Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiAppSec Cloud User Guide

    Domains

    Domains

    Track and manage domains detected in scripts running on your application. These domains are identified from the client-side resources your application loads. Monitoring these domains helps prevent unauthorized third-party resources and detect malicious or unexpected domains that could skim customer data.

    Review domains one at a time under Action, or select multiple and click Review.

    Field Description
    Domain The detected domain associated with a script found on your application.
    Application The CSP application for which this domain appeared.
    Resource Type

    One or more type of content that the browser is loading from each domain as part of the client-side activity of your application.

    For example:

    • Image

    • Script

    • Font

    • CSS

    • Other
    Category

    An enumerated type that includes more than 100 predefined classification values sourced from the FortiGuard website classification database. The system retrieves the category by querying the domain’s classification ID and then mapping it to the corresponding category name in the category dictionary. If no category information is available, "Unknown" is used as the default value.

    Examples include Information Technology, Shopping, and Phishing. For the full list of categories, please refer to Domains.
    Popularity

    How often a domain or resource is accessed by users within your application’s client-side activity.

    • Top-Tier: Major tech companies, CDNs, well-established services.
      Examples: google.com, cloudflare.com, amazonaws.com, cdn.jsdelivr.net

    • Popular: Widely-used services, popular SaaS platforms, major analytics.
      Examples: stripe.com, segment.com, hotjar.com, intercom.com

    • Common:Legitimate services with moderate usage, standard third-party tools.
      Examples: smaller CDNs, regional services, niche but legitimate tools

    • Uncommon: Rarely seen domains, new services, or specialized tools. These may be legitimate but lack widespread recognition

    • Untrusted: Known spam, suspicious patterns, or questionable reputation. These include ad networks, suspicious redirects, or low-reputation domains
    Risk

    The Risk is determined by the Risk Score obtained from FortiGuard's web filtering service.

    • Analyzing: When risk_score is None (no risk data available). Not enough information to conclude the risk level of the domain.

    • Low: Risk score ≤ 30. Indicates that the script exhibits no suspicious behavior and comes from a source considered safe or commonly used. These domains typically have a minimal impact on security and require no immediate action.

    • Medium: Risk score between 30 and 60 (inclusive of 30, exclusive of 60). Indicates that the domain exhibits behaviors that merit closer review. These domains may not be inherently malicious, but they may introduce potential risk and should be examined.

    • High: Risk score between 60 and 90 (inclusive of 60, exclusive of 90). The domain shows strong indicators of malicious or unsafe behavior and may pose a significant security threat; immediate review and action are recommended.
    Discovered On

    The date and time when this domain was detected for the first time.
    Status

    • Allowed: This script is permitted to run on your application. It continues to execute normally in users' browsers.

    • Blocked: The domain is fully blocked, not just the individual script. All resource types from that domain are prevented from loading. The service worker intercepts and blocks all network requests to the domain, returning 403 Forbidden responses instead of real content. This protection applies to JavaScript, CSS, images, iframes, and all other resources. Blocked requests are also reported to the backend for monitoring.

    Action

    Click the Action icon to review the selected domain.

    Select the desired status for the relevant domain:

    • Allowed: This script is permitted to run on your application. It continues to execute normally in users' browsers.

    • Blocked: The domain is fully blocked, not just the individual script. All resource types from that domain are prevented from loading. The service worker intercepts and blocks all network requests to the domain, returning 403 Forbidden responses instead of real content. This protection applies to JavaScript, CSS, images, iframes, and all other resources. Blocked requests are also reported to the backend for monitoring.

    Batch review domains

    To review multiple domains at the same time, select the desired domains by checking the boxes on the left hand side of the table. Then, click Review.

    Exempt Domain List

    The Exempt Domain List contains domains that are always allowed on your application.

    To manage an application's Exempt Domain List,

    1. Click the dropdown in the top-right corner to select which Applications’ domains are displayed on this page.

    2. Select the desired application in the dropdown. The Exempt Domain List button should no longer be grayed out.

    3. From here, there are multiple ways of adding domains to the Exempt Domain List:

      • Batch select domains: Select the desired domains, then click Exempt domain List to add them to the list.

      • Enter domains: Click Exempt Domain List, then enter Exempt Domains. Click Add Domain to add more than one domain to the Exempt Domains List.

      • Edit Application: Navigate to Client-Side Protection > Applications and click the edit icon under Action. From here, you can view, add, or remove domains from the Exempt Domains List.

    Domain Detail

    Click on a Domain value to view its details.

    General

    Field

    Description

    Domain

    The javascript detected on your application.

    Status

    When there are multiple varying iterations of the same script, click compare version to view the differences.

    Risk

    • No Data: Not enough information to conclude the risk level of the domain.

