From 518cbb8dd1c188c134143043fe3900acc4f47078 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Wed, 18 Sep 2024 14:59:24 +0100
Subject: [PATCH] [Page Shield] Update availability (#16913)
---
.../detection/monitor-connections-scripts.mdx | 67 ++-
src/content/docs/page-shield/index.mdx | 59 ++-
.../page-shield/reference/page-shield-api.mdx | 479 +++++++++---------
.../docs/page-shield/troubleshooting.mdx | 7 +-
src/content/plans/index.json | 8 +-
5 files changed, 314 insertions(+), 306 deletions(-)
diff --git a/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx b/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx
index c1f92087a553be..408fdbb20219df 100644
--- a/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx
+++ b/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx
@@ -6,7 +6,6 @@ sidebar:
head:
- tag: title
content: Monitor resources and cookies
-
---
Once you [activate Page Shield](/page-shield/get-started/), the **Monitors** dashboard will show which resources (scripts and connections) are running on your domain, as well as the cookies recently detected in HTTP traffic.
@@ -15,7 +14,9 @@ If you notice unexpected scripts or connections on the dashboard, check them for
:::note
-If you recently activated Page Shield, you may see a delay in reporting.
+- Users in Free and Pro plans only have access to the script monitor.
+- If you recently activated Page Shield, you may see a delay in reporting.
+
:::
## Use the Monitors dashboard
@@ -28,13 +29,13 @@ To review the resources and cookies detected by Page Shield:
3. Under **Monitors**, review the list of scripts, connections, and cookies for your domain. To apply a filter, select **Add filter** and use one or more of the available options:
- * **Script**: Filter scripts by their URL.
- * **Connection**: Filter connections by their target URL. Depending on your [configuration](/page-shield/reference/settings/#connection-target-details), it may search only by target hostname.
- * **Host**: Look for scripts appearing on specific hostnames, or connections made in a specific hostname.
- * **Page** (requires a Business or Enterprise plan): Look for scripts appearing in a specific page, or for connections made in a specific page. Searches the first page where the script was loaded (or where the connection was made) and the latest occurrences list.
- * **Status**: Filter scripts or connections by [status](/page-shield/reference/script-statuses/).
- * **Type**: Filter cookies according to their type: first-party cookies or unknown.
- * Cookie property: Filter by a cookie property such as **Name**, **Domain**, **Path**, **Same site**, **HTTP only**, and **Secure**.
+ - **Script**: Filter scripts by their URL.
+ - **Connection**: Filter connections by their target URL. Depending on your [configuration](/page-shield/reference/settings/#connection-target-details), it may search only by target hostname.
+ - **Host**: Look for scripts appearing on specific hostnames, or connections made in a specific hostname.
+ - **Page** (requires a Business or Enterprise plan): Look for scripts appearing in a specific page, or for connections made in a specific page. Searches the first page where the script was loaded (or where the connection was made) and the latest occurrences list.
+ - **Status**: Filter scripts or connections by [status](/page-shield/reference/script-statuses/).
+ - **Type**: Filter cookies according to their type: first-party cookies or unknown.
+ - Cookie property: Filter by a cookie property such as **Name**, **Domain**, **Path**, **Same site**, **HTTP only**, and **Secure**.
4. Depending on your plan, you may be able to [view the details of each item](#view-details).
@@ -53,54 +54,52 @@ You can filter the data in these dashboards using different criteria, and print
## View details
:::note
-
-Only available to customers on Business and Enterprise plans.
+Only available to customers on Business and Enterprise plans.
:::
To view the details of an item, select **Details** next to the item.
The details of each connection or script include:
-* **Last seen**: How long ago the resource was last detected (in the last 30 days).
-* **First seen at**: The date and time when the resource was first detected.
-* **Page URLs**: The most recent pages where the resource was detected (up to ten pages).
-* **First page URL**: The page where the resource was first detected.
-* **Host**: The host where the script is being loaded or the connection is being made.
+- **Last seen**: How long ago the resource was last detected (in the last 30 days).
+- **First seen at**: The date and time when the resource was first detected.
+- **Page URLs**: The most recent pages where the resource was detected (up to ten pages).
+- **First page URL**: The page where the resource was first detected.
+- **Host**: The host where the script is being loaded or the connection is being made.
The details of each cookie include:
-* **Type**: A cookie can have the following types:
+- **Type**: A cookie can have the following types:
- * **First-party**: Cookies set by the origin server through a `set-cookie` HTTP response header.
- * **Unknown**: All other detected cookies.
+ - **First-party**: Cookies set by the origin server through a `set-cookie` HTTP response header.
+ - **Unknown**: All other detected cookies.
-* **Domain**: The value of the `Domain` cookie attribute. When not set or unknown, this value is derived from the host.
+- **Domain**: The value of the `Domain` cookie attribute. When not set or unknown, this value is derived from the host.
-* **Path**: The value of the `Path` cookie attribute. When not set or unknown, this value is derived from the most recent page where the cookie was detected.
+- **Path**: The value of the `Path` cookie attribute. When not set or unknown, this value is derived from the most recent page where the cookie was detected.
-* **Last seen**: How long ago the resource was last detected (in the last 30 days).
+- **Last seen**: How long ago the resource was last detected (in the last 30 days).
-* **First seen at**: The date and time when the cookie was first detected.
+- **First seen at**: The date and time when the cookie was first detected.
-* **Seen on host**: The host where the cookie was first detected.
+- **Seen on host**: The host where the cookie was first detected.
-* **Seen on pages**: The most recent pages where the cookie was detected (up to ten pages).
+- **Seen on pages**: The most recent pages where the cookie was detected (up to ten pages).
-* Additional cookie attributes (only available to Enterprise customers with a paid add-on):
- * **Max age**: The value of the `Max-Age` cookie attribute.
- * **Expires**: The value of the `Expires` cookie attribute.
- * **Lifetime**: The approximate cookie lifetime, based on the `Max-Age` and `Expires` cookie attributes.
- * **HTTP only**: The value of the `HttpOnly` cookie attribute.
- * **Secure**: The value of the `Secure` cookie attribute.
- * **Same site**: The value of the `SameSite` cookie attribute.
+- Additional cookie attributes (only available to Enterprise customers with a paid add-on):
+ - **Max age**: The value of the `Max-Age` cookie attribute.
+ - **Expires**: The value of the `Expires` cookie attribute.
+ - **Lifetime**: The approximate cookie lifetime, based on the `Max-Age` and `Expires` cookie attributes.
+ - **HTTP only**: The value of the `HttpOnly` cookie attribute.
+ - **Secure**: The value of the `Secure` cookie attribute.
+ - **Same site**: The value of the `SameSite` cookie attribute.
Except for **Domain** and **Path**, [standard cookie attributes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies) are only available for first-party cookies, where Cloudflare detected the `set-cookie` HTTP response header in HTTP traffic.
## Export data
:::note
-
-Only available to Enterprise customers with a paid add-on.
+Only available to Enterprise customers with a paid add-on.
:::
Use this feature to extract data from Page Shield that you can review and annotate. The data in the exported file will honor any filters you configure in the dashboard.
diff --git a/src/content/docs/page-shield/index.mdx b/src/content/docs/page-shield/index.mdx
index 300ce1fa64e892..d7fa1b7f7cec20 100644
--- a/src/content/docs/page-shield/index.mdx
+++ b/src/content/docs/page-shield/index.mdx
@@ -9,48 +9,75 @@ head:
description: Page Shield is a comprehensive client-side security and privacy
solution that allows you to ensure the safety of your website visitors'
browsing environment.
-
---
-import { Description, Feature, FeatureTable, Plan } from "~/components"
+import { Description, Feature, FeatureTable, Plan } from "~/components";
-Ensures the safety and privacy of your website visitors' browsing environment.
+Ensures the safety and privacy of your website visitors' browsing environment.
+
-
+
Page Shield helps manage resources loaded by your website visitors — including scripts, their connections, and cookies — and triggers alert notifications when resources change or are considered malicious.
Learn how to [get started](/page-shield/get-started/).
-***
+---
## Features
-
-Displays information about loaded scripts in your domain's pages and the connections they make.
+
+ Displays information about loaded scripts in your domain's pages and the
+ connections they make.
-
-Find in which page a resource first appeared, and view a list of the latest occurrences of the resource in your pages.
+
+ Find in which page a resource first appeared, and view a list of the latest
+ occurrences of the resource in your pages.
