diff --git a/src/content/docs/page-shield/best-practices/handle-an-alert.mdx b/src/content/docs/page-shield/best-practices/handle-an-alert.mdx
index 8e147a6afb6a7a6..0a455f18737b2ba 100644
--- a/src/content/docs/page-shield/best-practices/handle-an-alert.mdx
+++ b/src/content/docs/page-shield/best-practices/handle-an-alert.mdx
@@ -7,12 +7,16 @@ sidebar:
label: Handle an alert
---
-If you receive a client-side resource alert, sometimes you need to perform some manual investigation to confirm the nature of the script. Use the guidance provided in this page as a starting point for your investigation.
+import { Steps } from "~/components";
+
+If you receive a [client-side resource alert](/page-shield/alerts/alert-types/), sometimes you need to perform some manual investigation to confirm the nature of the script. Use the guidance provided in this page as a starting point for your investigation.
## 1. Understand what triggered the alert
Start by identifying the [detection system](/page-shield/how-it-works/malicious-script-detection/) that triggered the alert. A link is provided in the alert that will send you directly to the Cloudflare dashboard to the relevant resource that needs reviewing. Alternatively, do the following:
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Navigate to the client-side resource monitoring page:
- Old dashboard: Go to **Security** > **Page Shield**.
@@ -20,7 +24,9 @@ Start by identifying the [detection system](/page-shield/how-it-works/malicious-
3. Select **Scripts** or **Connections** and search for the resource mentioned on the alert you received.
4. Select **Details** next to the resource you identified. The example screenshot below shows a malicious script resource.
-
+ 
+
+
The details page will specify which detection system triggered the alert. Check the values of the following fields:
@@ -34,16 +40,24 @@ Different detection mechanisms may consider the script malicious at the same tim
If you received an alert for a potentially malicious script:
+
+
1. Navigate to the page on your website that is loading the script or performing the connection. Open a browser and navigate to one of the URLs in the **Page URLs** field (shown in the script details dialog box).
2. Open the browser's developer tools to confirm that the script is being loaded. You can check this in the developer tools' **Network** tab, searching for the script name, URL, or hostname.
+
+
If you received an alert for a potentially malicious connection:
+
+
1. Go to the page on your website where the connection that triggered the alert is being made. Open a browser and go to one of the URLs specified in the **Page URLs** field (shown in the connection details dialog box).
2. Open the browser's developer tools to confirm that the connection is being made. You can check this in the developer tools' **Network** tab, searching for the target hostname of the connection.
+
+
If you find the script or connection, this means the script is being loaded (or the connection is being established) for all website visitors — proceed to [step 3](#3-check-the-script-reputation).
If you do not find the script being loaded or the connection being made, this could mean one of the following:
@@ -70,10 +84,14 @@ If you believe that Cloudflare's classification is a false positive, contact you
You could use a virtual machine to perform some of the following analysis:
+
+
1. Open the script URL and get the script source code. If the script is obfuscated or encoded, this could be a sign that the script is malicious.
2. Scan the script source code for any hostnames or IP addresses.
3. For each hostname or IP address you identified, use Cloudflare's Security Center Investigate platform to look up threat information and/or search online for potential Indicators of Compromise.
+
+
---
## Conclusion
diff --git a/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx b/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx
index 3c81bbc55d80d1b..4fb7e5e0c7c87f1 100644
--- a/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx
+++ b/src/content/docs/page-shield/detection/monitor-connections-scripts.mdx
@@ -5,13 +5,13 @@ sidebar:
order: 2
---
-import { Render } from "~/components";
+import { Render, Markdown, Steps } from "~/components";
Once you [activate Page Shield's client-side resource monitoring](/page-shield/get-started/), the main client-side resources dashboard will show which resources (scripts and connections) are running on your domain, as well as the cookies recently detected in HTTP traffic.
If you notice unexpected scripts or connections on the dashboard, check them for signs of malicious activity. Enterprise customers with a paid add-on will have their [connections and scripts classified as potentially malicious](/page-shield/how-it-works/malicious-script-detection/) based on threat feeds. You should also check for any new or unexpected cookies.
