diff --git a/astro.config.ts b/astro.config.ts
index 4acf7daab08..c952904461e 100644
--- a/astro.config.ts
+++ b/astro.config.ts
@@ -1,4 +1,10 @@
import { defineConfig } from "astro/config";
+import mdx from "@astrojs/mdx";
+import { satteri } from "@astrojs/markdown-satteri";
+import expressiveCode, {
+ type SatteriExpressiveCodeOptions,
+} from "satteri-expressive-code";
+import ecConfig from "./ec.config.mjs";
import starlight from "@astrojs/starlight";
import starlightDocSearch from "@astrojs/starlight-docsearch";
import starlightImageZoom from "starlight-image-zoom";
@@ -253,6 +259,21 @@ export default defineConfig({
},
serialize: createSitemapLastmodSerializer(),
}),
+ mdx({
+ processor: satteri({
+ hastPlugins: [
+ expressiveCode({
+ themes: ecConfig.themes,
+ plugins: ecConfig.plugins,
+ styleOverrides: ecConfig.styleOverrides,
+ frames: ecConfig.frames,
+ shiki: ecConfig.shiki,
+ defaultProps: ecConfig.defaultProps,
+ } as SatteriExpressiveCodeOptions),
+ ],
+ }),
+ optimize: true,
+ }),
react(),
skills(),
],
diff --git a/package.json b/package.json
index 1106388bb03..cbfee5eebfc 100644
--- a/package.json
+++ b/package.json
@@ -45,6 +45,7 @@
"@actions/github": "9.1.1",
"@apidevtools/swagger-parser": "12.1.0",
"@astrojs/check": "0.9.9",
+ "@astrojs/markdown-satteri": "0.2.2",
"@astrojs/mdx": "6.0.2",
"@astrojs/react": "5.0.7",
"@astrojs/rss": "4.0.18",
@@ -143,6 +144,7 @@
"remark": "15.0.1",
"remark-gfm": "4.0.1",
"remark-stringify": "11.0.0",
+ "satteri-expressive-code": "0.1.11",
"sharp": "0.34.5",
"solarflare-theme": "0.0.6",
"space-separated-tokens": "2.0.2",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 82e6fc9bd3b..54a0be95b84 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -20,9 +20,12 @@ importers:
'@astrojs/check':
specifier: 0.9.9
version: 0.9.9(prettier-plugin-astro@0.14.1)(prettier@3.8.3)(typescript@5.9.3)
+ '@astrojs/markdown-satteri':
+ specifier: 0.2.2
+ version: 0.2.2
'@astrojs/mdx':
specifier: 6.0.2
- version: 6.0.2(astro@6.4.4(@types/node@25.9.2)(jiti@2.7.0)(lightningcss@1.32.0)(rollup@4.61.0)(tsx@4.22.4)(yaml@2.9.0))
+ version: 6.0.2(@astrojs/markdown-satteri@0.2.2)(astro@6.4.4(@types/node@25.9.2)(jiti@2.7.0)(lightningcss@1.32.0)(rollup@4.61.0)(tsx@4.22.4)(yaml@2.9.0))
'@astrojs/react':
specifier: 5.0.7
version: 5.0.7(@types/node@25.9.2)(@types/react-dom@19.0.4(@types/react@19.0.7))(@types/react@19.0.7)(jiti@2.7.0)(lightningcss@1.32.0)(react-dom@19.0.0(react@19.0.0))(react@19.0.0)(tsx@4.22.4)(yaml@2.9.0)
@@ -314,6 +317,9 @@ importers:
remark-stringify:
specifier: 11.0.0
version: 11.0.0