    • Low: Indicates that the script exhibits no suspicious behavior and comes from a source considered safe or commonly used. These domains typically have a minimal impact on security and require no immediate action.

    • Medium: Indicates that the domain exhibits behaviors that merit closer review. These domains may not be inherently malicious, but they may introduce potential risk and should be examined.

    • High: The domain shows strong indicators of malicious or unsafe behavior and may pose a significant security threat; immediate review and action are recommended.

    • Very High: The domain demonstrates clear, active, or highly suspicious malicious behavior and is considered dangerous; it should be treated as a critical security issue and addressed immediately.

    AI Insight

    A description of the script based on the telemetry data collected by FortiAI.

    Popularity

    The URL of the page on which the script was detected.

    Category

    • 1st Party: Javascript that is served from the same domain as your application.

    • 3rd Party: Javascript that is served from a different domain from your application.

    Discovered On

    The date and time when this script was detected for the first time.

    Encrypto Currency

    The most recent time this script was observed running on the application.

    Resource Type

    A description of the malicious effects of the script, as analyzed by FortiAI.

    Whois

    Registration details about a domain name, such as the owner, registrar, creation and expiry dates, and contact information, depending on privacy settings.

    Field

    Description

    Registrar

    The accredited company or organization that manages the reservation of domain names and maintains the official records for those domains.

    Created

    The domain's date of registration.

    Registrant

    The individual or organization that owns or holds the registration rights to the domain name.

    Expiration

    The date on which the current domain registration period ends; the domain must be renewed before or shortly after this date to avoid suspension or release back to the public.

    Updated

    The most recent date on which the domain’s registration record was modified (for example, after renewing, changing contact information, or updating DNS).

    Status

    The domain’s current operational state (e.g., active, locked, suspended, pending deletion), which determines how the domain can be used or modified.

    Validation

    Information that confirms the domain’s certificate is authentic and properly issued, including details about ownership, trust level, and permitted usage.

    Field

    Description

    SSL

    Whether the domain has an SSL certificate.

    Validity

    The time period during which the certificate is considered valid (start and end dates).

    Subject

    The entity the certificate is issued to, typically including the domain name and organization details.

    Key Usage

    Specifies how the certificate’s public key may be used.

    Issuer

    The Certificate Authority (CA) that issued and signed the certificate.

    Basic Constraints

    Indicates whether the certificate belongs to a Certificate Authority and defines any path-length limitations for certificate chaining.

    Previous
    Next

    Domains

    Domains

    Track and manage domains detected in scripts running on your application. These domains are identified from the client-side resources your application loads. Monitoring these domains helps prevent unauthorized third-party resources and detect malicious or unexpected domains that could skim customer data.

    Review domains one at a time under Action, or select multiple and click Review.

    Field Description
    Domain The detected domain associated with a script found on your application.
    Application The CSP application for which this domain appeared.
    Resource Type

    One or more type of content that the browser is loading from each domain as part of the client-side activity of your application.

    For example:

    • Image

    • Script

    • Font

    • CSS

    • Other
    Category

    An enumerated type that includes more than 100 predefined classification values sourced from the FortiGuard website classification database. The system retrieves the category by querying the domain’s classification ID and then mapping it to the corresponding category name in the category dictionary. If no category information is available, "Unknown" is used as the default value.

    Examples include Information Technology, Shopping, and Phishing. For the full list of categories, please refer to Domains.
    Popularity

    How often a domain or resource is accessed by users within your application’s client-side activity.

    • Top-Tier: Major tech companies, CDNs, well-established services.
      Examples: google.com, cloudflare.com, amazonaws.com, cdn.jsdelivr.net

    • Popular: Widely-used services, popular SaaS platforms, major analytics.
      Examples: stripe.com, segment.com, hotjar.com, intercom.com

    • Common:Legitimate services with moderate usage, standard third-party tools.
      Examples: smaller CDNs, regional services, niche but legitimate tools

    • Uncommon: Rarely seen domains, new services, or specialized tools. These may be legitimate but lack widespread recognition

    • Untrusted: Known spam, suspicious patterns, or questionable reputation. These include ad networks, suspicious redirects, or low-reputation domains
    Risk

    The Risk is determined by the Risk Score obtained from FortiGuard's web filtering service.

    • Analyzing: When risk_score is None (no risk data available). Not enough information to conclude the risk level of the domain.

    • Low: Risk score ≤ 30. Indicates that the script exhibits no suspicious behavior and comes from a source considered safe or commonly used. These domains typically have a minimal impact on security and require no immediate action.

    • Medium: Risk score between 30 and 60 (inclusive of 30, exclusive of 60). Indicates that the domain exhibits behaviors that merit closer review. These domains may not be inherently malicious, but they may introduce potential risk and should be examined.

