For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • Getting Started
    • Overview
    • Best practices
  • Sightline Cyberfraud Defense
    • About Sightline Cyberfraud Defense
    • Getting Started
    • What's different in Sightline Cyberfraud Defense
    • Sensor changelog
    • About the Overview Dashboard
    • Glossary
  • AgenticTrust
    • Getting started with AgenticTrust
    • AI Agents Monitoring Dashboard
    • AI Visitors Overview Dashboard
    • Manage AI Agent Permissions
    • Agentic Activity Priority
    • Agent Trust Levels
  • Account Defender
    • Account Defender Overview
    • Use Cases
    • Prerequisites
    • Getting Started with Account Defender
    • Optimizing Account Defender Detection
    • Validating Account Defender Integration
    • Risk Triggers
    • About Network Events
    • Troubleshooting
  • Bot Defender
    • Bot Defender Overview
    • Detection
    • Bot Defender Policy Settings
    • Footprint
  • Credential Intelligence
    • Credential Intelligence Overview
    • How to Access the Breached Flag
    • Credential Intelligence FAQ
    • Credential Intelligence Dashboard
  • Code Defender
    • Code Defender Introduction
    • Getting Started with Code Defender
    • Code Defender Glossary
      • Overview
        • Create Code Defender Policy Rules
        • Manage Code Defender Policy Rules
        • Allowlist
        • Denylist
    • Website Risk Analyzer
  • Platform
    • Account settings
    • Manage users
    • Role permissions
    • Enforcer configurations
    • Page Type Mapping
  • Client-Side Integration
    • JavaScript tag
    • Improving first page performance
    • Use of cookies & web storage
    • Advanced client integration
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Prerequisites
  • Active rules
  • Mitigation rules
  • Classification rules
  • Active rule priority
  • Draft rules
  • Archived rules
Code DefenderPortalPolicies

Manage Code Defender policy rules

Was this page helpful?
Previous

Allowlist

Next
Built with

Once you have created policy rules, you can manage them from the Policy Rules page. Policy rules are organized into different tabs:

  • Client-side rules: Rules that allow or block script actions.
  • PCI DSS rules: Rules that authorize scripts for PCI DSS 4’s requirement 6.4.3.

Each section separates its available rules into three categories:

  • Active: Rules that are currently published and running for each detected script or action.
  • Draft: Rules that are not completed or have not been activated yet.
  • Archived: Rules that were previously published, but are no longer running.

You can learn about each category below.

Prerequisites

To manage and make changes to policy rules, you must have at least a Developer role.

Active rules

All rules that Code Defender currently enforces are in the Active tab. There are two types of active rules: mitigation rules and classification rules.

Mitigation rules

Mitigation rules are rules where Code Defender or PCI DSS automatically block or allow script actions if they are present on the deny or allow list respectively. You can click on each rule to view the deny or allow list.

Mitigation rules are prioritized over classification rules. For example, if a script action already exists on the deny list, then Code Defender will block that action and will not process any other rules. This means that, if a classification rule exists for that action, Code Defender will never consider it. For more information, see Active rule priority.

Classification rules

Classification rules are custom rules you created. Code Defender processes these rules if the script action doesn’t match any conditions in Mitigation rules.

You can click a classification rule to view its conditions and perform the following actions:

  • Set rule priority: Change the rule’s priority. See active rule priority for more information.
  • Archive rule: Deactivate the policy rule on your application and move it to the Archive tab. When you activate, you must also select a rule priority.
  • Open edit mode: Make revisions to the rule.
  • Duplicate rule: Make a copy of the rule.

You can also drag and drop rules to update Code Defender’s rule priority.

Active rule priority

Code Defender evaluates each script action against active rules by order of priority starting with Mitigation rules and then Classification rules with rule number 1. This means that, when matching script actions to policy rules, Code Defender uses the following logic:

  1. Code Defender attempts to match the script action to the conditions in each policy rule one by one.
  2. When Code Defender finds the first policy rule with conditions that match the detected script action, then Code Defender performs the action related to that rule.
  3. Code Defender stops attempting to match the script action with any remaining policy rules.

This means that if you have two or more policy rules with matching conditions, then Code Defender will prioritize completing the action associated with the earlier rule, then stop considering the remaining rules. So, for example, say your policy rules are ordered like this:

  1. Policy rule that allows all script actions detected on all host domains.
  2. Policy rule that allows all scripts actions from all known vendors.
  3. Policy rule that blocks specific undesired script actions taken by any script belonging to a specific script vendor.

If your application receives a script from the specified vendor Policy Rule 3, and this script performs the specified undesired actions, those script actions will not be blocked even though the rule exists. This is because this vendor is also considered a known vendor in Policy Rule 2. Since the latter is the earlier rule, it is prioritized, and the vendor will be allowed. Code Defender will never continue on to the next rule.

Draft rules

All rules that you’re currently editing or are not yet active are in the Draft tab. You can click a rule to view its conditions and perform the following actions:

  • Activate rule: Start enforcing the policy rule on your application and move it to the Active tab. When you activate, you must also select a rule priority.
  • Delete rule: Remove the rule permanently from your account.
  • Open edit mode: Make revisions to the rule.
  • Duplicate rule: Make a copy of the rule.

Archived rules

All rules that were previously active but have since been deactivated are in the Archive tab. You can click a rule to view its conditions and perform the following actions:

  • Activate rule: Start enforcing the policy rule on your application and move it to the Active tab. When you activate, you must also select a rule priority.
  • Move to drafts: Move the rule to the Draft tab.
  • Open edit mode: Make revisions to the rule.
  • Duplicate rule: Make a copy of the rule.