Skip to content

Get started

Activate Page Shield

To enable Page Shield:

  1. Log in to the Cloudflare dashboard, and select your account and domain.
  2. Go to Security > Page Shield.
  3. Select Enable Page Shield.

If you do not have access to Page Shield in the Cloudflare dashboard, check if your user has one of the necessary roles.

Review detected scripts

When you enable Page Shield, it may take a while to get the list of detected scripts in your domain.

Review the scripts displayed in the Monitors dashboard, checking them for signs of malicious activity.

Depending on your plan, you may be able to also review the connections made by scripts in your domain's pages and check them for malicious activity.

Configure alerts

Once you have activated Page Shield, you can set up multiple alerts for your domain.

Cloudflare sends alerts at regular intervals, so you might experience a delay between adding a new script and receiving an alert.

To set up alerts:

  1. Go to Security > Page Shield.
  2. In the Settings tab, select Manage alerts.
  3. Select an alert type.
  4. Enter the notification name and description.
  5. (Optional) If you are an Enterprise customer with a paid add-on, you can define the zones for which you want to filter alerts based on the configured policies in Policies of these zones.
  6. Select one or more notification destinations (notification email, webhooks, and connected notification services).
  7. Select Create.

To edit, delete, or disable an alert, go to your account notifications.

Define policies

Policies define allowed resources on your websites. Create policies to implement a positive security model 1.

  1. Create a policy with the Log action.

  2. After some time, review the list of policy violations to make sure the policy is correct. Update the policy if needed.

  3. Change the policy action to Allow to start blocking resources not covered by the policy.

Footnotes

  1. A positive security model is one that defines what is allowed and rejects everything else. In contrast, a negative security model defines what will be rejected and accepts the rest.