-
-Detects malicious scripts in your pages using threat intelligence and machine learning.
+
+ Detects malicious scripts in your pages using threat intelligence and machine
+ learning.
-
-Detects any changes in the scripts loaded in your pages.
+
+ Detects any changes in the scripts loaded in your pages.
-
-Receive notifications about newly detected scripts, scripts loaded from unknown domains, new scripts considered malicious, or code changes in your existing scripts.
+
+ Receive notifications about newly detected scripts, scripts loaded from
+ unknown domains, new scripts considered malicious, or code changes in your
+ existing scripts.
-Policies define allowed resources on your websites. Use policies to enforce an allowlist of resources, effectively blocking resources not included in your policies.
+ Policies define allowed resources on your websites. Use policies to enforce an
+ allowlist of resources, effectively blocking resources not included in your
+ policies.
## Availability
diff --git a/src/content/docs/page-shield/reference/page-shield-api.mdx b/src/content/docs/page-shield/reference/page-shield-api.mdx
index 443ff9cced9002..68a82bbd797f00 100644
--- a/src/content/docs/page-shield/reference/page-shield-api.mdx
+++ b/src/content/docs/page-shield/reference/page-shield-api.mdx
@@ -3,10 +3,9 @@ pcx_content_type: reference
title: Page Shield API
sidebar:
order: 6
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
You can enable and disable Page Shield, configure its settings, and fetch information about detected scripts and connections using the [Page Shield API](/api/operations/page-shield-get-settings).
@@ -14,7 +13,7 @@ To authenticate API requests you need an [API token](/fundamentals/api/get-start
:::note
-Refer to [API deprecations](/fundamentals/api/reference/deprecations/#page-shield) for details on Page Shield API changes.
+Refer to [API deprecations](/fundamentals/api/reference/deprecations/) for details on Page Shield API changes.
:::
## Endpoints
@@ -50,36 +49,24 @@ The following table summarizes the available operations:
| [Delete a Page Shield policy][13] | `DELETE zones/{zone_id}/page_shield/policies/{policy_id}` | Deletes an existing CSP policy. |
[1]: /api/operations/page-shield-get-settings
-
[2]: /api/operations/page-shield-update-settings
-
[3]: /api/operations/page-shield-list-scripts
-
[4]: /api/operations/page-shield-get-script
-
[5]: /api/operations/page-shield-list-connections
-
[6]: /api/operations/page-shield-get-connection
-
[7]: /api/operations/page-shield-list-cookies
-
[8]: /api/operations/page-shield-get-cookie
-
[9]: /api/operations/page-shield-list-policies
-
[10]: /api/operations/page-shield-get-policy
-
[11]: /api/operations/page-shield-create-policy
-
[12]: /api/operations/page-shield-update-policy
-
[13]: /api/operations/page-shield-delete-policy
## API notes
-* The malicious script classification (`Malicious` or `Not malicious`) is not directly available in the API. To determine this classification, compare the script's `js_integrity_score` value with the classification threshold, which is currently set to 50. Scripts with a score value lower than the threshold are considered malicious.
+- The malicious script classification (`Malicious` or `Not malicious`) is not directly available in the API. To determine this classification, compare the script's `js_integrity_score` value with the classification threshold, which is currently set to 50. Scripts with a score value lower than the threshold are considered malicious.
-* The API provides two separate properties for malicious script/connection categories: `malicious_domain_categories` and `malicious_url_categories`, related to the `domain_reported_malicious` and `url_reported_malicious` properties, respectively. The Cloudflare dashboard displays all the categories in a single **Malicious category** field. For more information, refer to [Malicious script and connection categories](/page-shield/how-it-works/malicious-script-detection/#malicious-script-and-connection-categories).
+- The API provides two separate properties for malicious script/connection categories: `malicious_domain_categories` and `malicious_url_categories`, related to the `domain_reported_malicious` and `url_reported_malicious` properties, respectively. The Cloudflare dashboard displays all the categories in a single **Malicious category** field. For more information, refer to [Malicious script and connection categories](/page-shield/how-it-works/malicious-script-detection/#malicious-script-and-connection-categories).
