Back to blog

Reflectiz vs c/side

Tuesday, March 25th, 2025

C

Carlo D'Agnolo

This article takes an honest look at the features of Reflectiz.

Since you’re on the c/side website, we acknowledge our bias. That said, we’ve built our case honestly and based our analysis on publicly available information, industry information, and our own or our customers' experiences.

If you want to verify their claims yourself, please navigate to their product pages.

What is Reflectiz?

Reflectiz is a cybersecurity company that focuses on securing web dependencies like third-party scripts and open-source tools. It uses agentless monitoring to detect threats, prevent data leaks, and ensure compliance on websites.

How Reflectiz works

Reflectiz uses a “proprietary browser” which crawls the website. This maps the most important pages and simulates real user activity.

There are a few problems with this approach.

A crawler can indeed mimic user activity, but it isn’t user activity by definition. Nor does it get the exact payload of what all users receive.

Many dependencies use a dynamic system that serves different code based on various parameters. Reflectiz does mention that you can set the chosen geo-location and device settings, but we do not have insight into how comprehensive this is.

Other parameters Reflectiz doesn’t seem able to mimic are:

  • Referrer UR
  • Unique cookies and session data
  • A/B testing or feature flags
  • Browser fingerprinting details
  • Network conditions

After these crawling sessions, Reflectiz will do behavior analysis, data analysis and finally alerts based on what they found.

Finally they use the words “most important pages” which likely refers to mostly payment pages, which is required by the PCI DSS 4.0.1 requirements 6.4.3 and 11.6.1.

c/side however, uses a proxy approach which sits in between every actual user session. It checks the actual payload of every page view, and analyzes the served dependencies code in real-time before serving it to the user.

This allows us to not only spot 0-day attacks and alert, c/side also makes it possible to block attacks before they touch the user’s browser. It also checks the box for multiple compliance frameworks, including PCI DSS 4.0.1

We believe this is the most secure way to monitor and protect your dependencies across your entire website.

Sign up or book a demo to get started.

C

More About Carlo D'Agnolo

I'm the Head of Marketing at c/side.