# Scripts

The Scripts section provides information about all of the scripts that were found on your targets, as well as where they are hosted.

## Use Cases

* **Keep track of additions or changes to scripts on your website.** If you don't recognize a script or a change that was made, you should verify that it is legitimate.
* **Verify that third-party site hosting scripts are safe.** Find out if sites that host your scripts have previously been flagged for serving malware, phishing, or adult content.

## Detection

Every script tag that is discovered during the crawling process is cataloged.

## Risk

Risk is assigned by verifying that the script is loaded over HTTPS and the host does not serve malware, phishing, or adult content.

* **High** (<mark style="color:red;">●</mark> Red): The host serving the script has been flagged for malware or phishing content.
* **Medium** (<mark style="color:yellow;">●</mark> Yellow): A script is being loaded over a plaintext HTTP connection.
* **Low** (<mark style="color:green;">●</mark> Green): No significant risks are associated with the script.

Scripts rated **High** or **Medium** risk will create [issues](/docs/platform/issues.md).

{% hint style="info" %}
We recommend fixing both **High** and **Medium** risk issues.
{% endhint %}

## Monitoring

Scripts can be monitored for changes by toggling their monitor status on the [List](https://app.halosecurity.com/user/security/website/script/list) page. This is useful for keeping an eye on scripts that are involved in sensitive areas of an application such as shopping carts and checkout flows. If a change is detected it will trigger a `website-script-monitor-change` event so you can be immediately notified.

Learn more about events at:

{% content-ref url="/pages/MtggX3t55b2BwW9thVOd" %}
[Events](/docs/platform/events.md)
{% endcontent-ref %}

## Reports

* [Overview](https://app.halosecurity.com/user/security/website/script/): General information about scripts that were found including risk rating, most common names, download size, and geographical location of hosts.
* [Summary](https://app.halosecurity.com/user/security/website/script/summary): Summary of all scripts and which hosts they were found on, including out-of-scope hosts.
* [List](https://app.halosecurity.com/user/security/website/script/list): List of scripts.
* [Search](https://app.halosecurity.com/user/security/website/script/search): Allows you to search for a string within any of the scripts that were located.
* [Changes](https://app.halosecurity.com/user/security/website/script/changes): Display changes made to scripts between current and prior scans and pull up differences that were found.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.halosecurity.com/docs/platform/websites/scripts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.