## Common API calls
@@ -94,15 +81,15 @@ curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/page_shield" \
```json title="Response"
{
- "result": {
- "enabled": true,
- "updated_at": "2023-05-14T11:47:55.677555Z",
- "use_cloudflare_reporting_endpoint": true,
- "use_connection_url_path": false
- },
- "success": true,
- "errors": [],
- "messages": []
+ "result": {
+ "enabled": true,
+ "updated_at": "2023-05-14T11:47:55.677555Z",
+ "use_cloudflare_reporting_endpoint": true,
+ "use_connection_url_path": false
+ },
+ "success": true,
+ "errors": [],
+ "messages": []
}
```
@@ -120,13 +107,13 @@ curl --request PUT \
```json title="Response"
{
- "result": {
- "enabled": true,
- "updated_at": "2023-05-14T11:50:41.756996Z"
- },
- "success": true,
- "errors": [],
- "messages": []
+ "result": {
+ "enabled": true,
+ "updated_at": "2023-05-14T11:50:41.756996Z"
+ },
+ "success": true,
+ "errors": [],
+ "messages": []
}
```
@@ -143,38 +130,38 @@ curl "https://api.cloudflare.com/api/v4/zones/{zone_id}/page_shield/scripts?host
```json title="Response"
{
- "result": [
- {
- "id": "8337233faec2357ff84465a919534e4d",
- "url": "https://malicious.example.com/badscript.js",
- "added_at": "2023-05-18T10:51:10.09615Z",
- "first_seen_at": "2023-05-18T10:51:08Z",
- "last_seen_at": "2023-05-22T09:57:54Z",
- "host": "example.net",
- "domain_reported_malicious": false,
- "url_reported_malicious": true,
- "malicious_url_categories": ["Malware"],
- "first_page_url": "http://malicious.example.com/page_one.html",
- "status": "active",
- "url_contains_cdn_cgi_path": false,
- "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
- "js_integrity_score": 10,
- "obfuscation_score": 10,
- "dataflow_score": 8,
- "fetched_at": "2023-05-21T16:58:07Z"
- },
- // (...)
- ],
- "success": true,
- "errors": [],
- "messages": [],
- "result_info": {
- "page": 1,
- "per_page": 15,
- "count": 15,
- "total_count": 24,
- "total_pages": 2
- }
+ "result": [
+ {
+ "id": "8337233faec2357ff84465a919534e4d",
+ "url": "https://malicious.example.com/badscript.js",
+ "added_at": "2023-05-18T10:51:10.09615Z",
+ "first_seen_at": "2023-05-18T10:51:08Z",
+ "last_seen_at": "2023-05-22T09:57:54Z",
+ "host": "example.net",
+ "domain_reported_malicious": false,
+ "url_reported_malicious": true,
+ "malicious_url_categories": ["Malware"],
+ "first_page_url": "http://malicious.example.com/page_one.html",
+ "status": "active",
+ "url_contains_cdn_cgi_path": false,
+ "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+ "js_integrity_score": 10,
+ "obfuscation_score": 10,
+ "dataflow_score": 8,
+ "fetched_at": "2023-05-21T16:58:07Z"
+ }
+ // (...)
+ ],
+ "success": true,
+ "errors": [],
+ "messages": [],
+ "result_info": {
+ "page": 1,
+ "per_page": 15,
+ "count": 15,
+ "total_count": 24,
+ "total_pages": 2
+ }
}
```
@@ -193,37 +180,37 @@ curl "https://api.cloudflare.com/api/v4/zones/{zone_id}/page_shield/scripts?stat
```json title="Response"
{
- "result": [
- {
- "id": "83c8da2267394ce8465b74c299658fea",
- "url": "https://scripts.example.com/anotherbadscript.js",
- "added_at": "2023-05-17T13:16:03.419619Z",
- "first_seen_at": "2023-05-17T13:15:23Z",
- "last_seen_at": "2023-05-18T09:05:20Z",
- "host": "example.net",
- "domain_reported_malicious": false,
- "url_reported_malicious": false,
- "first_page_url": "http://malicious.example.com/page_one.html",
- "status": "infrequent",
- "url_contains_cdn_cgi_path": false,
- "hash": "9245aad577e846dd9b990b1b32425a3fae4aad8b8a28441a8b80084b6bb75a45",
- "js_integrity_score": 48,
- "obfuscation_score": 49,
- "dataflow_score": 45,
- "fetched_at": "2023-05-18T03:58:07Z"
- },
- // (...)
