Cloudflare Client-Side Security: Enhanced Detection and Accessibility

Cloudflare has announced two key changes to its Client-Side Security product: the availability of Client-Side Security Advanced to self-serve customers and complimentary domain-based threat intelligence for all customers on the free Client-Side Security bundle. This enhancement aims to provide powerful security features without requiring a sales engagement, aligning with Cloudflare's goal of building a better Internet.

Key Technical Details

Cloudflare Client-Side Security assesses 3.5 billion scripts per day, protecting 2,200 scripts per enterprise zone on average. The product uses browser reporting, such as Content Security Policy, to collect signals without requiring scanners or app instrumentation, resulting in zero latency impact to web applications. Client-Side Security Advanced provides immediate access to powerful security features, including:

1. Smarter malicious script detection: Enhanced with assessments from a Large Language Model (LLM) for improved accuracy.
2. Code change monitoring: Continuous code change detection and monitoring, essential for meeting compliance like PCI DSS v4, requirement 11.6.1.
3. Proactive blocking rules: Positive content security rules maintained and enforced through continuous monitoring.

Practical Implications for Developers

Cloudflare's Client-Side Security product operates differently than active vulnerability scanners, focusing on intent classification and Abstract Syntax Tree (AST) analysis to identify patterns that signal malicious intent. This approach minimizes false alarms and reduces the overhead of manual approval for new DOM interactions or outbound connections. By leveraging Cloudflare's Client-Side Security, developers can benefit from enhanced security features without compromising development pipeline efficiency.