+ satteri-expressive-code:
+ specifier: 0.1.11
+ version: 0.1.11(satteri@0.8.1)
sharp:
specifier: 0.34.5
version: 0.34.5
@@ -566,6 +572,9 @@ packages:
'@astrojs/markdown-remark@7.2.0':
resolution: {integrity: sha512-+YxmVQu1Bd+MFfSzjq1rOJvD9+nIOJzz5YIIhdIH01RrxRkKbyKoEgyIqP3yv51MhzMDgd79QaPv+kCVPT8vHw==}
+ '@astrojs/markdown-satteri@0.2.2':
+ resolution: {integrity: sha512-F3jxs0QstnLL5Fa/Uq6idPZ2IsT8AKo/S+AvnIOvFX+8rst5j2MJBPllgzD1O5JbFqyiXs6Wx59o8h2O9U41pw==}
+
'@astrojs/mdx@5.0.6':
resolution: {integrity: sha512-4dKe0ZMmqujofPNDHahzClkwinn9f8jHPcaXcgdGvPAlboD2mjzkUCofli2cBnxYAkdfhC6d50gBJ8i/cH8gHw==}
engines: {node: '>=22.12.0'}
@@ -744,6 +753,32 @@ packages:
'@braintree/sanitize-url@7.1.2':
resolution: {integrity: sha512-jigsZK+sMF/cuiB7sERuo9V7N9jx+dhmHHnQyDSVdpZwVutaBu7WvNYqMDLSgFgfB30n452TP3vjDAvFC973mA==}
+ '@bruits/satteri-darwin-arm64@0.8.1':
+ resolution: {integrity: sha512-9R8icJLGP8e3LOh8qLTZP1wdSGti6+OzGu3RCuSinMHUdPhTEDU3kbPV35vTGxUHghDGKYXPZBP+jDsbvKdf6A==}
+ cpu: [arm64]
+ os: [darwin]
+
+ '@bruits/satteri-darwin-x64@0.8.1':
+ resolution: {integrity: sha512-UY5qDOoPXFsSnmfU6Qwi7h0hrtwlU8brwDrgZ4C1GSjcBVV01kQ96iXX+JIDoyO1Lnps0Wola0ar+iwkL2sAtg==}
+ cpu: [x64]
+ os: [darwin]
+
+ '@bruits/satteri-linux-x64-gnu@0.8.1':
+ resolution: {integrity: sha512-OnOyNWEgUVFiDlaVuzd56GSucKY2F+1GMUT9lBqHb4TI0OQgZRP4fCfwxfz+2Rb1hQXuEGSTRJjyhPGQ5ft6kQ==}
+ cpu: [x64]
+ os: [linux]
+ libc: [glibc]
+
+ '@bruits/satteri-wasm32-wasi@0.8.1':
+ resolution: {integrity: sha512-FKgKMIplotnCobQwfVd81YSakgiUBSn+truqElYFX9O+sinePlJXmLuDECNS1Utj8/59t0ryOZ2Sv1ThfAfaNA==}
+ engines: {node: '>=14.0.0'}
+ cpu: [wasm32]
+
+ '@bruits/satteri-win32-x64-msvc@0.8.1':
+ resolution: {integrity: sha512-YgNvyaW5MLsrcnlwLdjk7/wSdER15+8cGdCHVkJY3KuaBdEW6XnfA35Svf88Ar+gBG+QsHEb8JE42DEJUiw22g==}
+ cpu: [x64]
+ os: [win32]
+
'@capsizecss/unpack@4.0.0':
resolution: {integrity: sha512-VERIM64vtTP1C4mxQ5thVT9fK0apjPFobqybMtA1UdUujWka24ERHbRHFGmpbbhp73MhV+KSsHQH9C6uOTdEQA==}
engines: {node: '>=18'}
@@ -760,11 +795,11 @@ packages:
engines: {node: '>= 20.12.0'}
'@cloudflare/kv-asset-handler@0.5.0':
- resolution: {integrity: sha512-jxQYkj8dSIzc0cD6cMMNdOc1UVjqSqu8BZdor5s8cGjW2I8BjODt/kWPVdY+u9zj3ms75Q5qaZgnxUad83+eAg==}
+ resolution: {integrity: sha512-jxQYkj8dSIzc0cD6cMMNdOc1UVjqSqu8BZdor5s8cGjW2I8BjODt/kWPVdY+u9zj3ms75Q5qaZgnxUad83+eAg==, tarball: https://registry.npmjs.org/@cloudflare/kv-asset-handler/-/kv-asset-handler-0.5.0.tgz}
engines: {node: '>=22.0.0'}
'@cloudflare/unenv-preset@2.16.1':
- resolution: {integrity: sha512-ECxObrMfyTl5bhQf/lZCXwo5G6xX9IAUo+nDMKK4SZ8m4Jvvxp52vilxyySSWh2YTZz8+HQ07qGH/2rEom1vDw==}
