CSAM Scanning Tool
The Child Sexual Abuse Material (CSAM) Scanning Tool allows website owners to proactively identify and take action on CSAM located on their website. By enabling this tool, Cloudflare will compare content served for your website through the Cloudflare cache to known lists of CSAM. These lists are provided to Cloudflare by leading child safety advocacy groups such as the National Center for Missing and Exploited Children (NCMEC).
Remember, by enabling the Service, you agree to the Service-Specific Terms ↗ for the CSAM Scanning Tool. You agree to use this tool solely for the purposes of preventing the spread of CSAM.
Because knowingly distributing or viewing CSAM is illegal, the owner of the website has enabled Cloudflare's CSAM scanning tool to proactively identify and block images identified as CSAM located on their website.
To enable the tool:
- Log into the Cloudflare dashboard ↗.
- Select your account and zone.
- Go to Caching > Configuration.
- For CSAM Scanning Tool, select Configure.
You must provide an email address, which will be used to notify you in the event Cloudflare detects a positive match.
When a potential match is detected with the tool:
- An email is sent to you once per day to inform you of any detections made in the past 24 hours. This email will include the file paths of any content that was matched.
- If possible, a block is placed to prevent further serving of the matched content. If a block fails, we will indicate that the content has not been blocked in the email.
You are responsible for understanding and complying with any legal obligations you have as a website owner when made aware of any potential CSAM. Although legal obligations vary based on the provider and the jurisdiction, website owners often have obligations to report apparent CSAM, to remove content, and to preserve records. Some of those possible obligations are as follows:
- You likely have an obligation to report apparent CSAM to the appropriate authorities. You can file a report to NCMEC with additional information via NCMEC's CyberTip reporting form or find the preferred reporting portal for your jurisdiction via the INHOPE website.
- You may need to preserve and securely store a copy of the content and related data in the case NCMEC or law enforcement reach out for additional details.
- You likely have an obligation to securely preserve certain information related to your report for at least 90 days in the case of an investigation. To ensure that access to the content is limited, take care not to store this information anywhere accessible to anyone but those within your organization responsible for legal requests.
- You should remove the content and notify Cloudflare of the removal.
- Once any preservation obligations have been fulfilled, you should remove the content from your website. This is especially important if Cloudflare's notice to you indicates that our block was unsuccessful.
To disable a block, either because you have determined that the blocked content is not CSAM (a false positive) or because you have taken down the blocked content, view Blocked Content in the Security Center in the Cloudflare Dashboard and request reviews on the relevant blocks. A request to remove a block must be accompanied by a representation from you confirming that the blocked content is not CSAM or has been removed.
These actions are available to users with the following roles:
- Admin
- Super Admin
- Trust & Safety
CSAM Scanning Tool Supplemental Terms ↗
National Center for Missing and Exploited Children (NCMEC) ↗