Cloudflare Docs
Page Shield
Visit Page Shield on GitHub
Set theme to dark (⇧+D)

Configure the CSP reporting endpoint

When enabled, Page Shield uses a Content Security Policy (CSP) report-only HTTP header to gather information about all the scripts running on your application.

By default, reports are sent to a Cloudflare-owned endpoint:<QUERY_STRING>

You can change the reporting endpoint so that the CSP reports are sent to the same hostname:


​​ Prerequisites for using the same hostname for CSP reports

Using the same hostname for CSP reporting may interfere with other Cloudflare products. Before selecting this option, ensure that your Cloudflare configuration complies with the following:

  • No rate limiting rules match the cdn-cgi/* URL path
  • No firewall rules match the cdn-cgi/* URL path

​​ How to

To configure the CSP reporting endpoint:

  1. Log in to the Cloudflare dashboard, and select your account and domain.
  2. Go to Security > Page Shield.
  3. In Active Scripts, click Configure Reporting Endpoint.
  4. Select Cloudflare-owned endpoint or Same hostname.
  5. Click Apply.