-:::note
+:::note[Notes]
- Users in Free and Pro plans only have access to script monitoring.
- If you recently activated client-side resource monitoring, you may see a delay in reporting.
@@ -22,27 +22,43 @@ If you notice unexpected scripts or connections on the dashboard, check them for
To review the resources detected by Cloudflare:
+{/* prettier-ignore-start */}
+
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to the client-side resources page:
- Old dashboard: Go to **Security** > **Page Shield**.
- New security dashboard: Go to **Security** > **Web assets** > **Client-side resources** tab.
-3. Review the list of scripts, connections, and cookies for your domain. To apply a filter, select **Add filter** and use one or more of the available options:
+3. Review the list of scripts, connections, and cookies for your domain, depending on your plan. To apply a filter, select **Add filter** and use one or more of the available options.
+
+
+ Available filters
+
+ - **Status**: Filter scripts or connections by [status](/page-shield/reference/script-statuses/).
- **Script URL**: Filter scripts by their URL.
- **Connection URL**: Filter connections by their target URL. Depending on your [configuration](/page-shield/reference/settings/#connection-target-details), it may search only by target hostname.
- **Seen on host**: Look for scripts appearing on specific hostnames, or connections made in a specific hostname.
- **Seen on page** (requires a Business or Enterprise plan): Look for scripts appearing in a specific page, or for connections made in a specific page. Searches the first page where the script was loaded (or where the connection was made) and the latest occurrences list.
- - **Status**: Filter scripts or connections by [status](/page-shield/reference/script-statuses/).
- **Type**: Filter cookies according to their type: first-party cookies or unknown.
- Cookie property: Filter by a cookie property such as **Name**, **Domain**, **Path**, **Same site**, **HTTP only**, and **Secure**.
+
+
4. Depending on your plan, you may be able to [view the details of each item](#view-details).
+
+
+{/* prettier-ignore-end */}
+
## View all reported scripts or connections
The All Reported Connections and All Reported Scripts dashboards show all the detected resources including infrequent or inactive ones, reported in the last 30 days. After 30 days without any report, Cloudflare will delete information about a previously reported resource, and it will no longer appear in any of the dashboards.
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to the client-side resources page:
- Old dashboard: Go to **Security** > **Page Shield**.
@@ -52,6 +68,8 @@ The All Reported Connections and All Reported Scripts dashboards show all the de
4. Select **View all scripts** or **View all connections**.
5. Review the information displayed in the dashboard.
+
+
You can filter the data in these dashboards using different criteria, and print a report with the displayed records.
## View details
@@ -60,7 +78,21 @@ You can filter the data in these dashboards using different criteria, and print
Only available to customers on Business and Enterprise plans.
:::
-To view the details of an item, select **Details** next to it.
+To view the details of an item:
+
+
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+
+2. Go to the client-side resources page:
+ - Old dashboard: Go to **Security** > **Page Shield**.
+ - New security dashboard: Go to **Security** > **Web assets** > **Client-side resources** tab.
+
+3. Select **Scripts**, **Connections**, or **Cookies** (the available options depend on your plan).
+
+4. Next to a script, connection, or cookie in the list, select **Details**.
+
+
### Script and connection details
@@ -116,6 +148,8 @@ Use this feature to extract data from Page Shield that you can review and annota
To export script, connection, or cookie information in CSV format:
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to the client-side resources page:
- Old dashboard: Go to **Security** > **Page Shield**.
@@ -124,3 +158,5 @@ To export script, connection, or cookie information in CSV format:
3. Select **Scripts**, **Connections**, or **Cookies**.
4. (Optional) Apply any filters to the displayed data.
5. Select **Download CSV**.
+
+
diff --git a/src/content/docs/page-shield/detection/review-changed-scripts.mdx b/src/content/docs/page-shield/detection/review-changed-scripts.mdx
index 4e61dcd59ccbe65..8643b05f1ed77d7 100644
--- a/src/content/docs/page-shield/detection/review-changed-scripts.mdx
+++ b/src/content/docs/page-shield/detection/review-changed-scripts.mdx
@@ -7,6 +7,8 @@ head: []
description: Learn how to review scripts on your domain after receiving a code change alert.
---
+import { Steps } from "~/components";
+
:::note
Available as a paid add-on for customers on an Enterprise plan.
:::
@@ -17,10 +19,13 @@ You can configure a notification for [code change alerts](/page-shield/alerts/al
When you receive such a notification:
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to the client-side resources page:
-
- Old dashboard: Go to **Security** > **Page Shield**.
- New security dashboard: Go to **Security** > **Web assets** > **Client-side resources** tab.
3. Check the details of each changed script and validate if it is an expected change.
+
+
diff --git a/src/content/docs/page-shield/detection/review-malicious-scripts.mdx b/src/content/docs/page-shield/detection/review-malicious-scripts.mdx
index 88319b3ec1e87b9..cd77a764a6d163e 100644
--- a/src/content/docs/page-shield/detection/review-malicious-scripts.mdx
+++ b/src/content/docs/page-shield/detection/review-malicious-scripts.mdx
@@ -8,7 +8,7 @@ description: Learn how to review scripts and connections that Page Shield
considered malicious.
---
-import { Render } from "~/components";
+import { Render, Steps } from "~/components";
:::note
Only available to Enterprise customers with a paid add-on.
@@ -20,6 +20,8 @@ Cloudflare displays scripts and connections considered malicious at the top of t
To review the scripts considered malicious:
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to the client-side resources page:
@@ -41,12 +43,16 @@ To review the scripts considered malicious:
5. Based on the displayed information, and with the help of the [last seen/first seen fields in the script details](/page-shield/detection/monitor-connections-scripts/#view-details), review and update the pages where the malicious script was detected.
+
+
You can configure alerts for detected malicious scripts. Refer to [Alerts](/page-shield/alerts/) for more information.
## Review malicious connections
To review the connections considered malicious:
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to the client-side resources page:
@@ -63,3 +69,5 @@ To review the connections considered malicious:
For more information, refer to [Malicious script and connection detection](/page-shield/how-it-works/malicious-script-detection/).
5. Based on the displayed information, and with the help of the [last seen/first seen fields in the connection details](/page-shield/detection/monitor-connections-scripts/#view-details), review and update the pages where the malicious connection was detected.
+
+
diff --git a/src/content/docs/page-shield/get-started.mdx b/src/content/docs/page-shield/get-started.mdx
index 63b2d8f3b40fb33..ae59d0fffb1ed2f 100644
--- a/src/content/docs/page-shield/get-started.mdx
+++ b/src/content/docs/page-shield/get-started.mdx
@@ -9,7 +9,7 @@ head:
description: Learn how to get started with client-side resource monitoring.
---
-import { Tabs, TabItem, Render } from "~/components";
+import { Tabs, TabItem, Render, Steps } from "~/components";
## Activate client-side resource monitoring
@@ -17,27 +17,48 @@ To enable client-side resource monitoring:
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Page Shield**.
3. Select **Enable Page Shield**.
+
+
If you do not have access to Page Shield in the Cloudflare dashboard, check if your user has one of the [necessary roles](/page-shield/reference/roles-and-permissions/).
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Settings** and filter by **Client-side abuse**.
3. Turn on **Continuous script monitoring**.
+
+
If you do not have access to resource monitoring in the Cloudflare dashboard, check if your user has one of the [necessary roles](/page-shield/reference/roles-and-permissions/).
-## Review detected scripts
+## Review detected resources
When you enable client-side resource monitoring, it may take a while to get the list of detected scripts in your domain.
-Review the scripts displayed in the [resource monitoring dashboard](/page-shield/detection/monitor-connections-scripts/), checking them for signs of malicious activity.
+To review the scripts detected by Cloudflare:
+
+
+
+1. Go to the client-side resources page:
+ - Old dashboard: Go to **Security** > **Page Shield**.
+ - New security dashboard: Go to **Security** > **Web assets** > **Client-side resources** tab.
+
+2. Review the list of detected scripts, checking for any unknown or unexpected scripts.
+ [Depending on your plan](/page-shield/#availability), Cloudflare will also:
+ - Inform you if a script is [considered malicious](/page-shield/how-it-works/malicious-script-detection/).
+ - [Show the details](/page-shield/detection/monitor-connections-scripts/#script-and-connection-details) about each detected script.
+
+
Depending on your plan, you may be able to also review the connections made by scripts in your domain's pages and check them for malicious activity.
@@ -48,7 +69,7 @@ Depending on your plan, you may be able to also review the connections made by s
product="page-shield"
params={{
availabilityDetails:
- "The available alert types depend on your Cloudflare plan.",
+ "The [available alert types](/page-shield/alerts/alert-types/) depend on your Cloudflare plan.",
}}
/>
@@ -60,12 +81,30 @@ Depending on your plan, you may be able to also review the connections made by s
Only available to Enterprise customers with a paid add-on.
:::
-[Policies](/page-shield/policies/), called content security rules in the [new security dashboard](/security/), define allowed resources on your websites. Create policies to implement a positive security model [^1].
+[Policies](/page-shield/policies/) — called content security rules in the [new security dashboard](/security/) — define allowed resources on your websites. Create policies to implement a positive security model[^1].
-1. [Create a policy](/page-shield/policies/create-dashboard/) with the _Log_ action.
+[^1]: A positive security model is one that defines what is allowed and rejects everything else. In contrast, a negative security model defines what will be rejected and accepts the rest.
-2. After some time, [review the list of policy violations](/page-shield/policies/violations/) to make sure the policy is correct. Update the policy if needed.
+### 1. Create a policy with the Log action
-3. Change the policy action to _Allow_ to start blocking resources not covered by the policy.
+When you create a policy with the [_Log_ action](/page-shield/policies/#policy-actions), Cloudflare logs any resources not covered by the policy, without blocking any resources. Use this action to validate a new policy before deploying it.
-[^1]: A positive security model is one that defines what is allowed and rejects everything else. In contrast, a negative security model defines what will be rejected and accepts the rest.
+
+
+### 2. Review policy violations
+
+Resources not covered by the policy you created will be reported as [policy violations](/page-shield/policies/violations/). After some time, review the list of policy violations to make sure the policy is correct.
+
+
+
+Update the policy if needed.
+
+### 3. Change policy action to Allow
+
+Once you have verified that your policy is correct, change the policy action from _Log_ to _Allow_.
+
+When you use the [_Allow_ action](/page-shield/policies/#policy-actions), Cloudflare starts blocking any resources not explicitly allowed by the policy.
diff --git a/src/content/docs/page-shield/policies/create-dashboard.mdx b/src/content/docs/page-shield/policies/create-dashboard.mdx
index 1610fb4dd584bfb..5802fafdde3b340 100644
--- a/src/content/docs/page-shield/policies/create-dashboard.mdx
+++ b/src/content/docs/page-shield/policies/create-dashboard.mdx
@@ -7,67 +7,6 @@ sidebar:
description: Learn how to create a Page Shield policy in the Cloudflare dashboard.
---
-import { Tabs, TabItem } from "~/components";
+import { Tabs, TabItem, Render } from "~/components";
-
-
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and domain.
-
-2. Go to **Security** > **Page Shield** > **Policies**.
-
-3. Select **Create policy**.
-
-4. Enter a descriptive name for the rule in **Description**.
-
-5. Under **If incoming requests match**, define the policy scope. You can use the Expression Builder (specifying one or more values for **Field**, **Operator**, and **Value**) or manually enter an expression using the Expression Editor. For more information, refer to [Edit expressions in the dashboard](/ruleset-engine/rules-language/expressions/edit-expressions/).
-
-6. Under **Allow these directives**, select the desired [CSP directives](/page-shield/policies/csp-directives/) for the policy by enabling one or more checkboxes.
-
- - To manually enter an allowed source, select **Add source**.
- - To refresh the displayed sources based on Page Shield's detected resources, select **Refresh suggestions**.
-
- :::note
- Page Shield provides suggestions for **Default**, **Scripts**, and **Connections** directives. For the **Default** directive, suggestions are based on monitored scripts and connections resources.
- :::
-
-7. Under **Then take action**, select the desired action:
-
- - _Allow_: Enforces the CSP directives configured in the policy, blocking any other resources from being loaded on your website, and logging any [policy violations](/page-shield/policies/violations/).
- - _Log_: Logs any policy violations without blocking any resources not covered by the policy.
-
-8. To save and deploy your rule, select **Deploy**. If you are not ready to deploy your rule, select **Save as Draft**.
-
-
-
-:::note
-In the [new security dashboard](/security/), policies are called content security rules.
-:::
-
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and domain.
-
-2. Go to **Security** > **Security rules**.
-
-3. Select **Create** > **Content security rules**.
-
-4.
- Enter a descriptive name for the rule in **Description**.
-
-5. Under **If incoming requests match**, define the scope of the content security rule (or policy). You can use the Expression Builder (specifying one or more values for **Field**, **Operator**, and **Value**) or manually enter an expression using the Expression Editor. For more information, refer to [Edit expressions in the dashboard](/ruleset-engine/rules-language/expressions/edit-expressions/).
-
-6. Under **Allow these directives**, select the desired [CSP directives](/page-shield/policies/csp-directives/) for the content security rule by enabling one or more checkboxes.
-
- - To manually enter an allowed source, select **Add source**.
- - To refresh the displayed sources based on detected resources, select **Refresh suggestions**.
-
- :::note
- Cloudflare provides suggestions for **Default**, **Scripts**, and **Connections** directives. For the **Default** directive, suggestions are based on monitored scripts and connections resources.
- :::
-
-7. Under **Then take action**, select the desired action:
-
- - _Allow_: Enforces the CSP directives configured in the content security rule, blocking any other resources from being loaded on your website, and logging any [policy violations](/page-shield/policies/violations/).
- - _Log_: Logs any rule violations without blocking any resources not covered by the content security rule.
-
-8. To save and deploy your rule, select **Deploy**. If you are not ready to deploy your rule, select **Save as Draft**.
-
-
+
diff --git a/src/content/docs/page-shield/policies/violations.mdx b/src/content/docs/page-shield/policies/violations.mdx
index a07becbecf864d0..155c3751243ed58 100644
--- a/src/content/docs/page-shield/policies/violations.mdx
+++ b/src/content/docs/page-shield/policies/violations.mdx
@@ -7,7 +7,7 @@ head: []
description: Cloudflare reports any violations to your content security rules (also known as policies).
---
-import { Details, GlossaryTooltip } from "~/components";
+import { Details, Render, GlossaryTooltip } from "~/components";
:::note
Only available to Enterprise customers with a paid add-on.
@@ -19,15 +19,7 @@ Information about policy violations is also available via [GraphQL API](/analyti
## Review policy violations in the dashboard
-To view policy violation information:
-
-- Old dashboard: Go to **Security** > **Page Shield** > **Policies**.
-- New dashboard: Go to **Security** > **Security rules**, and filter by **Content security rules**.
-
-The displayed information includes the following:
-
-- A sparkline next to the policy/rule name, showing violations in the past seven days.
-- For policies with associated violations, an expandable details section for each policy, with the top resources present in violation events and a sparkline per top resource.
+
## Get policy violations via GraphQL API
diff --git a/src/content/docs/page-shield/reference/settings.mdx b/src/content/docs/page-shield/reference/settings.mdx
index 67a3afc89469222..08f97c1b6df32d8 100644
--- a/src/content/docs/page-shield/reference/settings.mdx
+++ b/src/content/docs/page-shield/reference/settings.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 1
---
-import { GlossaryTooltip, Tabs, TabItem } from "~/components";
+import { GlossaryTooltip, Tabs, TabItem, Steps } from "~/components";
## Reporting endpoint
@@ -32,23 +32,35 @@ Using the same hostname for CSP reporting may interfere with other Cloudflare pr
### Configure the reporting endpoint
+:::note
+Only available to Enterprise customers with a paid add-on.
+:::
+
To configure the CSP reporting endpoint:
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Page Shield** > **Settings**.
3. Under **Reporting endpoint**, select **Cloudflare-owned endpoint** or **Same hostname**.
4. Select **Apply settings**.
+
+
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Settings** and filter by **Client-side abuse**.
3. Under **Continuous script monitoring** > **Configurations**, select the edit icon next to **Reporting endpoint**.
4. Select **Cloudflare-owned endpoint** or **Same hostname**.
5. Select **Save**.
+
+
## Connection target details
@@ -61,19 +73,27 @@ By default, Page Shield will only check the domain against malicious threat inte
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Page Shield** > **Settings**.
3. Under **Connection target details**, select **Log host only** to analyze only the hostname or **Log full URI** to use the full URI in Page Shield.
4. Select **Apply settings**.
+
+
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Settings** and filter by **Client-side abuse**.
3. Under **Continuous script monitoring** > **Configurations**, select the edit icon next to **Data processing**.
4. Select **Log host only** to analyze only the hostname or **Log full URI** to use the full URI.
5. Select **Save**.
+
+
## Turn off client-side resource monitoring
@@ -84,16 +104,24 @@ To turn off client-side resource monitoring:
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Page Shield** > **Settings**.
3. In **Disable Page Shield**, select **Disable**.
+
+
+
+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
2. Go to **Security** > **Settings** and filter by **Client-side abuse**.
3. Next to **Continuous script monitoring**, set the toggle to **Off**.
+
+
:::note
@@ -101,6 +129,6 @@ To turn off client-side resource monitoring:
Turning off Page Shield's client-side resource monitoring will not turn off [policies](/page-shield/policies/) (also known as content security rules). To turn off policies:
- Old dashboard: Go to **Security** > **Page Shield** > **Policies**.
-- New security dashboard: Go to **Security** > **Security rules** and filter by `Content security rules`.
+- New security dashboard: Go to **Security** > **Security rules** and filter by **Content security rules**.
:::
diff --git a/src/content/partials/page-shield/alerts-configure.mdx b/src/content/partials/page-shield/alerts-configure.mdx
index 45d3fad81791e69..1da8edd257499e0 100644
--- a/src/content/partials/page-shield/alerts-configure.mdx
+++ b/src/content/partials/page-shield/alerts-configure.mdx
@@ -2,8 +2,12 @@
{}
---
+import { Steps } from "~/components";
+
To configure an alert:
+
+
1. Go to Account Home > **Notifications**.
2. Choose **Add** and then select **Page Shield** in the **Product** dropdown.
3. Select an [alert type](/page-shield/alerts/alert-types/).
@@ -12,4 +16,6 @@ To configure an alert:
6. Select one or more notification destinations (notification email, webhooks, and connected notification services).
7. Select **Create**.
+
+
To edit, delete, or disable an alert, go to your [account notifications](https://dash.cloudflare.com/?to=/:account/notifications).
diff --git a/src/content/partials/page-shield/alerts-intro.mdx b/src/content/partials/page-shield/alerts-intro.mdx
index fc1f5877d8abb65..758050a51b08904 100644
--- a/src/content/partials/page-shield/alerts-intro.mdx
+++ b/src/content/partials/page-shield/alerts-intro.mdx
@@ -3,6 +3,6 @@ params:
- availabilityDetails?
---
-import { Render } from "~/components";
+import { Render, Markdown } from "~/components";
-Once you have activated Page Shield's client-side resource monitoring, you can set up one or more alerts informing you of relevant client-side changes on your zones. {props.availabilityDetails}
+Once you have activated Page Shield's client-side resource monitoring, you can set up one or more alerts informing you of relevant client-side changes on your zones.
diff --git a/src/content/partials/page-shield/policy-create-action.mdx b/src/content/partials/page-shield/policy-create-action.mdx
new file mode 100644
index 000000000000000..5496c17cc73a06f
--- /dev/null
+++ b/src/content/partials/page-shield/policy-create-action.mdx
@@ -0,0 +1,30 @@
+---
+params:
+ - policyAction?
+---
+
+{ props.policyAction ? (
+
+<>
+ Under Then take action, select {props.policyAction}.
+
+
+) : (
+
+<>
+ Under Then take action, select the desired action:
+
+ -
+ Allow: Enforces the CSP directives configured in the policy,
+ blocking any other resources from being loaded on your website, and
+ logging any{" "}
+ policy violations.
+
+ -
+ Log: Logs any policy violations without blocking any resources
+ not covered by the policy.
+
+
+
+
+) }
diff --git a/src/content/partials/page-shield/policy-create.mdx b/src/content/partials/page-shield/policy-create.mdx
new file mode 100644
index 000000000000000..c8418b10ca432a2
--- /dev/null
+++ b/src/content/partials/page-shield/policy-create.mdx
@@ -0,0 +1,77 @@
+---
+params:
+ - policyAction?
+---
+
+import { Tabs, TabItem, Render, Markdown, Steps } from "~/components";
+
+
+
+
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and domain.
+
+2. Go to **Security** > **Page Shield** > **Policies**.
+
+3. Select **Create policy**.
+
+4. Enter a descriptive name for the rule in **Description**.
+
+5. Under **If incoming requests match**, define the policy scope. You can use the Expression Builder (specifying one or more values for **Field**, **Operator**, and **Value**) or manually enter an expression using the Expression Editor. For more information, refer to [Edit expressions in the dashboard](/ruleset-engine/rules-language/expressions/edit-expressions/).
+
+6. Under **Allow these directives**, select the desired [CSP directives](/page-shield/policies/csp-directives/) for the policy by enabling one or more checkboxes.
+ - To manually enter an allowed source, select **Add source**.
+ - To refresh the displayed sources based on Page Shield's detected resources, select **Refresh suggestions**.
+
+ :::note
+ Page Shield provides suggestions for **Default**, **Scripts**, and **Connections** directives. For the **Default** directive, suggestions are based on monitored scripts and connections resources.
+ :::
+
+7.
+
+8. To save and deploy your rule, select **Deploy**. { !props.policyAction && }
+
+
+
+
+
+:::note
+In the [new security dashboard](/security/), policies are called content security rules.
+:::
+
+
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and domain.
+
+2. Go to **Security** > **Security rules**.
+
+3. Select **Create** > **Content security rules**.
+
+4.
+ Enter a descriptive name for the rule in **Description**.
+
+5. Under **If incoming requests match**, define the scope of the content security rule (or policy). You can use the Expression Builder (specifying one or more values for **Field**, **Operator**, and **Value**) or manually enter an expression using the Expression Editor. For more information, refer to [Edit expressions in the dashboard](/ruleset-engine/rules-language/expressions/edit-expressions/).
+
+6. Under **Allow these directives**, select the desired [CSP directives](/page-shield/policies/csp-directives/) for the content security rule by enabling one or more checkboxes.
+ - To manually enter an allowed source, select **Add source**.
+ - To refresh the displayed sources based on detected resources, select **Refresh suggestions**.
+
+ :::note
+ Cloudflare provides suggestions for **Default**, **Scripts**, and **Connections** directives. For the **Default** directive, suggestions are based on monitored scripts and connections resources.
+ :::
+
+7.
+
+8. To save and deploy your rule, select **Deploy**. { !props.policyAction && }
+
+
+
+
diff --git a/src/content/partials/page-shield/policy-review-violations.mdx b/src/content/partials/page-shield/policy-review-violations.mdx
new file mode 100644
index 000000000000000..d6a415ff2e98460
--- /dev/null
+++ b/src/content/partials/page-shield/policy-review-violations.mdx
@@ -0,0 +1,13 @@
+---
+{}
+---
+
+To view policy violation information:
+
+- Old dashboard: Go to **Security** > **Page Shield** > **Policies**.
+- New security dashboard: Go to **Security** > **Security rules**, and filter by **Content security rules**.
+
+The displayed information includes the following:
+
+- A sparkline next to the policy/rule name, showing violations in the past seven days.
+- For policies with associated violations, an expandable details section for each policy, with the top resources present in violation events and a sparkline per top resource.