Cloudflare Docs
Page Shield
Visit Page Shield on GitHub
Set theme to dark (⇧+D)

How Page Shield works

Page Shield simplifies external script management by tracking loaded resources like scripts and providing alerts when it detects new resources or malicious scripts. Page Shield also tracks the connections made by scripts on your domain’s pages and checks if they are malicious based on their destination.

Enabling Page Shield adds a Content Security Policy (CSP) deployed with a report-only directive to collect information from the browser. This allows Cloudflare to provide you with a list of all scripts running on your application and the connections they make to third-party endpoints.

The Monitors dashboard will show the list of active scripts and connections. The All Reported Scripts and All Reported Connections dashboards show the full list of detected scripts and connections in your domain, respectively, including infrequent and inactive ones.

Since the script and connection lists are based on sampling, there may be a small delay between deploying a script and having its data displayed in Page Shield’s dashboards.

Enterprise customers with a paid add-on have access to additional classification mechanisms based on threat feeds to determine if a script, or a connection made by a script, is malicious. For more information, refer to Malicious script and connection detection.

​​ Positive security model using policies

Enterprise customers with a paid add-on can create policies to define a positive security model (also known as positive blocking).

When you create policies, Page Shield will generate CSP directives from those policies based on their configuration:

  • Log policies will create CSP directives for the Content-Security-Policy-Report-Only HTTP header.
  • Allow policies will create CSP directives for the Content-Security-Policy HTTP header.

For more information, refer to Policies.

​​ Learn more

For more background on Page Shield, refer to our blog post.