Create a policy in the dashboard
Log in to the Cloudflare dashboard and select your account and domain.
Go to Page Shield > Policies.
Select Create policy.
Enter a descriptive name for the rule in Description.
Under If incoming requests match, define the policy scope. You can use the Expression Builder (specifying one or more values for Field, Operator, and Value) or manually enter an expression using the Expression Editor. For more information, refer to Edit expressions in the dashboard.
Under Allow these directives, select the desired CSP directives for the policy by enabling one or more checkboxes.
- To manually enter an allowed source, select Add source.
- To refresh the displayed sources based on Page Shield’s detected resources, select Refresh suggestions.
Under Then take action, select the desired action:
- Allow: Enforces the CSP directives configured in the policy, blocking any other resources from being loaded on your website, and logging any policy violations.
- Log: Logs any policy violations without blocking any resources not covered by the policy.
To save and deploy your rule, select Deploy. If you are not ready to deploy your rule, select Save as Draft.