Cloudflare API | Page Shield › Scripts › List Page Shield Scripts

When true, excludes duplicate scripts. We consider a script duplicate of another if their javascript content matches and they share the same url host and zone hostname. In such case, we return the most recent script for the URL host and zone hostname combination.

exclude_urls: string

Optional

Excludes scripts whose URL contains one of the URL-encoded URLs separated by commas.

export:

Optional

Export the list of scripts as a file.

"csv"

hosts: string

Optional

Includes scripts that match one or more URL-encoded hostnames separated by commas.

Wildcards are supported at the start and end of each hostname to support starts with, ends with and contains. If no wildcards are used, results will be filtered by exact match

order_by:

Optional

The field used to sort returned scripts.

"first_seen_at"

"last_seen_at"

page: string

Optional

The current page number of the paginated results.

We additionally support a special value "all". When "all" is used, the API will return all the scripts with the applied filters in a single page. This feature is best-effort and it may only work for zones with a low number of scripts

page_url: string

Optional

Includes scripts that match one or more page URLs (separated by commas) where they were last seen

Wildcards are supported at the start and end of each page URL to support starts with, ends with and contains. If no wildcards are used, results will be filtered by exact match

per_page: number

Optional

(maximum: 100, minimum: 1)

The number of results per page.

prioritize_malicious: boolean

Optional

When true, malicious scripts appear first in the returned scripts.

status: string

Optional

Filters the returned scripts using a comma-separated list of scripts statuses. Accepted values: active, infrequent, and inactive. The default value is active.

urls: string

Optional

Includes scripts whose URL contain one or more URL-encoded URLs separated by commas.

Response fields

result: Array<

Script

result_info: { count, page, per_page, 2 more... }

success: true

Whether the API call was successful

errors: Array<

ResponseInfo

Optional

messages: Array<

ResponseInfo

Optional

Request example

curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/page_shield/scripts \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY"

200Example

{
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "added_at": "2021-08-18T10:51:10.09615Z",
      "first_seen_at": "2021-08-18T10:51:08Z",
      "host": "blog.cloudflare.com",
      "last_seen_at": "2021-09-02T09:57:54Z",
      "url": "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js",
      "url_contains_cdn_cgi_path": false,
      "cryptomining_score": 1,
      "dataflow_score": 1,
      "domain_reported_malicious": false,
      "fetched_at": "fetched_at",
      "first_page_url": "blog.cloudflare.com/page",
      "hash": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "js_integrity_score": 1,
      "magecart_score": 1,
      "malicious_domain_categories": [
        "Malware"
      ],
      "malicious_url_categories": [
        "Malware"
      ],
      "malware_score": 1,
      "obfuscation_score": 1,
      "page_urls": [
        "blog.cloudflare.com/page1",
        "blog.cloudflare.com/page2"
      ],
      "url_reported_malicious": false
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000,
    "total_pages": 100
  },
  "success": true,
  "errors": [
    {
      "code": 1000,
      "message": "message"
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message"
    }
  ]
}

Domain types

Script = { id, added_at, first_seen_at, 18 more... }