Akamai Client-Side Protection

Akamai Client-Side Protection

Akamai Client-Side Protection is a script security solution that monitors third-party JavaScript for supply chain attacks and data skimming. A lightweight agent script observes the behavior of all scripts running on the page, detecting unauthorized data access and exfiltration attempts. Behavioral telemetry is transmitted to Akamai for analysis and alerting.

Akamai
Part of Akamai
Back to Vendor Library

Overview

Akamai Client-Side Protection (formerly Page Integrity Manager) is a security solution that monitors the behavior of all JavaScript executing on a web page to detect and prevent client-side attacks. It defends against Magecart-style card skimming, formjacking, unauthorized data exfiltration, and supply chain compromises where third-party scripts are hijacked to steal user data. The solution operates as a security control rather than a tracking or analytics tool.

What This Script Does

Akamai Client-Side Protection deploys a lightweight monitoring agent that observes script behavior on the page.

  • Scripts loaded: A monitoring agent script loads from Akamai's edge network. This agent instruments the page's JavaScript execution environment to observe the behavior of all other scripts (first-party and third-party) running on the page.
  • Behavioral monitoring: The agent monitors script activities including network requests (destination URLs, payload contents), cookie access patterns, form field interactions, DOM modifications, and data storage operations. It compares observed behavior against a baseline to detect anomalies.
  • Data transmitted: Behavioral telemetry is sent to Akamai's servers for analysis, including which scripts are executing, what domains they communicate with, what data they access, and whether their behavior deviates from established patterns. This telemetry does not contain end-user personal data — it describes script behavior, not user behavior.
  • No cookies set: The monitoring agent does not set cookies for tracking or identification purposes. Any browser storage used is for the security monitoring functionality itself.
  • Alerting and blocking: When suspicious behavior is detected (e.g., a script attempting to read credit card form fields and transmit data to an unauthorized domain), the system can alert the site operator and optionally block the malicious action in real time.

Consent & Compliance

Akamai Client-Side Protection falls under the essential consent category.

Under GDPR and ePrivacy, client-side security monitoring qualifies as a strictly necessary service. The monitoring agent protects users' personal data (payment credentials, login information) from theft by compromised scripts. This aligns with the site operator's obligation under GDPR Article 32 to implement appropriate technical measures to protect personal data. The ePrivacy Directive's exemption for strictly necessary services covers security mechanisms that protect the integrity of the service.

Under CCPA/CPRA, the security monitoring constitutes a "business purpose" — protecting the security and integrity of the service. The telemetry collected describes script behavior, not consumer personal information, and is used solely for security purposes.

Should You Block This Without Consent?

No. Akamai Client-Side Protection is a security service that protects visitors from data theft by compromised scripts. Blocking it would remove a critical security control, potentially exposing visitors to card skimming and data exfiltration attacks. It does not track users, set advertising cookies, or collect personal data for marketing purposes.

Visit website

Consent Categories

Essential

Also Known As

akamaiakamai client side protectionakamai page integrityscript protectionmagecart protectionakamai csp

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Frequently Asked Questions

Is consent required for Akamai Client-Side Protection?

No. Akamai Client-Side Protection is a security service that monitors third-party JavaScript for supply chain attacks and data skimming. It qualifies as strictly necessary under GDPR Article 32 and the ePrivacy Directive's security exemption. It does not track users, set advertising cookies, or collect personal data for marketing.

What does Akamai Client-Side Protection collect?

The monitoring agent collects behavioral telemetry describing script activity: network request destinations, cookie access patterns, form field interactions, and DOM modifications. This telemetry describes script behavior, not user behavior, and contains no end-user personal data. No tracking cookies are set by the agent itself.

How does ConsentStack detect Akamai Client-Side Protection?

ConsentStack identifies Akamai Client-Side Protection by its monitoring agent script loaded from Akamai's edge network. It is classified as essential and excluded from consent blocking. ConsentStack does not block this script, as doing so would remove a security control protecting visitors from data theft by compromised scripts.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Akamai Client-Side Protection

ConsentStack automatically detects and manages Akamai Client-Side Protection trackers so your site stays compliant with global privacy regulations.

Get started free