Cloudflare Docs
Page Shield
Cloudflare Docs
Page Shield
GitHub icon
Visit Page Shield on GitHub
Set theme to dark (⇧+D)
  1. Products
  2. Page Shield
  3. Policies
  4. Supported CSP directives

CSP directives supported by policies

Page Shield monitors scripts loaded on your website and the connections they make. Monitored resources are displayed in the Monitors dashboard.

Page Shield policies support most Content Security Policy (CSP) directives, covering both monitored and unmonitored resources. You can use a policy to control other types of resources besides scripts and their connections, even though Page Shield is not monitoring these resources.

Each CSP directive can contain multiple values, including schemes, hostnames, URIs, and special keywords between single quotes (such as 'none'). Hostname and URI values support a * wildcard for the leftmost subdomain.

The following table lists the supported CSP directives and keywords you can use in Page Shield policies:

Directive Name in the dashboard Supported keywords Monitored
script-src Scripts 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 Yes
connect-src Connections 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 Yes
default-src Default 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
img-src Images 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
style-src Styles 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
font-src Fonts 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
object-src Objects 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
media-src Media 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
child-src Child 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
form-action Form actions 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
worker-src Workers 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
base-uri Base URI 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
manifest-src Manifests 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
frame-src Frames 'none'
'self'
'unsafe-inline'
'unsafe-eval'		 No
frame-ancestors Frame ancestors 'none'
'self'		 No
upgrade-insecure-requests Upgrade insecure requests N/A No

​​ More resources

For more information on CSP directives and their values, refer to the following resources in the MDN documentation: