Skip to content
Cloudflare Docs

Get started

Activate Page Shield

To enable Page Shield:

  1. Log in to the Cloudflare dashboard, and select your account and domain.
  2. Go to Security > Page Shield.
  3. Select Enable Page Shield.

If you do not have access to Page Shield in the Cloudflare dashboard, check if your user has one of the necessary roles.

Review detected scripts

When you enable Page Shield, it may take a while to get the list of detected scripts in your domain.

Review the scripts displayed in the Monitors dashboard, checking them for signs of malicious activity.

Depending on your plan, you may be able to also review the connections made by scripts in your domain's pages and check them for malicious activity.

Configure alerts

Once you have activated Page Shield, you can set up one or more alerts informing you of relevant client-side changes on your zones. The available alert types depend on your Cloudflare plan.

To configure an alert:

  1. Go to Account Home > Notifications.
  2. Choose Add and then select Page Shield in the Product dropdown.
  3. Select an alert type.
  4. Enter the notification name and description.
  5. (Optional) If you are an Enterprise customer with a paid add-on, you can define the zones for which you want to filter alerts in Policies of these zones. This option requires that you define allow policies in the selected zones.
  6. Select one or more notification destinations (notification email, webhooks, and connected notification services).
  7. Select Create.

To edit, delete, or disable an alert, go to your account notifications.

Define policies

Policies define allowed resources on your websites. Create policies to implement a positive security model 1.

  1. Create a policy with the Log action.

  2. After some time, review the list of policy violations to make sure the policy is correct. Update the policy if needed.

  3. Change the policy action to Allow to start blocking resources not covered by the policy.

Footnotes

  1. A positive security model is one that defines what is allowed and rejects everything else. In contrast, a negative security model defines what will be rejected and accepts the rest.