API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Page Shield

Get Page Shield settings

GET/zones/{zone_id}/page_shield

Update Page Shield settings

PUT/zones/{zone_id}/page_shield

ModelsExpand Collapse

Setting = object { enabled, updated_at, use_cloudflare_reporting_endpoint, use_connection_url_path }

enabled: boolean

When true, indicates that Page Shield is enabled.

updated_at: string

The timestamp of when Page Shield was last updated.

use_cloudflare_reporting_endpoint: boolean

When true, CSP reports will be sent to https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report

use_connection_url_path: boolean

When true, the paths associated with connections URLs will also be analyzed.

PageShieldUpdateResponse = object { enabled, updated_at, use_cloudflare_reporting_endpoint, use_connection_url_path }

enabled: boolean

When true, indicates that Page Shield is enabled.

updated_at: string

The timestamp of when Page Shield was last updated.

use_cloudflare_reporting_endpoint: boolean

When true, CSP reports will be sent to https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report

use_connection_url_path: boolean

When true, the paths associated with connections URLs will also be analyzed.

Page ShieldPolicies

List Page Shield policies

GET/zones/{zone_id}/page_shield/policies

Get a Page Shield policy

GET/zones/{zone_id}/page_shield/policies/{policy_id}

Create a Page Shield policy

POST/zones/{zone_id}/page_shield/policies

Update a Page Shield policy

PUT/zones/{zone_id}/page_shield/policies/{policy_id}

Delete a Page Shield policy

DELETE/zones/{zone_id}/page_shield/policies/{policy_id}

ModelsExpand Collapse

Policy = object { action, description, enabled, 2 more }

action: "allow" or "log" or "add_reporting_directives"

The action to take if the expression matches

One of the following:

"allow"

"log"

"add_reporting_directives"

description: string

A description for the policy

enabled: boolean

Whether the policy is enabled

expression: string

The expression which must match for the policy to be applied, using the Cloudflare Firewall rule expression syntax

value: string

The policy which will be applied

PolicyListResponse = object { id, action, description, 3 more }

id: string

Identifier

maxLength32

action: "allow" or "log" or "add_reporting_directives"

The action to take if the expression matches

One of the following:

"allow"

"log"

"add_reporting_directives"

description: string

A description for the policy

enabled: boolean

Whether the policy is enabled

expression: string

The expression which must match for the policy to be applied, using the Cloudflare Firewall rule expression syntax

value: string

The policy which will be applied

PolicyGetResponse = object { id, action, description, 3 more }

id: string

Identifier

maxLength32

action: "allow" or "log" or "add_reporting_directives"

The action to take if the expression matches

One of the following:

"allow"

"log"

"add_reporting_directives"

description: string

A description for the policy

enabled: boolean

Whether the policy is enabled

expression: string

The expression which must match for the policy to be applied, using the Cloudflare Firewall rule expression syntax

value: string

The policy which will be applied

PolicyCreateResponse = object { id, action, description, 3 more }

id: string

Identifier

maxLength32

action: "allow" or "log" or "add_reporting_directives"

The action to take if the expression matches

One of the following:

"allow"

"log"

"add_reporting_directives"

description: string

A description for the policy

enabled: boolean

Whether the policy is enabled

expression: string

The expression which must match for the policy to be applied, using the Cloudflare Firewall rule expression syntax

value: string

The policy which will be applied

PolicyUpdateResponse = object { id, action, description, 3 more }

id: string

Identifier

maxLength32

action: "allow" or "log" or "add_reporting_directives"

The action to take if the expression matches

One of the following:

"allow"

"log"

"add_reporting_directives"

description: string

A description for the policy

enabled: boolean

Whether the policy is enabled

expression: string

The expression which must match for the policy to be applied, using the Cloudflare Firewall rule expression syntax

value: string

The policy which will be applied

Page ShieldConnections

List Page Shield connections

GET/zones/{zone_id}/page_shield/connections

Get a Page Shield connection

GET/zones/{zone_id}/page_shield/connections/{connection_id}

ModelsExpand Collapse

Connection = object { id, added_at, first_seen_at, 10 more }

id: string

Identifier

maxLength32

added_at: string

formatdate-time

first_seen_at: string

formatdate-time

host: string

last_seen_at: string

formatdate-time

url: string

url_contains_cdn_cgi_path: boolean

domain_reported_malicious: optional boolean

first_page_url: optional string

malicious_domain_categories: optional array of string

malicious_url_categories: optional array of string

page_urls: optional array of string

url_reported_malicious: optional boolean

Page ShieldScripts

List Page Shield scripts

GET/zones/{zone_id}/page_shield/scripts

Get a Page Shield script

GET/zones/{zone_id}/page_shield/scripts/{script_id}

ModelsExpand Collapse

Script = object { id, added_at, first_seen_at, 18 more }

id: string

Identifier

maxLength32

added_at: string

formatdate-time

first_seen_at: string

formatdate-time

host: string

last_seen_at: string

formatdate-time

url: string

url_contains_cdn_cgi_path: boolean

cryptomining_score: optional number

The cryptomining score of the JavaScript content.

