Configure the CSP reporting endpoint
When enabled, Page Shield uses a Content Security Policy (CSP) report-only HTTP header to gather information about all the scripts running on your application.
By default, reports are sent to a Cloudflare-owned endpoint:
https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?<QUERY_STRING>
You can change the reporting endpoint so that the CSP reports are sent to the same hostname:
<YOUR-HOSTNAME>/cdn-cgi/script-monitor/report?<QUERY_STRING>
Prerequisites for using the same hostname for CSP reports
Using the same hostname for CSP reporting may interfere with other Cloudflare products. Before selecting this option, ensure that your Cloudflare configuration complies with the following:
- No rate limiting rules match the
cdn-cgi/*
URL path - No firewall rules match the
cdn-cgi/*
URL path
How to
To configure the CSP reporting endpoint:
- Log in to the Cloudflare dashboard, and select your account and domain.
- Go to Security > Page Shield.
- In Active Scripts, click Configure Reporting Endpoint.
- Select Cloudflare-owned endpoint or Same hostname.
- Click Apply.