Page Integrity Manager Quick Start
Detect attackers trying to steal data via first or third-party scripts that you use on your site. Page Integrity Manager identifies suspicious and malicious script behaviors, and helps you take action to protect your site and visitors. You don't need to deliver your content on Akamai's Intelligent Platform to use Page Integrity Manager. Apply detections to any website, no matter where you host it.
Magecart and other data hijack threats
All contemporary websites run with a constellation of third-parties we depend on to provide vital features like marketing automation, animations, web experience personalization, advertising, analytics, and other widgets that enrich your site’s user experience and inform your business. These third-party vendors do so via code they run on your site. That magic code in turn, relies on your vendor’s vendors who run their own code, which is also connected to your website, and so on.
If you look at an actual working website, the network is extensive:
This setup creates a large attack surface for your website, which you can’t control or track. You may trust your vendors, but you wouldn’t know if they or any of their solution providers are compromised.
The code that your third-party vendors run on your site is separate from your code and your server, so traditional WAF protections aren’t part of the mix. More urgently, their code is in contact with your user and can listen in on user entries and send that data wherever it wants.
If a bad actor gains entry to the chain, it’s not much different from card skimmers in the physical world who insert their bogus device on a bank machine and wait for users to interact directly with that skimmer, while the bank knows nothing about it and can’t protect the user.
When attackers get access via third-party code, they can do nefarious things like copy the payment data every user enters in the shopping cart, intercept your users’ credential entries, or deface your site.
How detections work
Your first Page Integrity Configuration
A Page Integrity Configuration contains the details of your script detection setup. You use it to:
- Define areas of your site where users enter sensitive data, like passwords or credit card numbers.
- Optionally monitor or constrain a domain's access to cookies, local storage, network destinations, or sensitive data.
- Remember script sources you have blocked from sending outgoing data and other actions you’ve taken on suspicious incidents in the past.
- Visit https://control.akamai.com/ and log in.
- Go to .
- Click Page Integrity Configurations.
- On the Page Integrity Configurations table header, click +.
- Enter a name that's apt and descriptive.
- If you want, enter a description that explains what this configuration protects.
- Select the Contract and Group ID containing the users and properties you want to work with.
Domains, enter the full URLs of the websites where you will use
Page Integrity, like
www.example.com.Enter domains you control, so Page Integrity knows which domains belong to you and which belong to third-parties (those outside your organization). Entries here affect detection and reporting, but don't set protections directly. You can add more domains later. If you want, copy and paste a comma-delimited list.
- Click Save.
Define pages where users enter sensitive data
- On the left, under SITE AND PROTECTION SETTINGS, click Sensitive Data Forms.
Enter the full URLs of form pages, like
https://www.example.com/en/login. Wildcards allowed like
https://www.example.com/*/loginbut include only pages that contain forms.
- Click Save.
Set up alerts
- Under Alerts, enter the email addresses that should get a message when an incident occurs.
- Click Save.
Apply Page Integrity protection to your website
Monitor and respond to incidents
Page Integrity constantly analyzes script execution behavior in real-user sessions. But how do you know what it's finding? Our reporting tools to let you scan general activity, home in on suspected threats, and even see what intelligence Page Integrity has on scripts that have run while users interact with your website.
When suspicious behaviors affect one of your users, Page Integrity records it as an event. When a chain of events affects many users, the pattern likely signifies a serious threat, and Page Integrity generates an incident. It emails anyone you specified and raises the alarm on the Page Integrity Console, where you can take the immediate action Page Integrity recommends, based on:
- the traits of the incident
- our threat research team's extensive knowledge of script and domain behavior
A high-level view of the flow looks like this:
To learn more about all your incident response options, and get the full story on using Page Integrity, read Page Integrity Manager Help login required.
© 2020 Akamai Technologies, Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited. Akamai and the Akamai wave logo are registered trademarks or service marks in the United States (Reg. U.S. Pat. & Tm. Off). Akamai Intelligent Edge Platform is a trademark in the United States. All other trademarks contained herein are the property of their respective owners. Akamai believes that the information in this publication is accurate as of its publication date; such information is subject to change without notice. Published 4/2020