Cloudflare Docs
Page Shield
Visit Page Shield on GitHub
Set theme to dark (⇧+D)

Get started with Cloudflare Page Shield

​​ Activate Page Shield

To enable Page Shield:

  1. Log in to the Cloudflare dashboard, and select your account and domain.
  2. Go to Security > Page Shield.
  3. Select Enable Page Shield.

If you do not have access to Page Shield in the Cloudflare dashboard, check if your user has one of the necessary roles.

​​ Review detected scripts

When you enable Page Shield, it may take a while to get the list of detected scripts in your domain.

Review the scripts displayed in the Monitors dashboard, checking them for signs of malicious activity.

Depending on your plan, you may be able to also review the connections made by scripts in your domain’s pages and check them for malicious activity.

​​ Configure alerts

Once you have activated Page Shield, you can set up multiple alerts for your domain.

Cloudflare sends alerts at regular intervals, so you might experience a delay between adding a new script and receiving an alert.

To set up alerts:

  1. Go to Security > Page Shield.
  2. In the Settings tab, select Configure an alert.
  3. Select an alert type.
  4. Fill in the required information and select Create.

To edit, delete, or disable an alert, go to your account notifications.

​​ Define policies

Policies define allowed resources on your websites. Create policies to implement a positive security model 1.

  1. Create a policy with the Log action.

  2. After some time, review the list of policy violations to make sure the policy is correct. Update the policy if needed.

  3. Change the policy action to Allow to start blocking resources not covered by the policy.

  1. A positive security model is one that defines what is allowed and rejects everything else. In contrast, a negative security model defines what will be rejected and accepts the rest. ↩︎