+ resolution: {integrity: sha512-ECxObrMfyTl5bhQf/lZCXwo5G6xX9IAUo+nDMKK4SZ8m4Jvvxp52vilxyySSWh2YTZz8+HQ07qGH/2rEom1vDw==, tarball: https://registry.npmjs.org/@cloudflare/unenv-preset/-/unenv-preset-2.16.1.tgz}
peerDependencies:
unenv: 2.0.0-rc.24
workerd: '>1.20260305.0 <2.0.0-0'
@@ -773,44 +808,44 @@ packages:
optional: true
'@cloudflare/vitest-pool-workers@0.16.13':
- resolution: {integrity: sha512-nTuEiuLv+YoLrGfftdlBJB3nJJELT/9VVuBlF2JDpnv3uAOCXaZcniP+K5C9Mcg0xSopvFLAL45Q7Hco1hHOLQ==}
+ resolution: {integrity: sha512-nTuEiuLv+YoLrGfftdlBJB3nJJELT/9VVuBlF2JDpnv3uAOCXaZcniP+K5C9Mcg0xSopvFLAL45Q7Hco1hHOLQ==, tarball: https://registry.npmjs.org/@cloudflare/vitest-pool-workers/-/vitest-pool-workers-0.16.13.tgz}
peerDependencies:
'@vitest/runner': ^4.1.0
'@vitest/snapshot': ^4.1.0
vitest: ^4.1.0
'@cloudflare/workerd-darwin-64@1.20260603.1':
- resolution: {integrity: sha512-cEXDWu6V3ZrpmwWkM4OJE9AeXjdAgOY5rh8EHhcBVCuP5rxnzUbPzLtrVOHx0UUUAcCrFq0Xsa6mZKL1VUZsKQ==}
+ resolution: {integrity: sha512-cEXDWu6V3ZrpmwWkM4OJE9AeXjdAgOY5rh8EHhcBVCuP5rxnzUbPzLtrVOHx0UUUAcCrFq0Xsa6mZKL1VUZsKQ==, tarball: https://registry.npmjs.org/@cloudflare/workerd-darwin-64/-/workerd-darwin-64-1.20260603.1.tgz}
engines: {node: '>=16'}
cpu: [x64]
os: [darwin]
'@cloudflare/workerd-darwin-arm64@1.20260603.1':
- resolution: {integrity: sha512-uBPK4LaWJNbbCYwPnUAehlHbbVulhVZPZsdcAhBPfZhHb3QAuAEPAQepO/P67R3V6Cni4YGx1fLbL8A5wwoaNA==}
+ resolution: {integrity: sha512-uBPK4LaWJNbbCYwPnUAehlHbbVulhVZPZsdcAhBPfZhHb3QAuAEPAQepO/P67R3V6Cni4YGx1fLbL8A5wwoaNA==, tarball: https://registry.npmjs.org/@cloudflare/workerd-darwin-arm64/-/workerd-darwin-arm64-1.20260603.1.tgz}
engines: {node: '>=16'}
cpu: [arm64]
os: [darwin]
'@cloudflare/workerd-linux-64@1.20260603.1':
- resolution: {integrity: sha512-ht9l6/8Tk7Rp6kA4S9oFZ4X8u0VjnnFdmU/6B3fnABYKREYTKh2RdOqXqXxcp5eNJseireKnWik/hQOPK1CutQ==}
+ resolution: {integrity: sha512-ht9l6/8Tk7Rp6kA4S9oFZ4X8u0VjnnFdmU/6B3fnABYKREYTKh2RdOqXqXxcp5eNJseireKnWik/hQOPK1CutQ==, tarball: https://registry.npmjs.org/@cloudflare/workerd-linux-64/-/workerd-linux-64-1.20260603.1.tgz}
engines: {node: '>=16'}
cpu: [x64]
os: [linux]
'@cloudflare/workerd-linux-arm64@1.20260603.1':
- resolution: {integrity: sha512-LJZ6x00rAjSrobV4m0ZW0TpH5ilBbKcWBzlH+y+KOUsIE/CpTuhAzKV43TbSnFLRX5+jrWKiz2v0hO91lPXy6A==}
+ resolution: {integrity: sha512-LJZ6x00rAjSrobV4m0ZW0TpH5ilBbKcWBzlH+y+KOUsIE/CpTuhAzKV43TbSnFLRX5+jrWKiz2v0hO91lPXy6A==, tarball: https://registry.npmjs.org/@cloudflare/workerd-linux-arm64/-/workerd-linux-arm64-1.20260603.1.tgz}
