[Page Shield] Add FAQ page

Author: pedrosousa

src/content/docs/page-shield/faq.mdx

@@ -0,0 +1,21 @@
+---
+title: Page Shield FAQ
+pcx_content_type: faq
+sidebar:
+  order: 8
+  label: FAQ
+---
+
+import { Render } from "~/components";
+
+## What happens to CSP HTTP headers set by the origin server when I create a policy?
+
+<Render file="policy-headers" product="page-shield" />
+
+Page Shield only adds new CSP HTTP headers to the response. This means that Cloudflare will keep any `Content-Security-Policy-Report-Only` and `Content-Security-Policy` HTTP headers in the response set by the origin server and it will add separate HTTP headers for the policies configured on your Cloudflare zone.
+
+It is recommended that you only have one policy in [allow mode](/page-shield/policies/#policy-actions) (that is, a policy being enforced). If there is more than one `Content-Security-Policy` HTTP header in the response, the most restrictive policy wins. For more information, refer to the [MDN documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy#multiple_content_security_policies).
+
+## Can I add a `nonce` CSP directive to a policy?
+
+Page Shield currently does not support [`nonce`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP#nonces) directives in policies. Instead, you can use a [`hash`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP#hashes) CSP directive. For details on the supported directives and values, refer to [Supported CSP directives](/page-shield/policies/csp-directives/).

src/content/docs/page-shield/how-it-works/index.mdx

@@ -10,7 +10,7 @@ description: Page Shield tracks resources (such as scripts) loaded by your
   malicious resources.
 ---
 
-import { GlossaryTooltip } from "~/components";
+import { GlossaryTooltip, Render } from "~/components";
 
 Page Shield helps manage client-side resources loaded by your website visitors, including scripts, their connections, and [cookies](https://www.cloudflare.com/learning/privacy/what-are-cookies/). It can trigger alert notifications when resources change or are considered malicious.
 
@@ -26,10 +26,7 @@ Enterprise customers with a paid add-on have access to additional classification
 
 Enterprise customers with a paid add-on can create [policies](/page-shield/policies/) to define a positive security model (also known as positive blocking) for resources such as scripts.
 
-When you create policies, Cloudflare will generate CSP directives from those policies based on their configuration:
-
-- Log policies will create CSP directives for the `Content-Security-Policy-Report-Only` HTTP header.
-- Allow policies will create CSP directives for the `Content-Security-Policy` HTTP header.
+<Render file="policy-headers" product="page-shield" />
 
 For more information, refer to [Policies](/page-shield/policies/).
 

src/content/partials/page-shield/policy-headers.mdx

@@ -0,0 +1,8 @@
+---
+{}
+---
+
+When you create policies, Cloudflare will generate content security policy (CSP) directives from those policies based on their configuration:
+
+- Log policies will create CSP directives for the `Content-Security-Policy-Report-Only` HTTP header.
+- Allow policies will create CSP directives for the `Content-Security-Policy` HTTP header.