Skip to main content

How do I manage script policies? [HOW-TO GUIDE]

  • Updated

Overview

3rd party scripts running on your website are assigned security policies in order to protect your users and your data from potential risks that may be introduced by those scripts. You can manage and change the script policies using the Source Defense Console.

How to Change a Script Policy

Log in to the Source Defense Console: 

[https://aa-ui.sourcedefense.com]

 

Access the 3rd+ Party Scripts List: 

From the left-hand menu, select 3rd+ Party Scripts, from under the Cliend Side Security option (for those using the security product - this list displays all 3rd+ party scripts found on all pages) or from under the PCI Compliance option (for those using the PCI product - this list displays all 3rd+ party scripts found on payment pages defined).

 

 

 

 

Locate the Script: 

Find the script you wish to manage by searching via the filter or simply browsing the list of scripts associated with your site(s).

Note the filter includes the option to filter scripts that have pending policy recommendations or scripts with policies not as recommended.

Script Details: 

Click on the script name to open its Script Detail Page.

 

Manage the Script Policy: 

  • Open the Manage Panel.
    • If script is NOT “In Policy” AND/OR Behaviors are not Acknowledged, click “Manage” to access the Manage Panel.

      image-20250428-185752.png
    • If script is “In Policy”, and Behaviors are Acknowledged, you’ll need to expand the Policy Panel and click “Manage” to access the Manage Panel.

Screenshot 2025-05-11 143911.png

  • If there is a policy recommendation, the best practice it so set this policy that was recommended, by clicking on the Accept Policy button.

  • If there is no policy recommendation, click the 'Change Policy' button; if there is no policy recommendations but there are unacknowledged behaviors, click on the ellipsis ("...") next to the Acknowledge behaviors button to open the policy options.
  • Select the appropriate policy based on your security needs:
    • Blocked — Prevents the script from running at all.
    • Isolated — Runs the script in a secure sandbox, preventing access to sensitive content or DOM manipulation.
    • Monitored — Allows the script to run but monitors its behaviors for risk reporting.

    • Redacted — Redacts specific types of sensitive data the script attempts to access:

      • Redact - PCI — Redacts payment information (credit cards, etc.).

      • Redact - PII — Redacts personally identifiable information (name, email, address, etc.).
      • Redact - Credentials — Redacts user credentials (usernames, passwords).
      • Redact - Combinations — (e.g., PCI + PII, PCI + UC, PII + UC, PCI + PII + UC).

NOTE: If a policy is not listed in the console, it is not available for that specific script.

 

Apply the Policy: 

Click Accept Policy to save and apply the selected policy to the script.

 

Verify the Update:

Once saved, the new policy status will be reflected on the Script Detail Page.

 

Important Information

  • Policy changes take effect immediately once applied.
  • Source Defense continues to monitor scripts and notify you of any newly observed behaviors, even if a script is blocked.
  • We recommend validating your website’s key functionality after applying or changing a script policy.

 

Related articles