maximum99

minimum1

Deprecateddataflow_score: optional number

The dataflow score of the JavaScript content. This field has been deprecated in favour of js_integrity_score.

maximum99

minimum1

domain_reported_malicious: optional boolean

fetched_at: optional string

The timestamp of when the script was last fetched.

first_page_url: optional string

hash: optional string

The computed hash of the analyzed script.

maxLength64

minLength64

js_integrity_score: optional number

The integrity score of the JavaScript content.

maximum99

minimum1

magecart_score: optional number

The magecart score of the JavaScript content.

maximum99

minimum1

malicious_domain_categories: optional array of string

malicious_url_categories: optional array of string

malware_score: optional number

The malware score of the JavaScript content.

maximum99

minimum1

Deprecatedobfuscation_score: optional number

The obfuscation score of the JavaScript content. This field has been deprecated in favour of js_integrity_score.

maximum99

minimum1

page_urls: optional array of string

url_reported_malicious: optional boolean

ScriptGetResponse = object { id, added_at, first_seen_at, 19 more }

id: string

Identifier

maxLength32

added_at: string

formatdate-time

first_seen_at: string

formatdate-time

host: string

last_seen_at: string

formatdate-time

url: string

url_contains_cdn_cgi_path: boolean

cryptomining_score: optional number

The cryptomining score of the JavaScript content.

maximum99

minimum1

Deprecateddataflow_score: optional number

The dataflow score of the JavaScript content. This field has been deprecated in favour of js_integrity_score.

maximum99

minimum1

domain_reported_malicious: optional boolean

fetched_at: optional string

The timestamp of when the script was last fetched.

first_page_url: optional string

hash: optional string

The computed hash of the analyzed script.

maxLength64

minLength64

js_integrity_score: optional number

The integrity score of the JavaScript content.

maximum99

minimum1

magecart_score: optional number

The magecart score of the JavaScript content.

maximum99

minimum1

malicious_domain_categories: optional array of string

malicious_url_categories: optional array of string

malware_score: optional number

The malware score of the JavaScript content.

maximum99

minimum1

Deprecatedobfuscation_score: optional number

The obfuscation score of the JavaScript content. This field has been deprecated in favour of js_integrity_score.

maximum99

minimum1

page_urls: optional array of string

url_reported_malicious: optional boolean

versions: optional array of object { cryptomining_score, dataflow_score, fetched_at, 5 more }

cryptomining_score: optional number

The cryptomining score of the JavaScript content.

maximum99

minimum1

Deprecateddataflow_score: optional number

The dataflow score of the JavaScript content. This field has been deprecated in favour of js_integrity_score.

maximum99

minimum1

fetched_at: optional string

The timestamp of when the script was last fetched.

hash: optional string

The computed hash of the analyzed script.

maxLength64

minLength64

js_integrity_score: optional number

The integrity score of the JavaScript content.

maximum99

minimum1

magecart_score: optional number

The magecart score of the JavaScript content.

maximum99

minimum1

malware_score: optional number

The malware score of the JavaScript content.

maximum99

minimum1

Deprecatedobfuscation_score: optional number

The obfuscation score of the JavaScript content. This field has been deprecated in favour of js_integrity_score.

maximum99

minimum1

Page ShieldCookies

List Page Shield Cookies

GET/zones/{zone_id}/page_shield/cookies

Get a Page Shield cookie

GET/zones/{zone_id}/page_shield/cookies/{cookie_id}

ModelsExpand Collapse

CookieListResponse = object { id, first_seen_at, host, 11 more }

id: string

Identifier

maxLength32

first_seen_at: string

formatdate-time

host: string

last_seen_at: string

formatdate-time

name: string

type: "first_party" or "unknown"

One of the following:

"first_party"

"unknown"

domain_attribute: optional string

expires_attribute: optional string

formatdate-time

http_only_attribute: optional boolean

max_age_attribute: optional number

page_urls: optional array of string

path_attribute: optional string

same_site_attribute: optional "lax" or "strict" or "none"

One of the following:

"lax"

"strict"

"none"

secure_attribute: optional boolean

CookieGetResponse = object { id, first_seen_at, host, 11 more }

id: string

Identifier

maxLength32

first_seen_at: string

formatdate-time

host: string

last_seen_at: string

formatdate-time

name: string

type: "first_party" or "unknown"

One of the following:

"first_party"

"unknown"

domain_attribute: optional string

expires_attribute: optional string

formatdate-time

http_only_attribute: optional boolean

max_age_attribute: optional number

page_urls: optional array of string

path_attribute: optional string

same_site_attribute: optional "lax" or "strict" or "none"

One of the following:

"lax"

"strict"

"none"

secure_attribute: optional boolean