • Suspended: No activity is recorded or analyzed, and no blocking occurs.

    PCI DSS Tasks

    The number of specific security checks or remediation actions related to PCI Data Security standards that need to be addressed on the application. These tasks help ensure compliance with PCI DSS requirements by identifying and mitigating client-side vulnerabilities.

    Scripts

    The number of scripts detected on the application. Click this value to navigate to the Scripts page.

    Domains

    The number of external domains detected from the application's client-side activity. Click this value to navigate to the Domains page.

    Security Headers

    The number of times security-related headers were added, removed, or modified during the application’s client-side activity. Click this value to navigate to the Security Headers page.

    Payment Pages

    The number of pages in the application that handle payment information or process transactions. These pages are highlighted to help prioritize monitoring of high-risk targets for client-side attacks.

    Actions

    • Edit Application: Click the edit icon to configure the following:

      • Mode: See description for Mode above.

      • Newly Discovered JS and Domain: Select the desired action to take when FortiAppSec Cloud detects a new JavaScript or domain on your application.

      • New Version of JS: Select the desired action to take when FortiAppSec Cloud detects a new modification on a previously approved JavaScript.

      • Payment Pages: Enter the URL on your Application on which payment transactions occur. Example input: '/orders/checkout/'

      • Exempt Domains: Domains that are always allowed on your application.

    • Delete Application: Click to permanently delete the application. This action cannot be undone.

    For instructions on adding applications, please refer to Onboarding Client-Side Protection.

    Previous
    Next

    CSP Application

    CSP Application

    On the Application page, you can view and manage the status and configurations of Client-Side Protection applications.

    Field

    Description

    Name

    The internal name by which this application is displayed within the web portal GUI.

    Mode

    Defines how Client-Side Security operates for the application.

    • Monitoring: Records all client-side resource loading and behavior (scripts, domains accessed, security header changes, etc.) but does not block any actions.

    • Block: Records the same client-side activity as Monitoring and additionally blocks actions that are identified as malicious.

    • Suspended: No activity is recorded or analyzed, and no blocking occurs.

    PCI DSS Tasks

    The number of specific security checks or remediation actions related to PCI Data Security standards that need to be addressed on the application. These tasks help ensure compliance with PCI DSS requirements by identifying and mitigating client-side vulnerabilities.

    Scripts

    The number of scripts detected on the application. Click this value to navigate to the Scripts page.

    Domains

    The number of external domains detected from the application's client-side activity. Click this value to navigate to the Domains page.

    Security Headers

    The number of times security-related headers were added, removed, or modified during the application’s client-side activity. Click this value to navigate to the Security Headers page.

    Payment Pages

    The number of pages in the application that handle payment information or process transactions. These pages are highlighted to help prioritize monitoring of high-risk targets for client-side attacks.

    Actions

    • Edit Application: Click the edit icon to configure the following:

      • Mode: See description for Mode above.

      • Newly Discovered JS and Domain: Select the desired action to take when FortiAppSec Cloud detects a new JavaScript or domain on your application.

      • New Version of JS: Select the desired action to take when FortiAppSec Cloud detects a new modification on a previously approved JavaScript.

      • Payment Pages: Enter the URL on your Application on which payment transactions occur. Example input: '/orders/checkout/'

      • Exempt Domains: Domains that are always allowed on your application.

    • Delete Application: Click to permanently delete the application. This action cannot be undone.

    For instructions on adding applications, please refer to Onboarding Client-Side Protection.

    Previous
    Next