Policy violations
Shortly after you configure policies (or content security rules), the Cloudflare dashboard will start displaying any violations of those policies. This information will be available for policies with any action (Allow and Log).
Information about policy violations is also available via GraphQL API and Logpush.
To view policy violation information:
- Old dashboard: Go to Security > Page Shield > Policies.
- New dashboard: Go to Security > Security rules, and filter by Content security rules.
The displayed information includes the following:
- A sparkline next to the policy/rule name, showing violations in the past seven days.
- For policies with associated violations, an expandable details section for each policy, with the top resources present in violation events and a sparkline per top resource.
Use the Cloudflare GraphQL API to obtain policy violation information through the following dataset:
pageShieldReportsAdaptiveGroups
You can query the dataset for policy violations occurred in the past 30 days.
Use introspection to explore the available fields the GraphQL schema. For more information, refer to Explore the GraphQL schema.
For an introduction to GraphQL querying, refer to Querying basics.
query PageShieldReports( $zoneTag: string $datetimeStart: Time $datetimeEnd: Time) { viewer { zones(filter: { zoneTag: $zoneTag }) { pageShieldReportsAdaptiveGroups( limit: 100 orderBy: [datetime_ASC] filter: { datetime_geq: $datetimeStart, datetime_leq: $datetimeEnd } ) { avg { sampleInterval } count dimensions { policyID datetime datetimeMinute datetimeFiveMinutes datetimeFifteenMinutes datetimeHalfOfHour datetimeHour url urlHost host resourceType pageURL action } } } }}
Example curl request
echo '{ "query": "query PageShieldReports($zoneTag: string, $datetimeStart: string, $datetimeEnd: string) { viewer { zones(filter: {zoneTag: $zoneTag}) { pageShieldReportsAdaptiveGroups(limit: 100, orderBy: [datetime_ASC], filter: {datetime_geq:$datetimeStart, datetime_leq:$datetimeEnd}) { avg { sampleInterval } count dimensions { policyID datetime datetimeMinute datetimeFiveMinutes datetimeFifteenMinutes datetimeHalfOfHour datetimeHour url urlHost host resourceType pageURL action } } } } }", "variables": { "zoneTag": "<CLOUDFLARE_ZONE_ID>", "datetimeStart": "2023-04-17T11:00:00Z", "datetimeEnd": "2023-04-24T12:00:00Z" }}' | tr -d '\n' | curl --silent \https://api.cloudflare.com/client/v4/graphql \--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \--header "Content-Type: application/json" \--data @-
Cloudflare Logpush supports pushing logs to storage services, SIEM systems, and log management providers.
Information about policy violations is available in the page_shield_events
dataset.
For more information on configuring Logpush jobs, refer to Logs: Get started.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-