- ],
- "success": true,
- "errors": [],
- "messages": [],
- "result_info": {
- "page": 1,
- "per_page": 15,
- "count": 15,
- "total_count": 17,
- "total_pages": 2
- }
+ "result": [
+ {
+ "id": "83c8da2267394ce8465b74c299658fea",
+ "url": "https://scripts.example.com/anotherbadscript.js",
+ "added_at": "2023-05-17T13:16:03.419619Z",
+ "first_seen_at": "2023-05-17T13:15:23Z",
+ "last_seen_at": "2023-05-18T09:05:20Z",
+ "host": "example.net",
+ "domain_reported_malicious": false,
+ "url_reported_malicious": false,
+ "first_page_url": "http://malicious.example.com/page_one.html",
+ "status": "infrequent",
+ "url_contains_cdn_cgi_path": false,
+ "hash": "9245aad577e846dd9b990b1b32425a3fae4aad8b8a28441a8b80084b6bb75a45",
+ "js_integrity_score": 48,
+ "obfuscation_score": 49,
+ "dataflow_score": 45,
+ "fetched_at": "2023-05-18T03:58:07Z"
+ }
+ // (...)
+ ],
+ "success": true,
+ "errors": [],
+ "messages": [],
+ "result_info": {
+ "page": 1,
+ "per_page": 15,
+ "count": 15,
+ "total_count": 17,
+ "total_pages": 2
+ }
}
```
@@ -242,40 +229,40 @@ curl "https://api.cloudflare.com/api/v4/zones/{zone_id}/page_shield/scripts/8337
```json title="Response"
{
- "result": {
- "id": "8337233faec2357ff84465a919534e4d",
- "url": "https://malicious.example.com/badscript.js",
- "added_at": "2023-05-18T10:51:10.09615Z",
- "first_seen_at": "2023-05-18T10:51:08Z",
- "last_seen_at": "2023-05-22T09:57:54Z",
- "host": "example.net",
- "domain_reported_malicious": false,
- "url_reported_malicious": true,
- "malicious_url_categories": ["Malware"],
- "first_page_url": "http://malicious.example.com/page_one.html",
- "status": "active",
- "url_contains_cdn_cgi_path": false,
- "hash": "9245aad577e846dd9b990b1b32425a3fae4aad8b8a28441a8b80084b6bb75a45",
- "js_integrity_score": 48,
- "obfuscation_score": 49,
- "dataflow_score": 45,
- "fetched_at": "2023-05-21T16:58:07Z",
- "page_urls": [
- "http://malicious.example.com/page_two.html",
- "http://malicious.example.com/page_three.html",
- "http://malicious.example.com/page_four.html"
- ],
- "versions": [
- {
- "hash": "9245aad577e846dd9b990b1b32425a3fae4aad8b8a28441a8b80084b6bb75a45",
- "js_integrity_score": 50,
- "fetched_at": "2023-05-21T16:58:07Z"
- }
- ]
- },
- "success": true,
- "errors": [],
- "messages": []
+ "result": {
+ "id": "8337233faec2357ff84465a919534e4d",
+ "url": "https://malicious.example.com/badscript.js",
+ "added_at": "2023-05-18T10:51:10.09615Z",
+ "first_seen_at": "2023-05-18T10:51:08Z",
+ "last_seen_at": "2023-05-22T09:57:54Z",
+ "host": "example.net",
+ "domain_reported_malicious": false,
+ "url_reported_malicious": true,
+ "malicious_url_categories": ["Malware"],
+ "first_page_url": "http://malicious.example.com/page_one.html",
+ "status": "active",
+ "url_contains_cdn_cgi_path": false,
+ "hash": "9245aad577e846dd9b990b1b32425a3fae4aad8b8a28441a8b80084b6bb75a45",
+ "js_integrity_score": 48,
+ "obfuscation_score": 49,
+ "dataflow_score": 45,
+ "fetched_at": "2023-05-21T16:58:07Z",
+ "page_urls": [
+ "http://malicious.example.com/page_two.html",
+ "http://malicious.example.com/page_three.html",
+ "http://malicious.example.com/page_four.html"
+ ],
+ "versions": [
+ {
+ "hash": "9245aad577e846dd9b990b1b32425a3fae4aad8b8a28441a8b80084b6bb75a45",
+ "js_integrity_score": 50,
+ "fetched_at": "2023-05-21T16:58:07Z"
+ }
+ ]
+ },
+ "success": true,
+ "errors": [],
+ "messages": []
}
```
@@ -294,34 +281,34 @@ curl "https://api.cloudflare.com/api/v4/zones/{zone_id}/page_shield/connections?
