Fastly · Capability

Fastly Client-Side Protection — Policies

Manage Content Security Policy (CSP) directives and headers for sites protected by Fastly Client-Side Protection.

Fastly Client-Side Protection — Policies is a Naftiko capability published by Fastly, one of 73 capabilities the APIs.io network indexes for this provider. It bundles 7 operations across the GET, POST, and PATCH methods rooted at /v1/client-side-protection/websites/{…}.

The capability includes 5 read-only operations and 2 state-changing operations. Lead operation: List Fastly CSP policies. Can be deployed as a REST endpoint, MCP tool, or Agent Skill via Naftiko.

Tagged areas include Fastly, Client-Side Protection, Security, and Policies.

Run with Naftiko FastlyClient-Side ProtectionSecurityPolicies

What You Can Do

GET
Listpolicies — List policies
/v1/client-side-protection/websites/{website-id}/policies
POST
Createpolicy — Create policy
/v1/client-side-protection/websites/{website-id}/policies
GET
Getpolicy — Get policy
/v1/client-side-protection/websites/{website-id}/policies/{policy-id}
PATCH
Updatepolicy — Update policy
/v1/client-side-protection/websites/{website-id}/policies/{policy-id}
GET
Listpolicyreports — List policy reports
/v1/client-side-protection/websites/{website-id}/policies/{policy-id}/reports
GET
Listsecurityheaders — List security headers
/v1/client-side-protection/websites/{website-id}/security-headers
GET
Listheaderevents — List header events
/v1/client-side-protection/websites/{website-id}/security-headers/events

