From first scan to continuous protection in minutes. No code changes required.
Add your site URL and ScriptAttest launches a real browser to scan your pages. We capture a complete fingerprint of every script: URLs, content hashes, execution order, network activity, and dangerous sinks.
Your first attestation automatically becomes your trusted baseline. This is the "known good" state that all future scans compare against. You control when to update it.
Schedule automatic scans daily, weekly, or on custom intervals. Every scan compares against your baseline and alerts you to any drift—whether it's a script content change, new network domain, or dangerous pattern.
When drift is detected, review detailed diff reports showing exactly what changed. If the change is legitimate (like a vendor update), accept it and set a new baseline. If it's malicious, you've caught a supply chain attack.
If the change is expected (vendor update, new feature), mark it as approved and update your baseline.
If the change is suspicious, investigate further. Use CSP to block the compromised script immediately.
ScriptAttest also generates and validates strict Content Security Policies based on discovered resources.
Scan your pages to discover all external resources and inline scripts.
Auto-generate strict, hash-based CSP policies from approved sources.
Test your policy in enforce mode to catch issues before production.
Content-Security-Policy:
default-src 'self';
script-src 'self' 'sha256-a1b2c3...' 'sha256-d4e5f6...';
style-src 'self' 'unsafe-hashes' 'sha256-x1y2z3...';
img-src 'self' https://cdn.example.com;
connect-src 'self' https://api.example.com;
report-uri https://scriptattest.com/api/csp/abc123;Start with a free attestation scan and see exactly what scripts are running on your site.