For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • Getting Started
    • Overview
    • Best practices
  • Sightline Cyberfraud Defense
    • About Sightline Cyberfraud Defense
    • Getting Started
    • What's different in Sightline Cyberfraud Defense
    • Sensor changelog
    • About the Overview Dashboard
    • Glossary
  • AgenticTrust
    • Getting started with AgenticTrust
    • AI Agents Monitoring Dashboard
    • AI Visitors Overview Dashboard
    • Manage AI Agent Permissions
    • Agentic Activity Priority
    • Agent Trust Levels
  • Account Defender
    • Account Defender Overview
    • Use Cases
    • Prerequisites
    • Getting Started with Account Defender
    • Optimizing Account Defender Detection
    • Validating Account Defender Integration
    • Risk Triggers
    • About Network Events
    • Troubleshooting
  • Bot Defender
    • Bot Defender Overview
    • Detection
    • Bot Defender Policy Settings
    • Footprint
  • Credential Intelligence
    • Credential Intelligence Overview
    • How to Access the Breached Flag
    • Credential Intelligence FAQ
    • Credential Intelligence Dashboard
  • Code Defender
    • Code Defender Introduction
    • Getting Started with Code Defender
    • Code Defender Glossary
      • Overview
        • Dashboard
        • Inventory
        • Audit Report
    • Website Risk Analyzer
  • Platform
    • Account settings
    • Manage users
    • Role permissions
    • Enforcer configurations
    • Page Type Mapping
  • Client-Side Integration
    • JavaScript tag
    • Improving first page performance
    • Use of cookies & web storage
    • Advanced client integration
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Script Inventory
  • Header Inventory
  • Content Security Policy (CSP) modifications
  • Statuses
Code DefenderPortalPCI DSS

Inventory

Was this page helpful?
Previous

Audit Report

Next
Built with

The PCI DSS Inventory is a complete list of all auto-discovered scripts and headers, including their status, page, and other information. This is useful for viewing and identifying scripts and headers on your application from one place.

You can access the PCI DSS Inventory from Code Defender > PCI DSS Compliance > Inventory.

Script Inventory

The Script Authorization (6.4.3) tab has the Script Inventory of all scripts Code Defender discovered on the selection application and domain. The Inventory organizes scripts between Active and Archived ones. You can narrow down your results by searching for a specific script or using the provided filters . You can also toggle the inventory view by Pages or Vendors.

Each entry in the Inventory can be clicked to expand it and display all the scripts associated with the page or vendor. You can click the more options menu to take actions on an individual script. These include:

  • Investigate script: Open and investigate the script from Code Defender’s Analyzer.
  • Go to script source: View the script’s source JavaScript.
  • Script summary details: Open the script summary view.
  • Script authorization history: View the script’s authorization history.
  • Change script status: Update the script’s status.
  • Authorize: Authorize the script.

Alternatively, you can also click the checkbox next to multiple scripts to update them in bulk.

Click on a script directly to open its summary with detailed information about the script, update it status, edit its information, view its authorization history, and more. See the PCI DSS Dashboard documentation for more information.

Header Inventory

The HTTP Security Header Authorization (11.6.1) tab has the Header Inventory of all headers Code Defender discovered on the selection application and domain. The Inventory organizes headers between Active and Archived ones. You can narrow down your results by searching for a specific header or using the provided filters . You can also toggle the inventory view by Pages or Headers.

Each entry in the Inventory can be clicked to expand it and display all the headers associated with the page or pages associated with a header. You can click the more options menu to take actions on an individual header. These include:

  • Header summary details: Open the header summary view.
  • Header authorization history: View the header’s authorization history.
  • Change header status: Update the header’s status.
  • Authorize: Authorize the header.

Alternatively, you can also click the checkbox next to multiple headers to update them in bulk.

Click on a header directly to open its summary with detailed information about the header values, update it status, edit its information, view its authorization history, and more. See the PCI DSS Dashboard documentation for more information.

Content Security Policy (CSP) modifications

To review and manage Content Security Policy (CSP) modifications:

  1. Open the PCI DSS Header Authorization tab or header-modification incident and click View in Console (or the incident row from the PCI dashboard).
  2. Expand the panel for that Content-Security-Policy header to see exactly which directives or sources were added or removed. The UI shows the previous and current CSP values, with the changed parts highlighted (yellow).
  3. Use the highlighted difference in the Console to decide whether to approve or investigate further.

Statuses

The Inventory uses various statuses to categorize scripts and headers. You can use these statuses to filter or search for specific scripts or headers as needed.

  • Unauthorized: Scripts or headers that aren’t in the Authorized or Archived state.
    • Unreviewed: Scripts or headers that Code Defender has recently detected, including new or modified ones, and have not yet been updated.
      • New: The detected script or header value is new.
      • Modified: The detected script or header value was previously detected and addressed, but has since changed and needs attention again.
    • In progress: Scripts or header values that your team are currently addressing.
      • Under review: The script or header value is undergoing review.
      • To be removed: The script or header is marked for removal.
      • Pending justification (script only): The script has been authorized, but still needs to be justified.
      • Pending authorization (script only): The script has been justified, but still needs to be authorized.
  • Authorized: The script or header has been authorized.
  • Archived: The script or header was archived, which means it is hidden from most views and excluded from inventory calculations. Scripts or headers that Code Defender has detected within the last 24 hours cannot be archived, and Code Defender automatically moves archived scripts or headers back to the active inventory if it detects them again.