engines: {node: '>=16'}
cpu: [arm64]
os: [linux]
'@cloudflare/workerd-windows-64@1.20260603.1':
- resolution: {integrity: sha512-DvwqkXMAJRPoDN4PxapAwhlz/6ouD+6R1ttbAEK3cWD/QBvFF5STx7Ds/9Irf+rBly3np3uHWkeX+wZnNFEuzA==}
+ resolution: {integrity: sha512-DvwqkXMAJRPoDN4PxapAwhlz/6ouD+6R1ttbAEK3cWD/QBvFF5STx7Ds/9Irf+rBly3np3uHWkeX+wZnNFEuzA==, tarball: https://registry.npmjs.org/@cloudflare/workerd-windows-64/-/workerd-windows-64-1.20260603.1.tgz}
engines: {node: '>=16'}
cpu: [x64]
os: [win32]
'@cloudflare/workers-types@4.20260608.1':
- resolution: {integrity: sha512-Yz90KXPZBB9K/AhsnLaA321s5+i5ZpWZRFbcGx9dWjyknQJXPAS1pK5CJSFEedwY6zoEr1cf2SkpBATL1idsWA==}
+ resolution: {integrity: sha512-Yz90KXPZBB9K/AhsnLaA321s5+i5ZpWZRFbcGx9dWjyknQJXPAS1pK5CJSFEedwY6zoEr1cf2SkpBATL1idsWA==, tarball: https://registry.npmjs.org/@cloudflare/workers-types/-/workers-types-4.20260608.1.tgz}
'@cspotcode/source-map-support@0.8.1':
resolution: {integrity: sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==}
@@ -864,9 +899,18 @@ packages:
'@emmetio/stream-reader@2.2.0':
resolution: {integrity: sha512-fXVXEyFA5Yv3M3n8sUGT7+fvecGrZP4k6FnWWMSZVQf69kAq0LLpaBQLGcPR30m3zMmKYhECP4k/ZkzvhEW5kw==}
+ '@emnapi/core@1.9.1':
+ resolution: {integrity: sha512-mukuNALVsoix/w1BJwFzwXBN/dHeejQtuVzcDsfOEsdpCumXb/E9j8w11h5S54tT1xhifGfbbSm/ICrObRb3KA==}
+
'@emnapi/runtime@1.10.0':
resolution: {integrity: sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA==}
+ '@emnapi/runtime@1.9.1':
+ resolution: {integrity: sha512-VYi5+ZVLhpgK4hQ0TAjiQiZ6ol0oe4mBx7mVv7IflsiEp0OWoVsp/+f9Vc1hOhE0TtkORVrI1GvzyreqpgWtkA==}
+
+ '@emnapi/wasi-threads@1.2.0':
+ resolution: {integrity: sha512-N10dEJNSsUx41Z6pZsXU8FjPjpBEplgH24sfkmITrBED1/U2Esum9F3lfLrMjKHHjmi557zQn7kR9R+XWXu5Rg==}
+
'@emotion/babel-plugin@11.13.5':
resolution: {integrity: sha512-pxHCpT2ex+0q+HH91/zsdHkw/lXd468DIN2zvfvLtPKLLMo6gQj7oLObq8PhkrxOZb/gGCq03S3Z7PDhS8pduQ==}
@@ -1733,6 +1777,12 @@ packages:
nanostores: ^1.2.0
react: '>=18.0.0'
+ '@napi-rs/wasm-runtime@1.1.4':
+ resolution: {integrity: sha512-3NQNNgA1YSlJb/kMH1ildASP9HW7/7kYnRI2szWJaofaS1hWmbGI4H+d3+22aGzXXN9IJ+n+GiFVcGipJP18ow==}
+ peerDependencies:
+ '@emnapi/core': ^1.7.1
+ '@emnapi/runtime': ^1.7.1
+
'@nodable/entities@2.1.1':
resolution: {integrity: sha512-Pig3HxDIoMgjdEH8OCf/dkcTmLFjJRjWuq8jSnklu284/TKOPibSRERmOykiwmyXTtv61mP+44f3GMx0tLAyjg==}
@@ -2202,6 +2252,9 @@ packages:
'@tokenizer/token@0.3.0':
resolution: {integrity: sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A==}
+ '@tybys/wasm-util@0.10.2':