    • High: Risk score between 60 and 90 (inclusive of 60, exclusive of 90). The domain shows strong indicators of malicious or unsafe behavior and may pose a significant security threat; immediate review and action are recommended.
    Discovered On

    The date and time when this domain was detected for the first time.
    Status

    • Allowed: This script is permitted to run on your application. It continues to execute normally in users' browsers.

    • Blocked: The domain is fully blocked, not just the individual script. All resource types from that domain are prevented from loading. The service worker intercepts and blocks all network requests to the domain, returning 403 Forbidden responses instead of real content. This protection applies to JavaScript, CSS, images, iframes, and all other resources. Blocked requests are also reported to the backend for monitoring.

    Action

    Click the Action icon to review the selected domain.

    Select the desired status for the relevant domain:

    • Allowed: This script is permitted to run on your application. It continues to execute normally in users' browsers.

    • Blocked: The domain is fully blocked, not just the individual script. All resource types from that domain are prevented from loading. The service worker intercepts and blocks all network requests to the domain, returning 403 Forbidden responses instead of real content. This protection applies to JavaScript, CSS, images, iframes, and all other resources. Blocked requests are also reported to the backend for monitoring.

    Batch review domains

    To review multiple domains at the same time, select the desired domains by checking the boxes on the left hand side of the table. Then, click Review.

    Exempt Domain List

    The Exempt Domain List contains domains that are always allowed on your application.

    To manage an application's Exempt Domain List,

    1. Click the dropdown in the top-right corner to select which Applications’ domains are displayed on this page.

    2. Select the desired application in the dropdown. The Exempt Domain List button should no longer be grayed out.

    3. From here, there are multiple ways of adding domains to the Exempt Domain List:

      • Batch select domains: Select the desired domains, then click Exempt domain List to add them to the list.

      • Enter domains: Click Exempt Domain List, then enter Exempt Domains. Click Add Domain to add more than one domain to the Exempt Domains List.

      • Edit Application: Navigate to Client-Side Protection > Applications and click the edit icon under Action. From here, you can view, add, or remove domains from the Exempt Domains List.

    Domain Detail

    Click on a Domain value to view its details.

    General

    Field

    Description

    Domain

    The javascript detected on your application.

    Status

    When there are multiple varying iterations of the same script, click compare version to view the differences.

    Risk

    • No Data: Not enough information to conclude the risk level of the domain.

    • Low: Indicates that the script exhibits no suspicious behavior and comes from a source considered safe or commonly used. These domains typically have a minimal impact on security and require no immediate action.

    • Medium: Indicates that the domain exhibits behaviors that merit closer review. These domains may not be inherently malicious, but they may introduce potential risk and should be examined.

    • High: The domain shows strong indicators of malicious or unsafe behavior and may pose a significant security threat; immediate review and action are recommended.

    • Very High: The domain demonstrates clear, active, or highly suspicious malicious behavior and is considered dangerous; it should be treated as a critical security issue and addressed immediately.

    AI Insight

    A description of the script based on the telemetry data collected by FortiAI.

    Popularity

    The URL of the page on which the script was detected.

    Category

    • 1st Party: Javascript that is served from the same domain as your application.

    • 3rd Party: Javascript that is served from a different domain from your application.

    Discovered On

    The date and time when this script was detected for the first time.

    Encrypto Currency

    The most recent time this script was observed running on the application.

    Resource Type

    A description of the malicious effects of the script, as analyzed by FortiAI.

    Whois

    Registration details about a domain name, such as the owner, registrar, creation and expiry dates, and contact information, depending on privacy settings.

    Field

    Description

    Registrar

    The accredited company or organization that manages the reservation of domain names and maintains the official records for those domains.

    Created

    The domain's date of registration.

    Registrant

    The individual or organization that owns or holds the registration rights to the domain name.

    Expiration

    The date on which the current domain registration period ends; the domain must be renewed before or shortly after this date to avoid suspension or release back to the public.

    Updated

    The most recent date on which the domain’s registration record was modified (for example, after renewing, changing contact information, or updating DNS).

    Status

    The domain’s current operational state (e.g., active, locked, suspended, pending deletion), which determines how the domain can be used or modified.

    Validation

    Information that confirms the domain’s certificate is authentic and properly issued, including details about ownership, trust level, and permitted usage.

    Field

    Description

    SSL

    Whether the domain has an SSL certificate.

    Validity

    The time period during which the certificate is considered valid (start and end dates).

    Subject

    The entity the certificate is issued to, typically including the domain name and organization details.

    Key Usage

    Specifies how the certificate’s public key may be used.

    Issuer

    The Certificate Authority (CA) that issued and signed the certificate.

    Basic Constraints

    Indicates whether the certificate belongs to a Certificate Authority and defines any path-length limitations for certificate chaining.

    Previous
    Next