```json title="Response"
{
- "result": [
- {
- "id": "0a7bb628776f4e50a50d8594c4a01740",
- "url": "https://malicious.example.com",
- "added_at": "2022-09-18T10:51:10.09615Z",
- "first_seen_at": "2022-09-18T10:51:08Z",
- "last_seen_at": "2022-09-02T09:57:54Z",
- "host": "example.net",
- "domain_reported_malicious": true,
- "malicious_domain_categories": ["Malware", "Spyware"],
- "url_reported_malicious": false,
- "malicious_url_categories": [],
- "first_page_url": "https://example.net/one.html",
- "status": "active",
- "url_contains_cdn_cgi_path": false
- },
- // (...)
- ],
- "success": true,
- "errors": [],
- "messages": [],
- "result_info": {
- "page": 1,
- "per_page": 15,
- "count": 15,
- "total_count": 16,
- "total_pages": 2
- }
+ "result": [
+ {
+ "id": "0a7bb628776f4e50a50d8594c4a01740",
+ "url": "https://malicious.example.com",
+ "added_at": "2022-09-18T10:51:10.09615Z",
+ "first_seen_at": "2022-09-18T10:51:08Z",
+ "last_seen_at": "2022-09-02T09:57:54Z",
+ "host": "example.net",
+ "domain_reported_malicious": true,
+ "malicious_domain_categories": ["Malware", "Spyware"],
+ "url_reported_malicious": false,
+ "malicious_url_categories": [],
+ "first_page_url": "https://example.net/one.html",
+ "status": "active",
+ "url_contains_cdn_cgi_path": false
+ }
+ // (...)
+ ],
+ "success": true,
+ "errors": [],
+ "messages": [],
+ "result_info": {
+ "page": 1,
+ "per_page": 15,
+ "count": 15,
+ "total_count": 16,
+ "total_pages": 2
+ }
}
```
@@ -338,24 +325,24 @@ curl "https://api.cloudflare.com/api/v4/zones/{zone_id}/page_shield/connections/
```json title="Response"
{
- "result": {
- "id": "0a7bb628776f4e50a50d8594c4a01740",
- "url": "https://malicious.example.com",
- "added_at": "2022-09-18T10:51:10.09615Z",
- "first_seen_at": "2022-09-18T10:51:08Z",
- "last_seen_at": "2022-09-02T09:57:54Z",
- "host": "example.net",
- "domain_reported_malicious": true,
- "malicious_domain_categories": ["Malware", "Spyware"],
- "url_reported_malicious": false,
- "malicious_url_categories": [],
- "first_page_url": "https://example.net/one.html",
- "status": "active",
- "url_contains_cdn_cgi_path": false
- },
- "success": true,
- "errors": [],
- "messages": []
+ "result": {
+ "id": "0a7bb628776f4e50a50d8594c4a01740",
+ "url": "https://malicious.example.com",
+ "added_at": "2022-09-18T10:51:10.09615Z",
+ "first_seen_at": "2022-09-18T10:51:08Z",
+ "last_seen_at": "2022-09-02T09:57:54Z",
+ "host": "example.net",
+ "domain_reported_malicious": true,
+ "malicious_domain_categories": ["Malware", "Spyware"],
+ "url_reported_malicious": false,
+ "malicious_url_categories": [],
+ "first_page_url": "https://example.net/one.html",
+ "status": "active",
+ "url_contains_cdn_cgi_path": false
+ },
+ "success": true,
+ "errors": [],
+ "messages": []
}
```
@@ -372,38 +359,36 @@ curl "https://api.cloudflare.com/api/v4/zones/{zone_id}/page_shield/cookies?page
```json title="Response"
{
- "result": [
- {
- "id": "beee03ada7e047e79f076785d8cd8b8e",
- "type": "first_party",
- "name": "PHPSESSID",
- "host": "example.net",
- "domain_attribute": "example.net",
- "expires_attribute": "2024-10-21T12:28:20Z",
- "http_only_attribute": true,
- "max_age_attribute": null,
- "path_attribute": "/store",
- "same_site_attribute": "strict",
- "secure_attribute": true,
- "first_seen_at": "2024-05-06T10:51:08Z",
- "last_seen_at": "2024-05-07T11:56:01Z",
- "first_page_url": "example.net/store/products",
- "page_urls": [
- "example.net/store/products/1"
- ]
- },
- // (...)