+ resolution: {integrity: sha512-RoBvJ2X0wuKlWFIjrwffGw1IqZHKQqzIchKaadZZfnNpsAYp2mM0h36JtPCjNDAHGgYez/15uMBpfGwchhiMgg==}
+
'@types/aria-query@5.0.4':
resolution: {integrity: sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==}
@@ -5372,6 +5425,14 @@ packages:
sass-formatter@0.7.9:
resolution: {integrity: sha512-CWZ8XiSim+fJVG0cFLStwDvft1VI7uvXdCNJYXhDvowiv+DsbD1nXLiQ4zrE5UBvj5DWZJ93cwN0NX5PMsr1Pw==}
+ satteri-expressive-code@0.1.11:
+ resolution: {integrity: sha512-8HW4pDfdmiqQKWWfAuvHlvRnc7jAmfBbK6RdCTZNZSMNmcv0IGeh8thUWKo5LRj3AHyjxkLEkS6wjhcQTMynBg==}
+ peerDependencies:
+ satteri: '>=0.4.0'
+
+ satteri@0.8.1:
+ resolution: {integrity: sha512-B3dPc3RsWN+CIrwJHk6KnPQjdN7cg9mnSgfs7AUEXITlIYRnSMleOZQPgpmm759pGZ/vpnsXciNfJKXKME2rrg==}
+
sax@1.6.0:
resolution: {integrity: sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==}
engines: {node: '>=11.0.0'}
@@ -6708,6 +6769,12 @@ snapshots:
transitivePeerDependencies:
- supports-color
+ '@astrojs/markdown-satteri@0.2.2':
+ dependencies:
+ '@astrojs/internal-helpers': 0.10.0
+ github-slugger: 2.0.0
+ satteri: 0.8.1
+
'@astrojs/mdx@5.0.6(astro@6.4.4(@types/node@25.9.2)(jiti@2.7.0)(lightningcss@1.32.0)(rollup@4.61.0)(tsx@4.22.4)(yaml@2.9.0))':
dependencies:
'@astrojs/markdown-remark': 7.1.2
@@ -6727,7 +6794,7 @@ snapshots:
transitivePeerDependencies:
- supports-color
- '@astrojs/mdx@6.0.2(astro@6.4.4(@types/node@25.9.2)(jiti@2.7.0)(lightningcss@1.32.0)(rollup@4.61.0)(tsx@4.22.4)(yaml@2.9.0))':
+ '@astrojs/mdx@6.0.2(@astrojs/markdown-satteri@0.2.2)(astro@6.4.4(@types/node@25.9.2)(jiti@2.7.0)(lightningcss@1.32.0)(rollup@4.61.0)(tsx@4.22.4)(yaml@2.9.0))':
dependencies:
'@astrojs/internal-helpers': 0.10.0
'@astrojs/markdown-remark': 7.2.0
@@ -6744,6 +6811,8 @@ snapshots:
source-map: 0.7.6
unist-util-visit: 5.1.0
vfile: 6.0.3
+ optionalDependencies:
+ '@astrojs/markdown-satteri': 0.2.2
transitivePeerDependencies:
- supports-color
@@ -6994,6 +7063,25 @@ snapshots:
'@braintree/sanitize-url@7.1.2': {}
+ '@bruits/satteri-darwin-arm64@0.8.1':
+ optional: true
+
+ '@bruits/satteri-darwin-x64@0.8.1':
+ optional: true
+
+ '@bruits/satteri-linux-x64-gnu@0.8.1':
+ optional: true
+
+ '@bruits/satteri-wasm32-wasi@0.8.1':
+ dependencies:
+ '@emnapi/core': 1.9.1
+ '@emnapi/runtime': 1.9.1
+ '@napi-rs/wasm-runtime': 1.1.4(@emnapi/core@1.9.1)(@emnapi/runtime@1.9.1)
+ optional: true
+
+ '@bruits/satteri-win32-x64-msvc@0.8.1':
+ optional: true
+
'@capsizecss/unpack@4.0.0':
dependencies:
fontkitten: 1.0.3
@@ -7108,11 +7196,27 @@ snapshots:
'@emmetio/stream-reader@2.2.0': {}
+ '@emnapi/core@1.9.1':
+ dependencies:
+ '@emnapi/wasi-threads': 1.2.0
+ tslib: 2.8.1
+ optional: true
+
'@emnapi/runtime@1.10.0':
dependencies:
tslib: 2.8.1
optional: true
+ '@emnapi/runtime@1.9.1':
+ dependencies:
+ tslib: 2.8.1
+ optional: true
+
+ '@emnapi/wasi-threads@1.2.0':
+ dependencies:
+ tslib: 2.8.1
+ optional: true
+
'@emotion/babel-plugin@11.13.5':
dependencies:
'@babel/helper-module-imports': 7.29.7
@@ -7793,6 +7897,13 @@ snapshots:
nanostores: 1.3.0
react: 19.0.0
+ '@napi-rs/wasm-runtime@1.1.4(@emnapi/core@1.9.1)(@emnapi/runtime@1.9.1)':
+ dependencies:
+ '@emnapi/core': 1.9.1
+ '@emnapi/runtime': 1.9.1
+ '@tybys/wasm-util': 0.10.2
+ optional: true
+
'@nodable/entities@2.1.1': {}
'@nodelib/fs.scandir@2.1.5':
@@ -8209,6 +8320,11 @@ snapshots:
'@tokenizer/token@0.3.0': {}
+ '@tybys/wasm-util@0.10.2':
+ dependencies:
+ tslib: 2.8.1
+ optional: true
+
'@types/aria-query@5.0.4': {}
'@types/babel__core@7.20.5':
@@ -12393,6 +12509,24 @@ snapshots:
dependencies:
suf-log: 2.5.3
+ satteri-expressive-code@0.1.11(satteri@0.8.1):
+ dependencies:
+ expressive-code: 0.42.0
+ satteri: 0.8.1
+
+ satteri@0.8.1:
+ dependencies:
+ '@types/estree-jsx': 1.0.5
+ '@types/hast': 3.0.4
+ '@types/mdast': 4.0.4
+ '@types/unist': 3.0.3
+ optionalDependencies:
+ '@bruits/satteri-darwin-arm64': 0.8.1
+ '@bruits/satteri-darwin-x64': 0.8.1
+ '@bruits/satteri-linux-x64-gnu': 0.8.1
+ '@bruits/satteri-wasm32-wasi': 0.8.1
+ '@bruits/satteri-win32-x64-msvc': 0.8.1
+
sax@1.6.0: {}
scheduler@0.25.0: {}
diff --git a/src/content/changelog/access/2025-07-01-Access-Supports-Customer-Metadata-Boundary.mdx b/src/content/changelog/access/2025-07-01-Access-Supports-Customer-Metadata-Boundary.mdx
index c7f5ea93bac..d03cecd7bab 100644
--- a/src/content/changelog/access/2025-07-01-Access-Supports-Customer-Metadata-Boundary.mdx
+++ b/src/content/changelog/access/2025-07-01-Access-Supports-Customer-Metadata-Boundary.mdx
@@ -1,12 +1,12 @@
---
title: Cloudflare Access Logging supports the Customer Metadata Boundary (CMB)
-description: Access logs will now respect the CMB.
+description: Access logs will now respect the CMB.
date: 2025-08-14
products:
- access
---
-Cloudflare Access logs now support the [Customer Metadata Boundary (CMB)](/data-localization/metadata-boundary/). If you have configured the CMB for your account, all Access logging will respect that configuration.
+Cloudflare Access logs now support the [Customer Metadata Boundary (CMB)](/data-localization/metadata-boundary/). If you have configured the CMB for your account, all Access logging will respect that configuration.
:::note
For EU CMB customers, the logs will not be stored by Access and will appear as empty in the dashboard. EU CMB customers should utilize [Logpush](/logs/logpush/) to retain their Access logging, if desired.
diff --git a/src/content/changelog/agents/2026-04-15-agentlee-writeops-genui.mdx b/src/content/changelog/agents/2026-04-15-agentlee-writeops-genui.mdx
index c47df65f32e..313f4eae04f 100644
--- a/src/content/changelog/agents/2026-04-15-agentlee-writeops-genui.mdx
+++ b/src/content/changelog/agents/2026-04-15-agentlee-writeops-genui.mdx
@@ -10,7 +10,7 @@ We are excited to announce two major capability upgrades for **Agent Lee**, the
### Take action with Write Operations
-Agent Lee can now perform changes on your behalf across your Cloudflare account. Whether you need to update DNS records, modify SSL/TLS settings, or configure Workers routes, you can simply ask.
+Agent Lee can now perform changes on your behalf across your Cloudflare account. Whether you need to update DNS records, modify SSL/TLS settings, or configure Workers routes, you can simply ask.
To ensure security and accuracy, every write operation requires **explicit user approval**. Before any change is committed, Agent Lee will present a summary of the proposed action in plain language. No action is taken until you select **Confirm**, and this approval requirement is enforced at the infrastructure level to prevent unauthorized changes.
diff --git a/src/content/changelog/ai-search/2025-09-25-ai-search-more-models.mdx b/src/content/changelog/ai-search/2025-09-25-ai-search-more-models.mdx
index 1eff4229721..98b588f9a98 100644
--- a/src/content/changelog/ai-search/2025-09-25-ai-search-more-models.mdx
+++ b/src/content/changelog/ai-search/2025-09-25-ai-search-more-models.mdx
@@ -24,7 +24,7 @@ Once configured, your AI Search instance will be able to reference models availa
```javascript
export default {
async fetch(request, env) {
-
+
// Query your AI Search instance with a natural language question to an OpenAI model
const result = await env.AI.autorag("my-ai-search").aiSearch({
query: "What's new for Cloudflare Birthday Week?",
diff --git a/src/content/changelog/ai-search/2025-11-19-add-extra-headers-for-website-crawling.mdx b/src/content/changelog/ai-search/2025-11-19-add-extra-headers-for-website-crawling.mdx
index 5a9abdb9296..d3f576d3bfe 100644
--- a/src/content/changelog/ai-search/2025-11-19-add-extra-headers-for-website-crawling.mdx
+++ b/src/content/changelog/ai-search/2025-11-19-add-extra-headers-for-website-crawling.mdx
@@ -10,7 +10,7 @@ date: 2025-11-19
Previously, AI Search could only crawl publicly accessible pages, leaving knowledge bases, documentation, and other protected content out of your search results. With custom headers support, you can now include authentication credentials that allow the crawler to access this protected content.
-This is particularly useful for indexing content like:
+This is particularly useful for indexing content like:
- **Internal documentation** behind corporate login systems
- **Premium content** that requires users to provide access to unlock
- **Sites protected by Cloudflare Access** using service tokens
@@ -26,6 +26,6 @@ CF-Access-Client-Id: your-token-id.access
CF-Access-Client-Secret: your-token-secret
```
-The crawler will automatically include these headers in all requests, allowing it to access protected pages that would otherwise be blocked.
+The crawler will automatically include these headers in all requests, allowing it to access protected pages that would otherwise be blocked.
Learn more about [configuring custom headers for website crawling](/ai-search/configuration/data-source/website/#extra-headers-for-access-protected-content) in AI Search.
\ No newline at end of file
diff --git a/src/content/changelog/ai-search/2026-04-16-ai-search-namespace-binding.mdx b/src/content/changelog/ai-search/2026-04-16-ai-search-namespace-binding.mdx
index a54b6cddfff..105ae21f43f 100644
--- a/src/content/changelog/ai-search/2026-04-16-ai-search-namespace-binding.mdx
+++ b/src/content/changelog/ai-search/2026-04-16-ai-search-namespace-binding.mdx
@@ -7,13 +7,13 @@ date: 2026-04-16T12:00:00Z
publish_future_dated_entry: true
---
-New [AI Search](/ai-search/) instances created after today will work differently. New instances come with built-in storage and a vector index, so you can upload a file, have it indexed immediately, and search it right away.
