Cloudflare Page Shield Demo

Interactive demonstrations of how Page Shield detects and blocks client-side supply-chain attacks, MagicCart skimmers, and unauthorized script injection — all running on pageshield.agreatorganization.com.

🔗

Trusted Script Injection

A previously approved vendor script gets compromised and dynamically injects an unknown third-party payload. See how Page Shield catches it.

Supply-Chain Dynamic Injection

💳

MagicCart — Unprotected

A fake checkout page without Page Shield block rules. The skimmer script loads freely and steals card data on submit.

Skimmer Active No Block Rule

🛡️

MagicCart — Protected

The same checkout page with a Page Shield block rule enabled. The skimmer is blocked before it can execute.

Skimmer Blocked Block Rule Active

🔔

Alerts & Notifications

Walkthrough of the Page Shield alerts that fire when new scripts appear, scripts change, or malicious code is detected.

New Script Alert Code Change Alert

⚙️

WAF Setup Guide

Step-by-step instructions for enabling Page Shield, configuring policies, and creating WAF custom rules to block malicious scripts.

How-To

How this demo works: This Cloudflare Worker serves every page and simulated "external" script. In production, the malicious scripts would come from attacker-controlled origins. Page Shield monitors all JavaScript loaded by the browser, builds a baseline of known scripts, and raises alerts or blocks execution when unknown / malicious scripts appear — even if they were injected by a previously trusted first-party resource.