Cloudflare Docs
Page Shield
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)


Policies define the resources allowed on your applications through Content Security Policy (CSP) directives. Policies can log violations and also enforce an allowlist of resources, effectively blocking resources not included in the policies.

Create allow policies to define a positive security model, also known as positive blocking. According to this model, you define what is allowed and reject everything else. Such an approach helps you reduce the attack surface for unwanted third-party scripts in your application.

A policy can control both resources monitored by Page Shield, such as scripts and their connections, and other types of resources. Refer to Supported CSP directives for details.

​​ Policy actions

A policy can perform one of the following actions:

  • Log: Page Shield will log any resources not covered by the policy, without blocking any resources. Use this action to validate a new policy before deploying it. Resources not covered by the policy will be reported as policy violations.
  • Allow: Page Shield will block any resources not explicitly allowed by the policy. Switch to the Allow action after validating a new policy with the Log action, so that your policy does not block essential application resources, which would affect your application’s end users. Policies with the Allow action will log policy violations for any blocked resources.

For details on the CSP directives Page Shield creates for each type of policy action, refer to How Page Shield works. For more information on the CSP directives supported by Page Shield policies, refer to Supported CSP directives.

​​ Next steps

Refer to the following pages for instructions on creating a policy in Page Shield: