diff --git a/src/content/docs/page-shield/alerts/alert-types.mdx b/src/content/docs/page-shield/alerts/alert-types.mdx
index eb2db5e1d6ff935..49b23502ed9d404 100644
--- a/src/content/docs/page-shield/alerts/alert-types.mdx
+++ b/src/content/docs/page-shield/alerts/alert-types.mdx
@@ -8,7 +8,7 @@ sidebar:
import { AvailableNotifications } from "~/components";
-You can configure alerts for resources detected in your domain. Refer to [Page Shield alerts](/page-shield/alerts/) for more information.
+You can configure alerts for resources detected in your domain. Refer to [Alerts](/page-shield/alerts/) for more information.
## New resource alerts
diff --git a/src/content/docs/page-shield/alerts/configure.mdx b/src/content/docs/page-shield/alerts/configure.mdx
index bb3acfa2ff567ac..1f4b88c27ecb9df 100644
--- a/src/content/docs/page-shield/alerts/configure.mdx
+++ b/src/content/docs/page-shield/alerts/configure.mdx
@@ -1,10 +1,10 @@
---
-title: Configure a Page Shield alert
+title: Configure an alert
pcx_content_type: how-to
sidebar:
order: 2
label: Configure an alert
-description: Configure scoped or unscoped Page Shield alerts to get notified about relevant client-side changes on your zones.
+description: Configure scoped or unscoped client-side resource alerts to get notified about relevant client-side changes on your zones.
---
import { Render } from "~/components";
diff --git a/src/content/docs/page-shield/alerts/index.mdx b/src/content/docs/page-shield/alerts/index.mdx
index 3462022816f93cb..618238d423def9f 100644
--- a/src/content/docs/page-shield/alerts/index.mdx
+++ b/src/content/docs/page-shield/alerts/index.mdx
@@ -1,12 +1,12 @@
---
-title: Page Shield alerts
+title: Alerts
pcx_content_type: concept
sidebar:
order: 5
group:
label: Alerting
-description: Page Shield alerts notify you when new scripts are detected
- on your domain or when Page Shield detects resources that are likely
+description: Cloudflare client-side resource alerts notify you when new scripts
+ are detected on your domain or when Cloudflare detects resources that are likely
malicious.
---
@@ -30,7 +30,7 @@ You can configure unscoped or scoped alerts:
For alerts sent at regular intervals, you might experience a delay between adding a new script and receiving an alert.
-For instructions on configuring alerts, refer to [Configure a Page Shield alert](/page-shield/alerts/configure/).
+For instructions on configuring alerts, refer to [Configure an alert](/page-shield/alerts/configure/).
## Scoped alerts
@@ -42,11 +42,11 @@ If you have configured [allow policies](/page-shield/policies/#policy-actions) i
When you create a scoped alert using the **Policies of these zones** alert filter, you will only receive the most relevant notifications based on the values of the allow policies you configured.
-For each scoped alert, Page Shield does the following:
+For each scoped alert, Cloudflare does the following:
1. Check which allow policies in a zone are enabled.
2. For every enabled policy, compare the URL of the new or changed resource against the allowed sources in the policy.
-3. If the resource is allowed by the policy, check if the new or modified resource should trigger the current Page Shield alert.
+3. If the resource is allowed by the policy, check if the new or modified resource should trigger the current alert.
4. If the alert should trigger, send an alert notification to the configured destinations.
When you create a scoped alert you will not receive notifications for resources blocked by an allow policy. These are [policy violations](/page-shield/policies/violations/) that you can review in the dashboard, through GraphQL, or via Logpush.
diff --git a/src/content/docs/page-shield/best-practices/handle-an-alert.mdx b/src/content/docs/page-shield/best-practices/handle-an-alert.mdx
index e4ec5b7b79b306b..f672a99f3fba956 100644
--- a/src/content/docs/page-shield/best-practices/handle-an-alert.mdx
+++ b/src/content/docs/page-shield/best-practices/handle-an-alert.mdx
@@ -1,24 +1,26 @@
---
-title: Handle a Page Shield alert
+title: Handle a client-side resource alert
pcx_content_type: tutorial
-updated: 2023-03-23
+updated: 2025-06-13
sidebar:
order: 2
label: Handle an alert
---
-If you receive a Page Shield alert, sometimes you need to perform some manual investigation to confirm the nature of the script. Use the guidance provided in this page as a starting point for your investigation.
+If you receive a client-side resource alert, sometimes you need to perform some manual investigation to confirm the nature of the script. Use the guidance provided in this page as a starting point for your investigation.
## 1. Understand what triggered the alert
-Start by identifying the [detection system](/page-shield/how-it-works/malicious-script-detection/) that triggered the alert. A link is provided in the alert that will send you directly to the Page Shield dashboard to the relevant resource that needs reviewing. Alternatively, do the following:
+Start by identifying the [detection system](/page-shield/how-it-works/malicious-script-detection/) that triggered the alert. A link is provided in the alert that will send you directly to the Cloudflare dashboard to the relevant resource that needs reviewing. Alternatively, do the following:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **Page Shield**.
+2. Navigate to the client-side resource monitoring page:
+ - Old dashboard: Go to **Security** > **Page Shield**.
+ - New security dashboard: Go to **Security** > **Web assets** > **Client-side resources** tab.
3. Select **Scripts** or **Connections** and search for the resource mentioned on the alert you received.
4. Select **Details** next to the resource you identified. The example screenshot below shows a malicious script resource.
-
+
The details page will specify which detection system triggered the alert. Check the values of the following fields:
@@ -58,11 +60,11 @@ In this case, in addition to the steps indicated below, the best approach is:
## 3. Check the script reputation
-If Page Shield considers the resource’s domain a "malicious domain", it is likely that the domain does not have a good reputation. The domain may be known for hosting malware or for being used for phishing attacks. Usually, reviewing the domain/hostname is sufficient to understand why you received the alert. You can use tools like Cloudflare's [Security Center Investigate](https://dash.cloudflare.com/?to=/:account/security-center/investigate) platform to help with this validation.
+If Cloudflare considers the resource’s domain a "malicious domain", it is likely that the domain does not have a good reputation. The domain may be known for hosting malware or for being used for phishing attacks. Usually, reviewing the domain/hostname is sufficient to understand why you received the alert. You can use tools like Cloudflare's [Security Center Investigate](https://dash.cloudflare.com/?to=/:account/security-center/investigate) platform to help with this validation.
If Cloudflare's internal systems classified the script as containing "malicious code", external tools may not confirm the detection you got from Page Shield, since the machine learning (ML) model being used is Cloudflare-specific technology.
-If you believe that Page Shield's classification is a false positive, contact your account team so that we can further improve Page Shield's underlying technology.
+If you believe that Cloudflare's classification is a false positive, contact your account team so that we can further improve Page Shield's underlying technology.
## 4. (Optional) Analyze the script content
@@ -76,7 +78,7 @@ You could use a virtual machine to perform some of the following analysis:
## Conclusion
-If a resource which triggered a malicious alert from Page Shield:
+If a resource which triggered a malicious resource alert:
- Is actively present in your application
- Is being loaded from a malicious host or IP address, or has malicious code
diff --git a/src/content/docs/page-shield/best-practices/index.mdx b/src/content/docs/page-shield/best-practices/index.mdx
index 5d9481b908f533f..78bb62e046493e6 100644
--- a/src/content/docs/page-shield/best-practices/index.mdx
+++ b/src/content/docs/page-shield/best-practices/index.mdx
@@ -11,6 +11,6 @@ description: Best practices for using Page Shield.
import { DirectoryListing } from "~/components";
-Review the topics below for best practices related to Page Shield:
+Review the topics below for best practices related to Page Shield's client-side resource monitoring:
diff --git a/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx b/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx
index e205f70c9eb78e4..831859034aaff38 100644
--- a/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx
+++ b/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx
@@ -7,31 +7,32 @@ sidebar:
import { Render } from "~/components";
-Once you [activate Page Shield](/page-shield/get-started/), the **Monitors** dashboard will show which resources (scripts and connections) are running on your domain, as well as the cookies recently detected in HTTP traffic.
+Once you [activate Page Shield's client-side resource monitoring](/page-shield/get-started/), the main client-side resources dashboard will show which resources (scripts and connections) are running on your domain, as well as the cookies recently detected in HTTP traffic.
If you notice unexpected scripts or connections on the dashboard, check them for signs of malicious activity. Enterprise customers with a paid add-on will have their [connections and scripts classified as potentially malicious](/page-shield/how-it-works/malicious-script-detection/) based on threat feeds. You should also check for any new or unexpected cookies.
:::note
-- Users in Free and Pro plans only have access to the script monitor.
-- If you recently activated Page Shield, you may see a delay in reporting.
+- Users in Free and Pro plans only have access to script monitoring.
+- If you recently activated client-side resource monitoring, you may see a delay in reporting.
:::
-## Use the Monitors dashboard
+## Use the client-side resources dashboards
-To review the resources and cookies detected by Page Shield:
+To review the resources detected by Cloudflare:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **Page Shield**.
+2. Go to the client-side resources page:
+ - Old dashboard: Go to **Security** > **Page Shield**.
+ - New security dashboard: Go to **Security** > **Web assets** > **Client-side resources** tab.
-3. Under **Monitors**, review the list of scripts, connections, and cookies for your domain. To apply a filter, select **Add filter** and use one or more of the available options:
-
- - **Script**: Filter scripts by their URL.
- - **Connection**: Filter connections by their target URL. Depending on your [configuration](/page-shield/reference/settings/#connection-target-details), it may search only by target hostname.
- - **Host**: Look for scripts appearing on specific hostnames, or connections made in a specific hostname.
- - **Page** (requires a Business or Enterprise plan): Look for scripts appearing in a specific page, or for connections made in a specific page. Searches the first page where the script was loaded (or where the connection was made) and the latest occurrences list.
+3. Review the list of scripts, connections, and cookies for your domain. To apply a filter, select **Add filter** and use one or more of the available options:
+ - **Script URL**: Filter scripts by their URL.
+ - **Connection URL**: Filter connections by their target URL. Depending on your [configuration](/page-shield/reference/settings/#connection-target-details), it may search only by target hostname.
+ - **Seen on host**: Look for scripts appearing on specific hostnames, or connections made in a specific hostname.
+ - **Seen on page** (requires a Business or Enterprise plan): Look for scripts appearing in a specific page, or for connections made in a specific page. Searches the first page where the script was loaded (or where the connection was made) and the latest occurrences list.
- **Status**: Filter scripts or connections by [status](/page-shield/reference/script-statuses/).
- **Type**: Filter cookies according to their type: first-party cookies or unknown.
- Cookie property: Filter by a cookie property such as **Name**, **Domain**, **Path**, **Same site**, **HTTP only**, and **Secure**.
@@ -40,12 +41,15 @@ To review the resources and cookies detected by Page Shield:
## View all reported scripts or connections
-The All Reported Connections and All Reported Scripts dashboards show all the detected resources including infrequent or inactive ones, reported in the last 30 days. After 30 days without any report, Page Shield will delete information about a previously reported resource, and it will no longer appear in any of the dashboards.
+The All Reported Connections and All Reported Scripts dashboards show all the detected resources including infrequent or inactive ones, reported in the last 30 days. After 30 days without any report, Cloudflare will delete information about a previously reported resource, and it will no longer appear in any of the dashboards.
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **Page Shield** > **Monitors**.
+2. Go to the client-side resources page:
+ - Old dashboard: Go to **Security** > **Page Shield**.
+ - New security dashboard: Go to **Security** > **Web assets** > **Client-side resources** tab.
+
3. Select **Scripts** or **Connections**.
-4. Select **View all**.
+4. Select **View all scripts** or **View all connections**.
5. Review the information displayed in the dashboard.
You can filter the data in these dashboards using different criteria, and print a report with the displayed records.
@@ -77,7 +81,6 @@ The script details also include the last 10 script versions detected by Page Shi
The details of each cookie include:
- **Type**: A cookie can have the following types:
-
- **First-party**: Cookies set by the origin server through a `set-cookie` HTTP response header.
- **Unknown**: All other detected cookies.
@@ -113,6 +116,11 @@ Use this feature to extract data from Page Shield that you can review and annota
To export script, connection, or cookie information in CSV format:
-1. Go to the **Monitors** tab and select **Scripts**, **Connections**, or **Cookies**.
-2. (Optional) Apply any filters to the displayed data.
-3. Select **Download CSV**.
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+2. Go to the client-side resources page:
+ - Old dashboard: Go to **Security** > **Page Shield**.
+ - New security dashboard: Go to **Security** > **Web assets** > **Client-side resources** tab.
+
+3. Select **Scripts**, **Connections**, or **Cookies**.
+4. (Optional) Apply any filters to the displayed data.
+5. Select **Download CSV**.
diff --git a/src/content/docs/page-shield/detection/review-changed-scripts.mdx b/src/content/docs/page-shield/detection/review-changed-scripts.mdx
index 1e8f24bc2679219..4e61dcd59ccbe65 100644
--- a/src/content/docs/page-shield/detection/review-changed-scripts.mdx
+++ b/src/content/docs/page-shield/detection/review-changed-scripts.mdx
@@ -11,12 +11,16 @@ description: Learn how to review scripts on your domain after receiving a code c
Available as a paid add-on for customers on an Enterprise plan.
:::
-Page Shield analyzes the JavaScript dependencies in the pages of your domain over time.
+Cloudflare analyzes the JavaScript dependencies in the pages of your domain over time.
You can configure a notification for [code change alerts](/page-shield/alerts/alert-types/#code-change-alert) to receive a daily notification about changed scripts in your domain.
When you receive such a notification:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **Page Shield** > **Monitors**.
+2. Go to the client-side resources page:
+
+ - Old dashboard: Go to **Security** > **Page Shield**.
+ - New security dashboard: Go to **Security** > **Web assets** > **Client-side resources** tab.
+
3. Check the details of each changed script and validate if it is an expected change.
diff --git a/src/content/docs/page-shield/detection/review-malicious-scripts.mdx b/src/content/docs/page-shield/detection/review-malicious-scripts.mdx
index 13eabcbb9af1169..7f16a5fa0292c0e 100644
--- a/src/content/docs/page-shield/detection/review-malicious-scripts.mdx
+++ b/src/content/docs/page-shield/detection/review-malicious-scripts.mdx
@@ -14,7 +14,7 @@ import { Render } from "~/components";
Only available to Enterprise customers with a paid add-on.
:::
-Page Shield displays scripts and connections considered malicious at the top of the dashboard lists, so that you can quickly identify those resources, review them, and take action.
+Cloudflare displays scripts and connections considered malicious at the top of the dashboard lists, so that you can quickly identify those resources, review them, and take action.
## Review malicious scripts
@@ -22,23 +22,26 @@ To review the scripts considered malicious:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **Page Shield** > **Monitors**.
+2. Go to the client-side resources page:
+ - Old dashboard: Go to **Security** > **Page Shield**.
+ - New security dashboard: Go to **Security** > **Web assets** > **Client-side resources** tab.
-3. Select **Details** for each script considered malicious. The script details will contain:
+3. Select the **Scripts** tab.
+4. Select **Details** for each script considered malicious. The script details will contain:
- **Malicious code analysis**: Scores between 1-99 classifying how malicious the current script version is, where 1 means definitely malicious and 99 means definitely not malicious.
- **Code behavior analysis**: Scores classifying the behavior of the current script version in terms of code obfuscation and data exfiltration. The scores vary between 1-99, where 1 means definitely malicious and 99 means definitely not malicious.
- - **Threat intelligence**: Whether the script URL and/or domain is known to be malicious according to threat intelligence feeds. If the script is considered malicious according to the feeds, Page Shield will list the associated threat [categories](/page-shield/how-it-works/malicious-script-detection/#malicious-script-and-connection-categories). If threat intelligence feeds do not have any information about the script URL or domain, the dashboard will show **Not present**.
+ - **Threat intelligence**: Whether the script URL and/or domain is known to be malicious according to threat intelligence feeds. If the script is considered malicious according to the feeds, the dashboard will show a list of associated threat [categories](/page-shield/how-it-works/malicious-script-detection/#malicious-script-and-connection-categories). If threat intelligence feeds do not have any information about the script URL or domain, the dashboard will show **Not present**.
- The script details also include the last 10 script versions detected by Page Shield.
+ The script details also include the last 10 script versions detected by Cloudflare.
For more information, refer to [Malicious script and connection detection](/page-shield/how-it-works/malicious-script-detection/).
-4. Based on the displayed information, and with the help of the [last seen/first seen fields in the script details](/page-shield/detection/monitor-connections-scripts/#view-details), review and update the pages where the malicious script was detected.
+5. Based on the displayed information, and with the help of the [last seen/first seen fields in the script details](/page-shield/detection/monitor-connections-scripts/#view-details), review and update the pages where the malicious script was detected.
-You can configure alerts for detected malicious scripts. Refer to [Page Shield alerts](/page-shield/alerts/) for more information.
+You can configure alerts for detected malicious scripts. Refer to [Alerts](/page-shield/alerts/) for more information.
## Review malicious connections
@@ -46,14 +49,17 @@ To review the connections considered malicious:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **Page Shield** > **Monitors**, and select **Connections**.
+2. Go to the client-side resources page:
+ - Old dashboard: Go to **Security** > **Page Shield**.
+ - New security dashboard: Go to **Security** > **Web assets** > **Client-side resources** tab.
-3. Select **Details** for each connection considered malicious. The connection details will contain:
+3. Select **Connections**.
+4. Select **Details** for each connection considered malicious. The connection details will contain:
- **URL match**: Whether the connection's target URL is known to be malicious according to threat intelligence feeds. This field requires that you configure Page Shield to analyze the [full URI](/page-shield/reference/settings/#connection-target-details) of outgoing connections.
- **Domain match**: Whether the connection's target domain is known to be malicious according to threat intelligence feeds.
- **Category**: The categorization of the connection considered malicious according to threat intelligence feeds.
For more information, refer to [Malicious script and connection detection](/page-shield/how-it-works/malicious-script-detection/).
-4. Based on the displayed information, and with the help of the [last seen/first seen fields in the connection details](/page-shield/detection/monitor-connections-scripts/#view-details), review and update the pages where the malicious connection was detected.
+5. Based on the displayed information, and with the help of the [last seen/first seen fields in the connection details](/page-shield/detection/monitor-connections-scripts/#view-details), review and update the pages where the malicious connection was detected.
diff --git a/src/content/docs/page-shield/get-started.mdx b/src/content/docs/page-shield/get-started.mdx
index d919d72a81ebc93..2e852df626ebc33 100644
--- a/src/content/docs/page-shield/get-started.mdx
+++ b/src/content/docs/page-shield/get-started.mdx
@@ -6,14 +6,16 @@ sidebar:
head:
- tag: title
content: Get started with Cloudflare Page Shield
-description: Learn how to set up Page Shield.
+description: Learn how to get started with client-side resource monitoring.
---
-import { Render } from "~/components";
+import { Tabs, TabItem, Render } from "~/components";
-## Activate Page Shield
+## Activate client-side resource monitoring
-To enable Page Shield:
+To enable client-side resource monitoring:
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Page Shield**.
@@ -21,11 +23,21 @@ To enable Page Shield:
If you do not have access to Page Shield in the Cloudflare dashboard, check if your user has one of the [necessary roles](/page-shield/reference/roles-and-permissions/).
+
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+2. Go to **Security** > **Settings** and filter by **Client side abuse**.
+3. Next to **Continuous script monitoring**, set the toggle to **On**.
+
+If you do not have access to resource monitoring in the Cloudflare dashboard, check if your user has one of the [necessary roles](/page-shield/reference/roles-and-permissions/).
+
+
+
## Review detected scripts
-When you enable Page Shield, it may take a while to get the list of detected scripts in your domain.
+When you enable client-side resource monitoring, it may take a while to get the list of detected scripts in your domain.
-Review the scripts displayed in the [**Monitors** dashboard](/page-shield/detection/monitor-connections-scripts/), checking them for signs of malicious activity.
+Review the scripts displayed in the [resource monitoring dashboard](/page-shield/detection/monitor-connections-scripts/), checking them for signs of malicious activity.
Depending on your plan, you may be able to also review the connections made by scripts in your domain's pages and check them for malicious activity.
@@ -47,7 +59,7 @@ Depending on your plan, you may be able to also review the connections made by s
Only available to Enterprise customers with a paid add-on.
:::
-[Policies](/page-shield/policies/) define allowed resources on your websites. Create policies to implement a positive security model [^1].
+[Policies](/page-shield/policies/), called content security rules in the [new security dashboard](/security/), define allowed resources on your websites. Create policies to implement a positive security model [^1].
1. [Create a policy](/page-shield/policies/create-dashboard/) with the _Log_ action.
diff --git a/src/content/docs/page-shield/how-it-works/index.mdx b/src/content/docs/page-shield/how-it-works/index.mdx
index 2c89cf63f14fc33..ad061e69103e8eb 100644
--- a/src/content/docs/page-shield/how-it-works/index.mdx
+++ b/src/content/docs/page-shield/how-it-works/index.mdx
@@ -12,13 +12,13 @@ description: Page Shield tracks resources (such as scripts) loaded by your
import { GlossaryTooltip } from "~/components";
-Page Shield helps manage resources loaded by your website visitors, including scripts, their connections, and [cookies](https://www.cloudflare.com/learning/privacy/what-are-cookies/). It can trigger alert notifications when resources change or are considered malicious.
+Page Shield helps manage client-side resources loaded by your website visitors, including scripts, their connections, and [cookies](https://www.cloudflare.com/learning/privacy/what-are-cookies/). It can trigger alert notifications when resources change or are considered malicious.
-Enabling Page Shield adds a Content Security Policy (CSP) deployed with a [report-only directive](/page-shield/reference/csp-header/) to collect information from the browser. This allows Cloudflare to provide you with a list of all scripts running on your application and the connections they make to third-party endpoints. Page Shield also monitors ingress and egress traffic for cookies, either set by origin servers or by the visitor's browser.
+Enabling resource monitoring adds a Content Security Policy (CSP) deployed with a [report-only directive](/page-shield/reference/csp-header/) to collect information from the browser. This allows Cloudflare to provide you with a list of all scripts running on your application and the connections they make to third-party endpoints. Cloudflare also monitors ingress and egress traffic for cookies, either set by origin servers or by the visitor's browser.
-The **Monitors** dashboard shows the list of active scripts, connections, and cookies. The **All Reported Scripts** and **All Reported Connections** dashboards show the full list of detected scripts and connections in your domain, respectively, including infrequent and inactive ones.
+The client-side resource monitoring dashboard shows the list of active scripts, connections, and cookies. The **All Reported Scripts** and **All Reported Connections** dashboards show the full list of detected scripts and connections in your domain, respectively, including infrequent and inactive ones.
-Page Shield adds a CSP report-only HTTP header used to monitor webpage resources to a sample of sent responses. This means that there may be a [small delay](/page-shield/troubleshooting/#page-shield-does-not-show-any-resources-after-activating-it) between deploying a script or cookie and having its data displayed in Page Shield's dashboards.
+Cloudflare adds a CSP report-only HTTP header used to monitor webpage resources to a sample of sent responses. This means that there may be a [small delay](/page-shield/troubleshooting/#page-shield-does-not-show-any-resources-after-activating-it) between deploying a script or cookie and having its data displayed in the resource monitoring dashboards.
Enterprise customers with a paid add-on have access to additional classification mechanisms based on threat feeds to determine if a script, or a connection made by a script, is malicious. For more information, refer to [Malicious script and connection detection](/page-shield/how-it-works/malicious-script-detection/).
@@ -26,7 +26,7 @@ Enterprise customers with a paid add-on have access to additional classification
Enterprise customers with a paid add-on can create [policies](/page-shield/policies/) to define a positive security model (also known as positive blocking) for resources such as scripts.
-When you create policies, Page Shield will generate CSP directives from those policies based on their configuration:
+When you create policies, Cloudflare will generate CSP directives from those policies based on their configuration:
- Log policies will create CSP directives for the `Content-Security-Policy-Report-Only` HTTP header.
- Allow policies will create CSP directives for the `Content-Security-Policy` HTTP header.
@@ -35,4 +35,4 @@ For more information, refer to [Policies](/page-shield/policies/).
## Learn more
-For more background on Page Shield, refer to our [blog post](https://blog.cloudflare.com/page-shield-generally-available/).
+For more background on Page Shield and client-side resource monitoring, refer to our [blog post](https://blog.cloudflare.com/page-shield-generally-available/).
diff --git a/src/content/docs/page-shield/how-it-works/malicious-script-detection.mdx b/src/content/docs/page-shield/how-it-works/malicious-script-detection.mdx
index affdf981ff2695e..5f3633280da75b1 100644
--- a/src/content/docs/page-shield/how-it-works/malicious-script-detection.mdx
+++ b/src/content/docs/page-shield/how-it-works/malicious-script-detection.mdx
@@ -12,47 +12,47 @@ description: Page Shield implements different mechanisms to determine if a
This feature is available as a paid add-on for customers on an Enterprise plan.
:::
-Page Shield implements different mechanisms to determine if a script, or a connection made by a script, is malicious. These mechanisms are:
+Cloudflare uses different mechanisms to determine if a script, or a connection made by a script, is malicious. These mechanisms are:
- Malicious script detection
- Malicious URL checks
- Malicious domain checks
-Any updates to the threat feeds will trigger new checks for previously detected scripts or connections so that the Page Shield dashboards always reflect the latest categorization.
+Any updates to the threat feeds will trigger new checks for previously detected scripts or connections so that the client-side resource monitoring dashboards always reflect the latest categorization.
## Malicious script detection
-In this type of detection, Page Shield will download the script file and run it through a classifier. The classifier is a machine learning (ML) model that has learned to detect patterns of malicious operations such as [Magecart-type attacks](https://sansec.io/what-is-magecart).
+In this type of detection, Cloudflare will download the script file and run it through a classifier. The classifier is a machine learning (ML) model that has learned to detect patterns of malicious operations such as [Magecart-type attacks](https://sansec.io/what-is-magecart).
The script classifier will output a probability score for the script (also called the JS integrity score) between 1 and 99, where 1 means definitely malicious and 99 means definitely not malicious. This score, together with a threshold value, will determine if the malicious script detection system will classify the script as malicious or not.
-The score threshold for considering a script as malicious is currently set to 10. If the script classification score is below this value, the Page Shield dashboards will display the script as being malicious.
+The score threshold for considering a script as malicious is currently set to 10. If the script classification score is below this value, the monitoring dashboards will display the script as being malicious.
-In addition to the integrity score, Page Shield will also provide individual scores for different malicious code detections (scores from 1 to 99):
+In addition to the integrity score, Cloudflare will also provide individual scores for different malicious code detections (scores from 1 to 99):
- **Magecart**
- **Crypto mining**
- **Malware**
-You can [configure Malicious Script Alerts](/page-shield/alerts/configure/). You will receive an alert notification as soon as Cloudflare detects JavaScript code classified as malicious in your domain.
+You can [configure Malicious Script Alerts](/page-shield/alerts/configure/) to receive an alert notification as soon as Cloudflare detects JavaScript code classified as malicious in your domain.
## Malicious URL checks
-Page Shield will search for the URLs of your JavaScript dependencies in threat intelligence feeds to determine if any of those scripts should be categorized as malicious.
+Cloudflare will search for the URLs of your JavaScript dependencies in threat intelligence feeds to determine if any of those scripts should be categorized as malicious.
-The Page Shield dashboards display the scripts that were considered malicious at the top of the scripts list.
+The client-side resource monitoring dashboards display the scripts that were considered malicious at the top of the scripts list.
You can [configure Malicious URL Alerts](/page-shield/alerts/configure/) to receive an alert notification as soon as Cloudflare detects a script from a malicious URL in your domain.
-Depending on your current configuration, Page Shield can also search for malicious URLs in the URLs of outgoing connections made by scripts in your domain. To enable this check, you must [allow Page Shield to use the full URLs of outgoing connections](/page-shield/reference/settings/#connection-target-details) instead of only the hostname in Page Shield settings.
+Depending on your current configuration, Cloudflare can also search for malicious URLs in the URLs of outgoing connections made by scripts in your domain. To enable this check, you must [allow resource monitoring to use the full URLs of outgoing connections](/page-shield/reference/settings/#connection-target-details) instead of only the hostname in the settings page.
## Malicious domain checks
-Page Shield will search for the domains of your client-side JavaScript dependencies in threat feeds to determine if any of those scripts is being served from a known malicious domain.
+Cloudflare will search for the domains of your client-side JavaScript dependencies in threat feeds to determine if any of those scripts is being served from a known malicious domain.
A domain previously reported as malicious can later be reported as non-malicious if, after further analysis, the domain is deemed safe.
-Page Shield will also check the target domains of connections made by scripts in your domain's pages, following the same approach described for scripts.
+Cloudflare will also check the target domains of connections made by scripts in your domain's pages, following the same approach described for scripts.
You can [configure Malicious Domain Alerts](/page-shield/alerts/configure/) to receive an alert notification as soon as Cloudflare detects a malicious script loaded from a known malicious domain in your domain.
diff --git a/src/content/docs/page-shield/index.mdx b/src/content/docs/page-shield/index.mdx
index 47782b2ba4df2bc..387c7bb765d258b 100644
--- a/src/content/docs/page-shield/index.mdx
+++ b/src/content/docs/page-shield/index.mdx
@@ -30,12 +30,12 @@ Learn how to [get started](/page-shield/get-started/).
## Features
- Displays information about loaded scripts in your domain's pages and the
- connections they make.
+ Displays information about client-side resources loaded in your domain's
+ pages.
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and domain.
-2. Go to **Page Shield** > **Policies**.
+2. Go to **Security** > **Page Shield** > **Policies**.
3. Select **Create policy**.
-4.
- Enter a descriptive name for the rule in **Description**.
+4. Enter a descriptive name for the rule in **Description**.
5. Under **If incoming requests match**, define the policy scope. You can use the Expression Builder (specifying one or more values for **Field**, **Operator**, and **Value**) or manually enter an expression using the Expression Editor. For more information, refer to [Edit expressions in the dashboard](/ruleset-engine/rules-language/expressions/edit-expressions/).
@@ -33,3 +36,38 @@ description: Learn how to create a Page Shield policy in the Cloudflare dashboar
- _Log_: Logs any policy violations without blocking any resources not covered by the policy.
8. To save and deploy your rule, select **Deploy**. If you are not ready to deploy your rule, select **Save as Draft**.
+
+
+
+:::note
+In the [new security dashboard](/security/), policies are called content security rules.
+:::
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and domain.
+
+2. Go to **Security** > **Security rules**.
+
+3. Select **Create** > **Content security rules**.
+
+4.
+ Enter a descriptive name for the rule in **Description**.
+
+5. Under **If incoming requests match**, define the scope of the content security rule (or policy). You can use the Expression Builder (specifying one or more values for **Field**, **Operator**, and **Value**) or manually enter an expression using the Expression Editor. For more information, refer to [Edit expressions in the dashboard](/ruleset-engine/rules-language/expressions/edit-expressions/).
+
+6. Under **Allow these directives**, select the desired [CSP directives](/page-shield/policies/csp-directives/) for the content security rule by enabling one or more checkboxes.
+
+ - To manually enter an allowed source, select **Add source**.
+ - To refresh the displayed sources based on detected resources, select **Refresh suggestions**.
+
+ :::note
+ Cloudflare provides suggestions for **Default**, **Scripts**, and **Connections** directives. For the **Default** directive, suggestions are based on monitored scripts and connections resources.
+ :::
+
+7. Under **Then take action**, select the desired action:
+
+ - _Allow_: Enforces the CSP directives configured in the content security rule, blocking any other resources from being loaded on your website, and logging any [policy violations](/page-shield/policies/violations/).
+ - _Log_: Logs any rule violations without blocking any resources not covered by the content security rule.
+
+8. To save and deploy your rule, select **Deploy**. If you are not ready to deploy your rule, select **Save as Draft**.
+
+
diff --git a/src/content/docs/page-shield/policies/csp-directives.mdx b/src/content/docs/page-shield/policies/csp-directives.mdx
index 8b50db64a49b30d..de194c152791aa5 100644
--- a/src/content/docs/page-shield/policies/csp-directives.mdx
+++ b/src/content/docs/page-shield/policies/csp-directives.mdx
@@ -5,26 +5,23 @@ sidebar:
order: 6
head: []
description: CSP directives supported by policies
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
-Page Shield policies support most Content Security Policy (CSP) directives, covering both monitored and unmonitored resources. You can use a policy to control other types of resources besides scripts and their connections, even though Page Shield is not monitoring these resources.
+Page Shield policies support most Content Security Policy (CSP) directives, covering both monitored and unmonitored resources. You can use a policy to control other types of resources besides scripts and their connections, even though Cloudflare is not monitoring these resources.
Each CSP directive can contain multiple values, including:
-* Schemes
-* Hostnames
-* URIs
-* Special keywords between single quotes (for example, `'none'`)
-* Hashes between single quotes (for example, `'sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC'`)
+- Schemes
+- Hostnames
+- URIs
+- Special keywords between single quotes (for example, `'none'`)
+- Hashes between single quotes (for example, `'sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC'`)
Hostname and URI values support a `*` wildcard for the leftmost subdomain.
-The following table lists the supported CSP directives and special values you can use in Page Shield policies:
-
-
+The following table lists the supported CSP directives and special values you can use in policies:
| Directive | Name in the dashboard | Supported special values | Monitored |
| --------------------------- | ------------------------- | ------------------------------------------------------------------------------ | ---------------------------------------------------------- |
@@ -45,11 +42,9 @@ The following table lists the supported CSP directives and special values you ca
| `frame-ancestors` | Frame ancestors | `'none'`
`'self'` | No |
| `upgrade-insecure-requests` | Upgrade insecure requests | N/A | No |
-
-
## More resources
For more information on CSP directives and their values, refer to the following resources in the MDN documentation:
-* [Content-Security-Policy response header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy)
-* [CSP guide](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP)
+- [Content-Security-Policy response header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy)
+- [CSP guide](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP)
diff --git a/src/content/docs/page-shield/policies/index.mdx b/src/content/docs/page-shield/policies/index.mdx
index f1e3d52ff45d022..8d5560bc60be605 100644
--- a/src/content/docs/page-shield/policies/index.mdx
+++ b/src/content/docs/page-shield/policies/index.mdx
@@ -15,28 +15,30 @@ Only available to Enterprise customers with a paid add-on.
Policies define the resources allowed on your applications through Content Security Policy (CSP) directives. Policies can log violations and also enforce an allowlist of resources, effectively blocking resources not included in the policies.
+In the [new security dashboard](/security/), policies are called content security rules, and they are one of the available types of [security rules](/security/rules/). Security rules perform security-related actions on incoming requests that match specified filters.
+
Create [allow policies](#policy-actions) to define a positive security model, also known as positive blocking. According to this model, you define what is allowed and reject everything else. Such an approach helps you reduce the attack surface for unwanted third-party scripts in your application.
-A policy can control both resources monitored by Page Shield, such as scripts and their connections, and other types of resources. Refer to [Supported CSP directives](/page-shield/policies/csp-directives/) for details.
+A policy can control both client-side resources monitored by Cloudflare, such as scripts and their connections, and other types of resources. Refer to [Supported CSP directives](/page-shield/policies/csp-directives/) for details.
+
+### Important remarks
-:::note
Third-party service providers may require specific CSP directives. Refer to your provider's documentation for more information on the CSP directives you need to include in your policy.
-:::
## Policy actions
-A policy can perform one of the following actions:
+A policy — or content security rule — can perform one of the following actions:
-- **Log**: Page Shield will log any resources not covered by the policy, without blocking any resources. Use this action to validate a new policy before deploying it. Resources not covered by the policy will be reported as [policy violations](/page-shield/policies/violations/).
-- **Allow**: Page Shield will block any resources not explicitly allowed by the policy. Switch to the _Allow_ action after validating a new policy with the _Log_ action, so that your policy does not block essential application resources, which would affect your application's end users. Policies with the _Allow_ action will log [policy violations](/page-shield/policies/violations/) for any blocked resources.
+- **Log**: Cloudflare will log any resources not covered by the policy, without blocking any resources. Use this action to validate a new policy before deploying it. Resources not covered by the policy will be reported as [policy violations](/page-shield/policies/violations/).
+- **Allow**: Cloudflare will block any resources not explicitly allowed by the policy. Switch to the _Allow_ action after validating a new policy with the _Log_ action, so that your policy does not block essential application resources, which would affect your application's end users. Policies with the _Allow_ action will log [policy violations](/page-shield/policies/violations/) for any blocked resources.
-For details on the CSP directives Page Shield creates for each type of policy action, refer to [How Page Shield works](/page-shield/how-it-works/#positive-security-model-using-policies). For more information on the CSP directives supported by Page Shield policies, refer to [Supported CSP directives](/page-shield/policies/csp-directives/).
+For details on the CSP directives Cloudflare creates for each type of policy action, refer to [How Page Shield works](/page-shield/how-it-works/#positive-security-model-using-policies). For more information on the CSP directives supported by policies, refer to [Supported CSP directives](/page-shield/policies/csp-directives/).
## Next steps
-Refer to the following pages for instructions on creating a policy in Page Shield:
+Refer to the following pages for instructions on creating a policy or content security rule:
- [Create a policy in the dashboard](/page-shield/policies/create-dashboard/)
- [Page Shield API: Create a policy](/page-shield/reference/page-shield-api/#create-a-policy)
-Once you have configured one or more allow policies in a zone you can filter alert notifications according to those policies. These alerts are called [scoped alerts](/page-shield/alerts/#scoped-alerts).
+Once you have configured one or more allow policies in a zone, you can filter alert notifications according to those policies. These alerts are called [scoped alerts](/page-shield/alerts/#scoped-alerts).
diff --git a/src/content/docs/page-shield/policies/violations.mdx b/src/content/docs/page-shield/policies/violations.mdx
index 0e0e3945a8284af..5c34100628e05cf 100644
--- a/src/content/docs/page-shield/policies/violations.mdx
+++ b/src/content/docs/page-shield/policies/violations.mdx
@@ -4,7 +4,7 @@ pcx_content_type: concept
sidebar:
order: 4
head: []
-description: Page Shield reports any violations to your custom Page Shield policies.
+description: Cloudflare reports any violations to your content security rules (also known as policies).
---
import { Details, GlossaryTooltip } from "~/components";
@@ -13,16 +13,21 @@ import { Details, GlossaryTooltip } from "~/components";
Only available to Enterprise customers with a paid add-on.
:::
-Shortly after you configure Page Shield policies, the Cloudflare dashboard will start displaying any violations of those policies. This information will be available for policies with any [action](/page-shield/policies/#policy-actions) (_Allow_ and _Log_).
+Shortly after you configure policies (or content security rules), the Cloudflare dashboard will start displaying any violations of those policies. This information will be available for policies with any [action](/page-shield/policies/#policy-actions) (_Allow_ and _Log_).
Information about policy violations is also available via [GraphQL API](/analytics/graphql-api/) and [Logpush](/logs/about/).
## Review policy violations in the dashboard
-The policy violation information is available in **Security** > **Page Shield** > **Policies**. It includes the following:
+To view policy violation information:
-- A sparkline next to the policy name, showing policy violations in the past seven days.
-- For policies with associated violations, an expandable details section for each policy, with the top resources present in policy violation events and a sparkline per top resource.
+- Old dashboard: Go to **Security** > **Page Shield** > **Policies**.
+- New dashboard: Go to **Security** > **Security rules**, and filter by **Content security rules**.
+
+The displayed information includes the following:
+
+- A sparkline next to the policy/rule name, showing violations in the past seven days.
+- For policies with associated violations, an expandable details section for each policy, with the top resources present in violation events and a sparkline per top resource.
## Get policy violations via GraphQL API
@@ -125,6 +130,6 @@ https://api.cloudflare.com/client/v4/graphql \
[Cloudflare Logpush](/logs/about/) supports pushing logs to storage services, SIEM systems, and log management providers.
-Information about Page Shield policy violations is available in the [`page_shield_events` dataset](/logs/reference/log-fields/zone/page_shield_events/).
+Information about policy violations is available in the [`page_shield_events` dataset](/logs/reference/log-fields/zone/page_shield_events/).
For more information on configuring Logpush jobs, refer to [Logs: Get started](/logs/get-started/).
diff --git a/src/content/docs/page-shield/reference/page-shield-api.mdx b/src/content/docs/page-shield/reference/page-shield-api.mdx
index 585d92aa3758527..cd3ae22713b8ccd 100644
--- a/src/content/docs/page-shield/reference/page-shield-api.mdx
+++ b/src/content/docs/page-shield/reference/page-shield-api.mdx
@@ -7,7 +7,7 @@ sidebar:
import { GlossaryTooltip, APIRequest } from "~/components";
-You can enable and disable Page Shield, configure its settings, and fetch information about detected scripts and connections using the [Page Shield API](/api/resources/page_shield/methods/get/).
+You can enable and disable Page Shield's client-side resource monitoring, configure settings, and fetch information about detected scripts and connections using the [Page Shield API](/api/resources/page_shield/methods/get/).
To authenticate API requests you need an [API token](/fundamentals/api/get-started/create-token/). For more information on the required API token permissions, refer to [Roles and permissions](/page-shield/reference/roles-and-permissions/).
@@ -464,7 +464,7 @@ This `GET` request obtains the details of a cookie detected by Page Shield with
### Create a policy
-This `POST` request creates a Page Shield policy with _Log_ action, defining the following scripts as allowed based on where they are hosted:
+This `POST` request creates a Page Shield policy (or content security rule) with _Log_ action, defining the following scripts as allowed based on where they are hosted:
- Scripts hosted in `myapp.example.com` (which does not include scripts in `example.com`).
- Scripts hosted in `cdnjs.cloudflare.com`.
@@ -476,7 +476,7 @@ All other scripts would trigger a policy violation, but those scripts would not
For more information on Content Security Policy (CSP) directives and values, refer to the [MDN documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy).
:::note
-For a list of CSP directives and keywords supported by Page Shield policies, refer to [CSP directives supported by policies](/page-shield/policies/csp-directives/).
+For a list of CSP directives and keywords supported by policies, refer to [CSP directives supported by policies](/page-shield/policies/csp-directives/).
:::
Content Security Policy (CSP) [report-only HTTP header](/page-shield/reference/csp-header/) to gather information about all the scripts running on your application.
+When enabled, Page Shield's client-side resource monitoring uses a Content Security Policy (CSP) [report-only HTTP header](/page-shield/reference/csp-header/) to gather information about all the scripts running on your application.
By default, reports are sent to a Cloudflare-owned endpoint:
@@ -28,17 +28,29 @@ Enterprise customers with a paid add-on can change the reporting endpoint so tha
Using the same hostname for CSP reporting may interfere with other Cloudflare products. Before selecting this option, ensure that your Cloudflare configuration complies with the following:
- No rate limiting rules match the `cdn-cgi/*` URL path
-- No WAF custom rules match the `cdn-cgi/*` URL path
+- No custom rules match the `cdn-cgi/*` URL path
### Configure the reporting endpoint
To configure the CSP reporting endpoint:
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Page Shield** > **Settings**.
3. Under **Reporting endpoint**, select **Cloudflare-owned endpoint** or **Same hostname**.
4. Select **Apply settings**.
+
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+2. Go to **Security** > **Settings** and filter by **Client side abuse**.
+3. Under **Continuous script monitoring** > **Configurations**, select the edit icon next to **Reporting endpoint**.
+4. Select **Cloudflare-owned endpoint** or **Same hostname**.
+5. Select **Save**.
+
+
+
## Connection target details
When connection targets are reported to Cloudflare, their URIs can sometimes include sensitive data such as session ID.
@@ -47,21 +59,48 @@ By default, Page Shield will only check the domain against malicious threat inte
### Configure the connection target details to use
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Page Shield** > **Settings**.
3. Under **Connection target details**, select **Log host only** to analyze only the hostname or **Log full URI** to use the full URI in Page Shield.
4. Select **Apply settings**.
-## Turn off Page Shield
+
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+2. Go to **Security** > **Settings** and filter by **Client side abuse**.
+3. Under **Continuous script monitoring** > **Configurations**, select the edit icon next to **Data processing**.
+4. Select **Log host only** to analyze only the hostname or **Log full URI** to use the full URI.
+5. Select **Save**.
+
+
-When you turn off Page Shield, you lose visibility on the scripts running on your zone, the outbound connections made from pages in your domain, and cookies detected in HTTP traffic.
+## Turn off client-side resource monitoring
-To turn off Page Shield:
+When you turn off Page Shield's client-side resource monitoring, you lose visibility on the scripts running on your zone, the outbound connections made from pages in your domain, and cookies detected in HTTP traffic.
+
+To turn off client-side resource monitoring:
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Page Shield** > **Settings**.
3. In **Disable Page Shield**, select **Disable**.
+
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+2. Go to **Security** > **Settings** and filter by **Client side abuse**.
+3. Next to **Continuous script monitoring**, set the toggle to **Off**.
+
+
+
:::note
-Turning off Page Shield will not turn off [policies](/page-shield/policies/). To turn off policies, go to **Page Shield** > **Policies**.
+
+Turning off Page Shield's client-side resource monitoring will not turn off [policies](/page-shield/policies/) (also known as content security rules). To turn off policies:
+
+- Old dashboard: Go to **Security** > **Page Shield** > **Policies**.
+- New security dashboard: Go to **Security** > **Security rules** and filter by `Content security rules`.
+
:::
diff --git a/src/content/docs/page-shield/troubleshooting.mdx b/src/content/docs/page-shield/troubleshooting.mdx
index 90510390b785e22..14eb2d1e7b22aba 100644
--- a/src/content/docs/page-shield/troubleshooting.mdx
+++ b/src/content/docs/page-shield/troubleshooting.mdx
@@ -8,23 +8,19 @@ sidebar:
import { GlossaryTooltip } from "~/components";
-### How do I set up Page Shield?
+## Cloudflare does not show any client-side resources after activation
-For help setting up Page Shield, refer to our [get started guide](/page-shield/get-started/).
+Cloudflare does not collect data on every single page view. Instead, it uses a sampling approach to gather information efficiently. This means that domains with lower traffic might take longer to generate initial reports, as these domains need more page views to accumulate enough samples. To speed up the reporting process, it is recommended that you actively generate traffic to your application after [activating client-side resource monitoring](/page-shield/get-started/). This will provide Cloudflare with more data to work with, leading to faster report generation.
-## Page Shield does not show any resources after activating it
-
-Page Shield does not collect data on every single page view. Instead, it uses a sampling approach to gather information efficiently. This means that domains with lower traffic might take longer to generate initial reports, as these domains need more page views to accumulate enough samples. To speed up the reporting process, it is recommended that you actively generate traffic to your application after [activating Page Shield](/page-shield/get-started/). This will provide Page Shield with more data to work with, leading to faster report generation.
-
-## Page Shield shows scripts and connections that I do not recognize
+## The dashboard shows scripts and connections that I do not recognize
Scripts often reference other scripts outside your application.
-But, if you see unexpected scripts on your Script Monitor dashboard, check them for signs of malicious activity.
+But, if you see unexpected scripts on your resource monitoring dashboard, check them for signs of malicious activity.
## I get warnings in my browser's developer tools related to Content Security Policy (CSP)
-Page Shield uses a Content Security Policy (CSP) report-only directive to gather a list of all scripts running on your application.
+Cloudflare uses a Content Security Policy (CSP) report-only directive to gather a list of all scripts running on your application.
Some browsers display scripts being reported as warnings in the console pane of their developer tools. For example:
@@ -36,13 +32,13 @@ Either the 'unsafe-inline' keyword, a hash ('sha256-RFWPLDbv2BY+rCkDzsE+0fr8ylGr
is required to enable inline execution.
```
-You can safely ignore these warnings, since they are related to the reports that Page Shield requires to detect loaded scripts. For more information, refer to [How Page Shield works](/page-shield/how-it-works/).
+You can safely ignore these warnings, since they are related to the reports that Cloudflare requires to detect loaded scripts. For more information, refer to [How Page Shield works](/page-shield/how-it-works/).
## I get policy violation reports for a domain I allowlisted
Policy violations reported via CSP's [report-only directive](/page-shield/reference/csp-header/) do not take into consideration any redirects or redirect HTTP status codes. This is [by design](https://www.w3.org/TR/CSP3/#create-violation-for-request) for security reasons.
-Some third-party services you may want to cover in your Page Shield allow policies perform redirects. An example of such a service is Google Ads, which [does not work well with CSP policies](https://support.google.com/adsense/thread/102839782?hl=en&msgid=103611259).
+Some third-party services you may want to cover in your allow policies perform redirects. An example of such a service is Google Ads, which [does not work well with CSP policies](https://support.google.com/adsense/thread/102839782?hl=en&msgid=103611259).
For example, if you add the `adservice.google.com` domain to an allow policy, you could get policy violation reports for this domain due to redirects to a different domain (not present in your allow policy). In this case, the violation report would still mention the original domain, and not the domain of the redirected destination, which can cause some confusion.
diff --git a/src/content/partials/page-shield/alerts-intro.mdx b/src/content/partials/page-shield/alerts-intro.mdx
index 72d58e0e80a4643..fc1f5877d8abb65 100644
--- a/src/content/partials/page-shield/alerts-intro.mdx
+++ b/src/content/partials/page-shield/alerts-intro.mdx
@@ -5,4 +5,4 @@ params:
import { Render } from "~/components";
-Once you have activated Page Shield, you can set up one or more alerts informing you of relevant client-side changes on your zones. {props.availabilityDetails}
+Once you have activated Page Shield's client-side resource monitoring, you can set up one or more alerts informing you of relevant client-side changes on your zones. {props.availabilityDetails}
diff --git a/src/content/plans/index.json b/src/content/plans/index.json
index e2cf0f14a24db5b..c5ac4aa607bc362 100644
--- a/src/content/plans/index.json
+++ b/src/content/plans/index.json
@@ -1926,7 +1926,7 @@
"ent_plus": "Yes"
},
"b_script_monitor": {
- "title": "Script monitor",
+ "title": "Script monitoring",
"summary": "Available on all plans",
"free": "Yes",
"pro": "Yes",
@@ -1935,7 +1935,7 @@
"ent_plus": "Yes"
},
"c_connection_monitor": {
- "title": "Connection monitor",
+ "title": "Connection monitoring",
"summary": "Business and above",
"free": "No",
"pro": "No",
@@ -1944,7 +1944,7 @@
"ent_plus": "Yes"
},
"d_cookie_monitor": {
- "title": "Cookie monitor",
+ "title": "Cookie monitoring",
"summary": "Business and above",
"free": "No",
"pro": "No",
@@ -1998,7 +1998,7 @@
"ent_plus": "Yes"
},
"l_cookie_advanced_fields": {
- "title": "Cookie monitor\n advanced fields",
+ "title": "Cookie monitoring\n advanced fields",
"summary": "Enterprise with add-on",
"free": "No",
"pro": "No",