Scan HTTP traffic with DLP
You can scan HTTP traffic for sensitive data through Secure Web Gateway policies. To perform DLP filtering, first configure a DLP profile with the data patterns you want to detect, and then build a Gateway HTTP policy to allow or block the sensitive data from leaving your organization. Gateway will parse and scan your HTTP traffic for strings matching the keywords or regular expressions (regexes) specified in the DLP profile.
1. Configure a DLP profile
2. Create a DLP policy
Select Add a policy.
Selector Operator Value Logic Action DLP Profiles in
U.S. Social Security Numbers
And Block Application not in
Select Create policy.
DLP scanning is now enabled.
3. Test DLP policy
You can test your DLP policy on any device connected to your Zero Trust organization. To perform a basic test:
- Go to .
- Enter a text message or upload a file containing the sensitive data.
- Select Submit to send the request.
Different sites will send requests in different ways. For example, some sites will split a file upload into multiple requests. Therefore, even if the policy works on
dlptest.com, it is not guaranteed to work the same way on another site or application.
4. View DLP logs
- In , go to Logs > Gateway > HTTP.
- Select Filter.
- Choose an item under one of the following filters:
- DLP Profiles shows the requests which matched a specific DLP profile.
- Policy shows the requests which matched a specific DLP policy.
Report false positives
- Select the log you want to report.
- Select Report DLP false positive under DLP details.
- The information to be sent to Cloudflare will appear. To confirm your report, select Send report.