Skip to content
Cloudflare API
Start here
API Reference
Page Shield
Scripts

List Page Shield scripts

client.pageShield.scripts.list(ScriptListParams { zone_id, direction, exclude_cdn_cgi, 11 more } params, RequestOptionsoptions?): SinglePage<Script { id, added_at, first_seen_at, 18 more } >
GET/zones/{zone_id}/page_shield/scripts

Lists all scripts detected by Page Shield.

Security

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Page ShieldDomain Page Shield ReadDomain Page ShieldPage Shield ReadZone Settings WriteZone Settings Read
ParametersExpand Collapse
params: ScriptListParams { zone_id, direction, exclude_cdn_cgi, 11 more }
zone_id: string

Path param: Identifier

maxLength32
direction?: "asc" | "desc"

Query param: The direction used to sort returned scripts.

One of the following:
"asc"
"desc"
exclude_cdn_cgi?: boolean

Query param: When true, excludes scripts seen in a /cdn-cgi path from the returned scripts. The default value is true.

exclude_duplicates?: boolean

Query param: When true, excludes duplicate scripts. We consider a script duplicate of another if their javascript content matches and they share the same url host and zone hostname. In such case, we return the most recent script for the URL host and zone hostname combination.

exclude_urls?: string

Query param: Excludes scripts whose URL contains one of the URL-encoded URLs separated by commas.

_export?: "csv"

Query param: Export the list of scripts as a file, limited to 50000 entries.

hosts?: string

Query param: Includes scripts that match one or more URL-encoded hostnames separated by commas.

Wildcards are supported at the start and end of each hostname to support starts with, ends with and contains. If no wildcards are used, results will be filtered by exact match

order_by?: "first_seen_at" | "last_seen_at"

Query param: The field used to sort returned scripts.

One of the following:
"first_seen_at"
"last_seen_at"
page?: string

Query param: The current page number of the paginated results.

We additionally support a special value "all". When "all" is used, the API will return all the scripts with the applied filters in a single page. This feature is best-effort and it may only work for zones with a low number of scripts

page_url?: string

Query param: Includes scripts that match one or more page URLs (separated by commas) where they were last seen

Wildcards are supported at the start and end of each page URL to support starts with, ends with and contains. If no wildcards are used, results will be filtered by exact match

per_page?: number

Query param: The number of results per page.

maximum100
minimum1
prioritize_malicious?: boolean

Query param: When true, malicious scripts appear first in the returned scripts.

status?: string

Query param: Filters the returned scripts using a comma-separated list of scripts statuses. Accepted values: active, infrequent, and inactive. The default value is active.

urls?: string

Query param: Includes scripts whose URL contain one or more URL-encoded URLs separated by commas.

ReturnsExpand Collapse
Script { id, added_at, first_seen_at, 18 more }
id: string

Identifier

maxLength32
added_at: string
formatdate-time
first_seen_at: string
formatdate-time
host: string
last_seen_at: string
formatdate-time
url: string
url_contains_cdn_cgi_path: boolean
cryptomining_score?: number | null

The cryptomining score of the JavaScript content.

maximum99
minimum1
Deprecateddataflow_score?: number | null

The dataflow score of the JavaScript content. This field has been deprecated in favour of js_integrity_score.

maximum99
minimum1
domain_reported_malicious?: boolean
fetched_at?: string | null

The timestamp of when the script was last fetched.

first_page_url?: string
hash?: string | null

The computed hash of the analyzed script.

maxLength64
minLength64
js_integrity_score?: number | null

The integrity score of the JavaScript content.

maximum99
minimum1
magecart_score?: number | null

The magecart score of the JavaScript content.

maximum99
minimum1
malicious_domain_categories?: Array<string>
malicious_url_categories?: Array<string>
malware_score?: number | null

The malware score of the JavaScript content.

maximum99
minimum1
Deprecatedobfuscation_score?: number | null

The obfuscation score of the JavaScript content. This field has been deprecated in favour of js_integrity_score.

maximum99
minimum1
page_urls?: Array<string>
url_reported_malicious?: boolean

List Page Shield scripts

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted
  apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const script of client.pageShield.scripts.list({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  console.log(script.id);
}
{
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "added_at": "2021-08-18T10:51:10.09615Z",
      "first_seen_at": "2021-08-18T10:51:08Z",
      "host": "blog.cloudflare.com",
      "last_seen_at": "2021-09-02T09:57:54Z",
      "url": "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js",
      "url_contains_cdn_cgi_path": false,
      "cryptomining_score": 1,
      "dataflow_score": 1,
      "domain_reported_malicious": false,
      "fetched_at": "fetched_at",
      "first_page_url": "blog.cloudflare.com/page",
      "hash": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "js_integrity_score": 1,
      "magecart_score": 1,
      "malicious_domain_categories": [
        "Malware"
      ],
      "malicious_url_categories": [
        "Malware"
      ],
      "malware_score": 1,
      "obfuscation_score": 1,
      "page_urls": [
        "blog.cloudflare.com/page1",
        "blog.cloudflare.com/page2"
      ],
      "url_reported_malicious": false
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000,
    "total_pages": 100
  },
  "success": true,
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ]
}
Returns Examples
{
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "added_at": "2021-08-18T10:51:10.09615Z",
      "first_seen_at": "2021-08-18T10:51:08Z",
      "host": "blog.cloudflare.com",
      "last_seen_at": "2021-09-02T09:57:54Z",
      "url": "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js",
      "url_contains_cdn_cgi_path": false,
      "cryptomining_score": 1,
      "dataflow_score": 1,
      "domain_reported_malicious": false,
      "fetched_at": "fetched_at",
      "first_page_url": "blog.cloudflare.com/page",
      "hash": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "js_integrity_score": 1,
      "magecart_score": 1,
      "malicious_domain_categories": [
        "Malware"
      ],
      "malicious_url_categories": [
        "Malware"
      ],
      "malware_score": 1,
      "obfuscation_score": 1,
      "page_urls": [
        "blog.cloudflare.com/page1",
        "blog.cloudflare.com/page2"
      ],
      "url_reported_malicious": false
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000,
    "total_pages": 100
  },
  "success": true,
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ]
}