- ],
- "success": true,
- "errors": [],
- "messages": [],
- "result_info": {
- "page": 1,
- "per_page": 15,
- "count": 15,
- "total_count": 16,
- "total_pages": 2
- }
+ "result": [
+ {
+ "id": "beee03ada7e047e79f076785d8cd8b8e",
+ "type": "first_party",
+ "name": "PHPSESSID",
+ "host": "example.net",
+ "domain_attribute": "example.net",
+ "expires_attribute": "2024-10-21T12:28:20Z",
+ "http_only_attribute": true,
+ "max_age_attribute": null,
+ "path_attribute": "/store",
+ "same_site_attribute": "strict",
+ "secure_attribute": true,
+ "first_seen_at": "2024-05-06T10:51:08Z",
+ "last_seen_at": "2024-05-07T11:56:01Z",
+ "first_page_url": "example.net/store/products",
+ "page_urls": ["example.net/store/products/1"]
+ }
+ // (...)
+ ],
+ "success": true,
+ "errors": [],
+ "messages": [],
+ "result_info": {
+ "page": 1,
+ "per_page": 15,
+ "count": 15,
+ "total_count": 16,
+ "total_pages": 2
+ }
}
```
@@ -420,39 +405,37 @@ curl "https://api.cloudflare.com/api/v4/zones/{zone_id}/page_shield/cookies/beee
```json title="Response"
{
- "result": {
- "id": "beee03ada7e047e79f076785d8cd8b8e",
- "type": "first_party",
- "name": "PHPSESSID",
- "host": "example.net",
- "domain_attribute": "example.net",
- "expires_attribute": "2024-10-21T12:28:20Z",
- "http_only_attribute": true,
- "max_age_attribute": null,
- "path_attribute": "/store",
- "same_site_attribute": "strict",
- "secure_attribute": true,
- "first_seen_at": "2024-05-06T10:51:08Z",
- "last_seen_at": "2024-05-07T11:56:01Z",
- "first_page_url": "example.net/store/products",
- "page_urls": [
- "example.net/store/products/1"
- ]
- },
- "success": true,
- "errors": [],
- "messages": []
+ "result": {
+ "id": "beee03ada7e047e79f076785d8cd8b8e",
+ "type": "first_party",
+ "name": "PHPSESSID",
+ "host": "example.net",
+ "domain_attribute": "example.net",
+ "expires_attribute": "2024-10-21T12:28:20Z",
+ "http_only_attribute": true,
+ "max_age_attribute": null,
+ "path_attribute": "/store",
+ "same_site_attribute": "strict",
+ "secure_attribute": true,
+ "first_seen_at": "2024-05-06T10:51:08Z",
+ "last_seen_at": "2024-05-07T11:56:01Z",
+ "first_page_url": "example.net/store/products",
+ "page_urls": ["example.net/store/products/1"]
+ },
+ "success": true,
+ "errors": [],
+ "messages": []
}
```
### Create a policy
-This `POST` request creates a Page Shield policy with *Log* action, defining the following scripts as allowed based on where they are hosted:
+This `POST` request creates a Page Shield policy with _Log_ action, defining the following scripts as allowed based on where they are hosted:
-* Scripts hosted in `myapp.example.com` (which does not include scripts in `example.com`).
-* Scripts hosted in `cdnjs.cloudflare.com`.
-* The Google Analytics script using its full URL.
-* All scripts in the same origin (same HTTP or HTTPS scheme and hostname).
+- Scripts hosted in `myapp.example.com` (which does not include scripts in `example.com`).
+- Scripts hosted in `cdnjs.cloudflare.com`.
+- The Google Analytics script using its full URL.
+- All scripts in the same origin (same HTTP or HTTPS scheme and hostname).
All other scripts would trigger a policy violation, but those scripts would not be blocked.