MCP Tools

list-csp-policies

List Fastly CSP policies

read-only idempotent
create-csp-policy

Create a Fastly CSP policy

get-csp-policy

Get a Fastly CSP policy

read-only idempotent
update-csp-policy

Update a Fastly CSP policy

idempotent
list-csp-policy-reports

List Fastly CSP policy violation reports

read-only idempotent
list-csp-security-headers

List Fastly CSP security headers

read-only idempotent
list-csp-header-events

List Fastly CSP header events

read-only idempotent

Capability Spec

client-side-protection-policies.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Fastly Client-Side Protection — Policies
  description: Manage Content Security Policy (CSP) directives and headers for sites protected by Fastly Client-Side Protection.
  tags: [Fastly, Client-Side Protection, Security, Policies]
  created: '2026-05-22'
  modified: '2026-05-22'
binds:
- namespace: env
  keys: { FASTLY_API_KEY: FASTLY_API_KEY }
capability:
  consumes:
  - type: http
    namespace: client-side-protection-policies
    baseUri: https://api.fastly.com
    description: CSP policy and security-header management.
    resources:
    - name: policies
      path: /client-side-protection/websites/{website_id}/policies
      operations:
      - { name: listpolicies, method: GET, description: List policies, outputRawFormat: json, outputParameters: [ { name: result, type: object, value: $. } ] }
      - { name: createpolicy, method: POST, description: Create policy, outputRawFormat: json, outputParameters: [ { name: result, type: object, value: $. } ] }
    - name: policy
      path: /client-side-protection/websites/{website_id}/policies/{policy_id}
      operations:
      - { name: getpolicy, method: GET, description: Get policy, outputRawFormat: json, outputParameters: [ { name: result, type: object, value: $. } ] }
      - { name: updatepolicy, method: PATCH, description: Update policy, outputRawFormat: json, outputParameters: [ { name: result, type: object, value: $. } ] }
    - name: policy-reports
      path: /client-side-protection/websites/{website_id}/policies/{policy_id}/reports
      operations:
      - { name: listpolicyreports, method: GET, description: List policy reports, outputRawFormat: json, outputParameters: [ { name: result, type: object, value: $. } ] }
    - name: security-headers
      path: /client-side-protection/websites/{website_id}/security-headers
      operations:
      - { name: listsecurityheaders, method: GET, description: List security headers, outputRawFormat: json, outputParameters: [ { name: result, type: object, value: $. } ] }
    - name: header-events
      path: /client-side-protection/websites/{website_id}/security-headers/events
      operations:
      - { name: listheaderevents, method: GET, description: List header events, outputRawFormat: json, outputParameters: [ { name: result, type: object, value: $. } ] }
    authentication: { type: apikey, key: Fastly-Key, value: '{{env.FASTLY_API_KEY}}', placement: header }
  exposes:
  - type: rest
    namespace: client-side-protection-policies-rest
    port: 8080
    description: REST adapter.
    resources:
    - path: /v1/client-side-protection/websites/{website-id}/policies
      name: policies
      description: Policies collection.
      operations:
      - { method: GET, name: listpolicies, description: List policies, call: client-side-protection-policies.listpolicies, outputParameters: [ { type: object, mapping: $. } ] }
      - { method: POST, name: createpolicy, description: Create policy, call: client-side-protection-policies.createpolicy, outputParameters: [ { type: object, mapping: $. } ] }
    - path: /v1/client-side-protection/websites/{website-id}/policies/{policy-id}
      name: policy
      description: Single policy.
      operations:
      - { method: GET, name: getpolicy, description: Get policy, call: client-side-protection-policies.getpolicy, outputParameters: [ { type: object, mapping: $. } ] }
      - { method: PATCH, name: updatepolicy, description: Update policy, call: client-side-protection-policies.updatepolicy, outputParameters: [ { type: object, mapping: $. } ] }
    - path: /v1/client-side-protection/websites/{website-id}/policies/{policy-id}/reports
      name: policy-reports
      description: Policy reports.
      operations:
      - { method: GET, name: listpolicyreports, description: List policy reports, call: client-side-protection-policies.listpolicyreports, outputParameters: [ { type: object, mapping: $. } ] }
    - path: /v1/client-side-protection/websites/{website-id}/security-headers
      name: security-headers
      description: Security headers list.
      operations:
      - { method: GET, name: listsecurityheaders, description: List security headers, call: client-side-protection-policies.listsecurityheaders, outputParameters: [ { type: object, mapping: $. } ] }
    - path: /v1/client-side-protection/websites/{website-id}/security-headers/events
      name: header-events
      description: Security header events.
      operations:
      - { method: GET, name: listheaderevents, description: List header events, call: client-side-protection-policies.listheaderevents, outputParameters: [ { type: object, mapping: $. } ] }
  - type: mcp
    namespace: client-side-protection-policies-mcp
    port: 9090
    transport: http
    description: MCP adapter.
    tools:
    - { name: list-csp-policies, description: List Fastly CSP policies, hints: { readOnly: true, destructive: false, idempotent: true }, call: client-side-protection-policies.listpolicies, outputParameters: [ { type: object, mapping: $. } ] }
    - { name: create-csp-policy, description: Create a Fastly CSP policy, hints: { readOnly: false, destructive: false, idempotent: false }, call: client-side-protection-policies.createpolicy, outputParameters: [ { type: object, mapping: $. } ] }
    - { name: get-csp-policy, description: Get a Fastly CSP policy, hints: { readOnly: true, destructive: false, idempotent: true }, call: client-side-protection-policies.getpolicy, outputParameters: [ { type: object, mapping: $. } ] }
    - { name: update-csp-policy, description: Update a Fastly CSP policy, hints: { readOnly: false, destructive: false, idempotent: true }, call: client-side-protection-policies.updatepolicy, outputParameters: [ { type: object, mapping: $. } ] }
    - { name: list-csp-policy-reports, description: List Fastly CSP policy violation reports, hints: { readOnly: true, destructive: false, idempotent: true }, call: client-side-protection-policies.listpolicyreports, outputParameters: [ { type: object, mapping: $. } ] }
    - { name: list-csp-security-headers, description: List Fastly CSP security headers, hints: { readOnly: true, destructive: false, idempotent: true }, call: client-side-protection-policies.listsecurityheaders, outputParameters: [ { type: object, mapping: $. } ] }
    - { name: list-csp-header-events, description: List Fastly CSP header events, hints: { readOnly: true, destructive: false, idempotent: true }, call: client-side-protection-policies.listheaderevents, outputParameters: [ { type: object, mapping: $. } ] }