Changelog | Client-side security

Client-side security - Page Shield is now client-side security

Wed, 25 Mar 2026 00:00:00 GMT

Cloudflare renamed Page Shield to client-side security. Cloudflare dashboard users still using the previous application security navigation in the dashboard can find the new client-side security section in Security > Client-side security.
Additionally, Page Shield policies are now called content security rules. This name matches the terminology already used in the new application security dashboard.

Client-side security - Deprecated code behavior analysis scores

Tue, 03 Mar 2026 00:00:00 GMT

Code behavior analysis scores have been removed from the malicious script details. The updated GNN and LLM-based detection approach has proven significantly more effective at identifying true positives, making the separate behavior analysis scores redundant.

Malicious code analysis scores and threat intelligence remain available for reviewing detected scripts. For more information, refer to Review resources considered malicious.

Client-side security - LLM-assisted false positive reduction for malicious script detection

Tue, 03 Mar 2026 00:00:00 GMT

Page Shield now includes an additional machine learning step, utilizing an LLM powered by Workers AI, to assist in analyzing the JavaScript code of scripts loaded by your website visitors. This enhancement specifically helps reduce the false positive rate of our detection engines, focusing your attention on true positives.

Cloudflare uses open-source models for this analysis, and customer data is not used to train these models. For more information, refer to Malicious script and connection detection.

Client-side security - Updated machine learning (ML) model

Wed, 08 Oct 2025 00:00:00 GMT

The latest ML model has been deployed to all Page Shield add-on customers with better classification precision. Scripts with false positive classification may have a different pattern than the previous model deployment.

Client-side security - Scoped alerts now support policies in log mode

Fri, 12 Sep 2025 00:00:00 GMT

Scoped alerts now take into account your Page Shield policies deployed in log mode. This allows you to simulate an end-to-end workflow before switching your policies to allow mode.

Client-side security - Updated machine learning (ML) model

Tue, 20 May 2025 00:00:00 GMT

Client-side security - Reports from browser extension injected resources are filtered out

Fri, 09 May 2025 00:00:00 GMT

Script and connection reports caused by browser extension injections are now filtered out, helping you focus on managing application dependencies.

Client-side security - Alerts based on customer-defined policies

Mon, 02 Dec 2024 00:00:00 GMT

You can now scope all of Page Shield's alert types to selected zones and their associated policies, alerting only on the resources that have been explicitly allowed.

Client-side security - New machine learning (ML) scores for detected scripts

Mon, 30 Sep 2024 00:00:00 GMT

In addition to the global integrity score, Page Shield now provides individual script scores (from 1 to 99) for the following malicious code detections: Magecart, Crypto mining, and Malware.

Client-side security - Page Shield's script monitor now available in Free plan

Wed, 18 Sep 2024 00:00:00 GMT

The Page Shield's script monitor feature is now available to all users, including users in the Free plan.

Client-side security - Page Shield policy changes now available in audit logs

Wed, 18 Sep 2024 00:00:00 GMT

Cloudflare Audit Logs now include entries for any changes to Page Shield's policies.

Client-side security - Cookie Monitor now available

Tue, 18 Jun 2024 00:00:00 GMT

Page Shield now captures HTTP cookies set and used by your web application. The list of detected cookies in available in the Cloudflare dashboard or via API.

Client-side security - Added filter operators for scripts and connections

Fri, 14 Jun 2024 00:00:00 GMT

You can now filter scripts and connections in the Cloudflare dashboard using the does not contain operator. Pages associated with scripts and connections can be filtered by includes, starts with, and ends with.

Client-side security - Suggestions for the default directive

Fri, 26 Apr 2024 00:00:00 GMT

When creating a policy in the dashboard, default directive aggregates suggestions of monitored scripts and connections data, enabling defining default directive easier.

Client-side security - Individual threat intelligence categories

Thu, 04 Apr 2024 00:00:00 GMT

Instead of aggregating categories of URL and domain data from threat intelligence, they are now listed per type.

Client-side security - Increase allowed length per policy

Thu, 21 Mar 2024 00:00:00 GMT

Now each policy supports up to 6,000 characters.