@@ -460,7 +443,7 @@ For more information on Co
:::note
-For a list of CSP directives and keywords supported by Page Shield policies, refer to [CSP directives supported by policies](/page-shield/policies/csp-directives/).
+For a list of CSP directives and keywords supported by Page Shield policies, refer to [CSP directives supported by policies](/page-shield/policies/csp-directives/).
:::
```bash title="Request"
@@ -478,18 +461,18 @@ curl "https://api.cloudflare.com/api/v4/zones/{zone_id}/page_shield/policies" \
```json title="Response"
{
- "success": true,
- "errors": [],
- "messages": [],
- "result": {
- "id": "",
- "description": "My first policy in log mode",
- "action": "log",
- "expression": "http.host eq myapp.example.com",
- "enabled": "true",
- "value": "script-src myapp.example.com cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js 'self'"
- }
+ "success": true,
+ "errors": [],
+ "messages": [],
+ "result": {
+ "id": "",
+ "description": "My first policy in log mode",
+ "action": "log",
+ "expression": "http.host eq myapp.example.com",
+ "enabled": "true",
+ "value": "script-src myapp.example.com cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js 'self'"
+ }
}
```
-To create a policy with an *Allow* action instead of *Log*, use `"action": "allow"` in the request body. In the case of such policy, all scripts not allowed by the policy would be blocked.
+To create a policy with an _Allow_ action instead of _Log_, use `"action": "allow"` in the request body. In the case of such policy, all scripts not allowed by the policy would be blocked.
diff --git a/src/content/docs/page-shield/troubleshooting.mdx b/src/content/docs/page-shield/troubleshooting.mdx
index 21c07fb0c20568..6175aa61e78bce 100644
--- a/src/content/docs/page-shield/troubleshooting.mdx
+++ b/src/content/docs/page-shield/troubleshooting.mdx
@@ -4,10 +4,9 @@ source: https://support.cloudflare.com/hc/en-us/articles/360059485272-Troublesho
title: Troubleshooting
sidebar:
order: 10
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
## Why do I not see scripts after I activated Page Shield?
@@ -39,7 +38,7 @@ You can safely ignore these warnings, since they are related to the reports that
Policy violations reported via CSP's [report-only directive](/page-shield/reference/csp-header/) do not take into consideration any redirects or redirect HTTP status codes. This is [by design](https://www.w3.org/TR/CSP3/#create-violation-for-request) for security reasons.
-Some third-party services you may want to cover in your Page Shield allow policies perform redirects. An example of such a service is Google Ads, which [does not work well with CSP policies](https://support.google.com/adsense/thread/102839782?hl=en\&msgid=103611259).
+Some third-party services you may want to cover in your Page Shield allow policies perform redirects. An example of such a service is Google Ads, which [does not work well with CSP policies](https://support.google.com/adsense/thread/102839782?hl=en&msgid=103611259).
For example, if you add the `adservice.google.com` domain to an allow policy, you could get policy violation reports for this domain due to redirects to a different domain (not present in your allow policy). In this case, the violation report would still mention the original domain, and not the domain of the redirected destination, which can cause some confusion.
@@ -47,7 +46,7 @@ To try to solve this issue, add the domain of the redirected destination to your
## Do I have access to Page Shield?
-Some customers do. For more details, refer to [Availability](/page-shield/#availability).
+Yes, Page Shield is available on all plans. For details on the available features per plan, refer to [Availability](/page-shield/#availability).
### How do I set up Page Shield?
diff --git a/src/content/plans/index.json b/src/content/plans/index.json
index 07bc2b05de1e18..2bd55b857f3d57 100644
--- a/src/content/plans/index.json
+++ b/src/content/plans/index.json
@@ -1676,8 +1676,8 @@
"properties": {
"availability": {
"title": "Availability",
- "summary": "Pro and above",
- "free": "No",
+ "summary": "Available on all plans",
+ "free": "Yes",
"pro": "Yes",
"biz": "Yes",
"ent": "Yes",
@@ -1685,8 +1685,8 @@
},
"b_script_monitor": {
"title": "Script monitor",
- "summary": "Pro and above",
- "free": "No",
+ "summary": "Available on all plans",
+ "free": "Yes",
"pro": "Yes",
"biz": "Yes",
"ent": "Yes",