Notifications can be received both in-app via the information that appears when hovering over the bell icon on the top right of the banner, and via email notifications, after opting into this option. Click here for more information and instructions how to opt into email notifications easily.
Effectively managing notifications, particularly acknowledging acceptable script behaviors, is important for maintaining your website's security. It ensures that any changes to scripts or their behaviors are promptly identified and addressed.
Types of notifications
There are three types of security notifications in the Source Defense platform:
- New script detected – Notification of newly detected scripts on your site.
- New script behavior – Alerts when an existing script exhibits new or changed behavior.
-
New policy recommendation – Suggests updates or additions to your security policies to improve site protection.
-
New script detected notification
This notification alerts you when a new script—either third-party or a fourth-party script triggered indirectly—is detected on your website. Reviewing new scripts ensures they are legitimate, purposeful, and secure.
Handling “new script detected”
Steps required as follows; detailed below.
- Review the new script detected
- Verify the script’s source and behaviors
- Acknowledge and manage behaviors
- Blocking scripts - when required
Step 1: Review new script
-
Click on the notification as highlighted below.
Clicking on the notification will take you to the Script list page, pre-filtered to display scripts added within the last 30 days, as seen in the image below.
- Select a script to view the site(s) where it was added. This will navigate you to the site’s Script page.
Clicking on the site will take you to the site’s Script page.
- Review site Script page for details about the script, including:
- About: General information about the script.
- Type: Indicate if the script is a 3rd and/or 4th party.
-
Script Behaviors: List of script's observed behaviors.
- Clicking on a behavior will open an overlay with additional data.
Step 2: Verify script source and behaviors:
- Third-Party Scripts: Identify the responsible department and confirm the script’s purpose and behaviors.
- Fourth-Party Scripts: Verify the initiating third-party script and confirm the behaviors.
Step 3: Acknowledge and manage behaviors
Acknowledging and managing script behaviors is an important step in maintaining your website's security and ensuring that any changes to scripts or their behaviors are identified and managed effectively.
- Click on the “Manage” button to review the Behavior Overlay, and review the behavior details.
- Click on ‘Acknowledge behaviors” if script behaviors are acceptable.
- If not, notify the owner of the script of these unexpected behaviors. For example, if the script is a tracking service and it starts to access PII data.
You may jointly decide with the script owner to block the script as described in section 4 below. The script owner may decide to acknowledge the behaviors or refer to the script’s vendor for clarification.
If the script is interacting with a blacklisted domain, it is recommended to block it.
Note: if the 4th party is running behaviors already approved by the 3rd party that triggered it, those behaviors can probably be approved and acknowledged as well.
- After acknowledging behaviors, they will no longer appear as
; they will be marked as acknowledged and removed from the bell notification. Note it is possible to mark behaviors as “unacknowledged” in case this was marked accidentally.
When the same behavior occurs again, there will be no notification, unless there is a change in behavior, such as accessing different data than the data previously reported and acknowledged, or interacting with a domain other than the domain previously reported and acknowledged.
Step 4: Enter script justification
- In order to keep track of script authorization, add a justification for the script’s presence, including the responsible team, in the "Justification" section. Submit the entry.
Step 5: Blocking scripts - when required
If you cannot identify the script owner or validate its behavior, you may choose to block the script.
a. Click the “Manage” button shown below, which will open the Behavior overlay again.
b.Click on the three dots (...) as shown below.
c. Select Blocked as shown below.
-
New script behavior notification
This notification alerts you to changes in a script’s behavior, such as sending data to a new domain or accessing additional sensitive data. Prompt acknowledgment ensures continuous awareness of potential risks.
Handling “new behavior”
Step 1: Review the script
- Click on the notification as highlighted below.
Clicking on the notification will take you to the Script list page, pre-filtered to display new behaviors found within the last 30 days, as seen in the image below
- Select a script to see the site(s) where new behaviors were found in the last 30 days.
- Clicking on the site will take you to the site’s Script page.
- Review site Script page for details about the script, including:
- About: General information about the script.
- Type: Indicate if the script is a 3rd and/or 4th party.
-
Script Behaviors: Clicking on a behavior will open an overlay with additional data.
-
New behaviors will be clearly marked with the
- New behaviors include behaviors previously identified, but behaving differently, including:
- A script that previously accessed PII fields now interacts with another PII field.
- Or a script that previously transferred data started to transfer data to a domain it didn't transfer data to in the past.
- Clicking on a behavior will open the Behavior Overlay with additional details.
-
New behaviors will be clearly marked with the
Step 2: Verify script source and behaviors:
- Third-Party Scripts: Identify the responsible department and confirm the script’s purpose and behaviors.
- Fourth-Party Scripts: Verify the initiating third-party script and confirm the behaviors.
Step 3: Acknowledge and manage behaviors
Acknowledging and managing script behaviors is a critical step in maintaining your website's security and ensuring that any changes to scripts or their behaviors are identified and managed effectively.
- Click on the “Manage” button to review the Behavior Overlay, and review the behavior details.
- Click on ‘Acknowledge behaviors” if script behaviors are acceptable.
- If not, notify the owner of the script of these unexpected behaviors. For example, if the script is a tracking service and it starts to access PII data.
You may jointly decide with the script owner to block the script as described in section 4 below.
If the script is interacting with a blacklisted domain, it is recommended to block it.
Note: if the 4th party is running behaviors already approved by the 3rd party that triggered it, those behaviors can probably be approved and acknowledged as well.
- After acknowledging behaviors, they will no longer appear as
When the same exact behavior occurs again, there won’t be a special notification, unless there is a change in behavior, such as accessing different data than the data previously reported and acknowledged, or interacting with a domain other than the domain previously reported and acknowledged.
Step 4: Blocking scripts - when required
If you cannot identify the script owner or validate its behavior, you may choose to block the script.
a. Click the “Manage” button shown below, which will open the Behavior overlay again.
b.Click on the three dots (...) as shown below.
c. Select Blocked as shown below.
-
New policy recommendation notification
This notification suggests security policy updates for better control over script behaviors.
Handling “new policy recommendation”
Step 1: Accept new policy recommendation
- Click on the notification as highlighted below.
Clicking on the notification will take you to the Script list page, pre-filtered to scripts with pending policy recommendations for scripts found on your site in the past 30 days, as seen in the image below.
-
Select a script to see the site(s) with scripts from the past 30 days with pending recommendations.
Clicking on the site will take you to the site’s Script page.
- Click on the “Manage” button - as seen below - to open the Behavior Overl.
- Click on "Accept Policy and Acknowledge behaviors" to accept the policy and acknowledge the script’s behaviors.
- Alternatively, click on the three dots (...) to the right of the button to explore more options.