+New [AI Search](/ai-search/) instances created after today will work differently. New instances come with built-in storage and a vector index, so you can upload a file, have it indexed immediately, and search it right away.
Additionally new Workers Bindings are now available to use with AI Search. The new namespace binding lets you create and manage instances at runtime, and cross-instance search API lets you query across multiple instances in one call.
## Built-in storage and vector index
-All new instances now comes with built-in storage which allows you to upload files directly to it using the [Items API](/ai-search/api/items/workers-binding/) or the dashboard. No R2 buckets to set up, no external data sources to connect first.
+All new instances now comes with built-in storage which allows you to upload files directly to it using the [Items API](/ai-search/api/items/workers-binding/) or the dashboard. No R2 buckets to set up, no external data sources to connect first.
```ts
const instance = env.AI_SEARCH.get("my-instance");
diff --git a/src/content/changelog/analytics/2025-10-01-confidence-intervals.mdx b/src/content/changelog/analytics/2025-10-01-confidence-intervals.mdx
index e8c0c6621a0..420f30e5265 100644
--- a/src/content/changelog/analytics/2025-10-01-confidence-intervals.mdx
+++ b/src/content/changelog/analytics/2025-10-01-confidence-intervals.mdx
@@ -3,12 +3,12 @@ title: New Confidence Intervals in GraphQL Analytics API
description: Confidence intervals are now supported in the GraphQL Analytics API to show statistical ranges for sampled data results
date: 2025-10-01
---
-
-The GraphQL Analytics API now supports confidence intervals for `sum` and `count` fields on adaptive (sampled) datasets. Confidence intervals provide a statistical range around sampled results, helping verify accuracy and quantify uncertainty.
+
+The GraphQL Analytics API now supports confidence intervals for `sum` and `count` fields on adaptive (sampled) datasets. Confidence intervals provide a statistical range around sampled results, helping verify accuracy and quantify uncertainty.
- **Supported datasets**: Adaptive (sampled) datasets only.
- **Supported fields**: All `sum` and `count` fields.
-- **Usage**: The confidence `level` must be provided as a decimal between 0 and 1 (e.g. `0.90`, `0.95`, `0.99`).
+- **Usage**: The confidence `level` must be provided as a decimal between 0 and 1 (e.g. `0.90`, `0.95`, `0.99`).
- **Default**: If no confidence level is specified, no intervals are returned.
-For examples and more details, see the [GraphQL Analytics API documentation](/analytics/graphql-api/features/confidence-intervals/).
+For examples and more details, see the [GraphQL Analytics API documentation](/analytics/graphql-api/features/confidence-intervals/).
diff --git a/src/content/changelog/api-shield/2026-03-09-vulnerability-scanner.mdx b/src/content/changelog/api-shield/2026-03-09-vulnerability-scanner.mdx
index 1b6ce51e1eb..6f3b0f22a6a 100644
--- a/src/content/changelog/api-shield/2026-03-09-vulnerability-scanner.mdx
+++ b/src/content/changelog/api-shield/2026-03-09-vulnerability-scanner.mdx
@@ -10,7 +10,7 @@ Cloudflare is launching the [Open Beta of the **Web and API Vulnerability Scanne
The initial release focuses on detecting Broken Object Level Authorization (BOLA) vulnerabilities by building API call graphs to simulate attacker and owner contexts, then testing these contexts by sending real HTTP requests to your APIs.
-The scanner is now available via the Cloudflare API. To scan, set up your target environment, owner and attacker credentials, and upload your OpenAPI file with response schemas. The scanner will be available in the Cloudflare dashboard in a future release.
+The scanner is now available via the Cloudflare API. To scan, set up your target environment, owner and attacker credentials, and upload your OpenAPI file with response schemas. The scanner will be available in the Cloudflare dashboard in a future release.
**Access**: This feature is only available to API Shield subscribers via the Cloudflare API. We hope you will use the API for programmatic integration into your CI/CD pipelines and security dashboards.
diff --git a/src/content/changelog/cloudflare-one/2025-09-16-new-ai-enabled-search-for-zero-trust-dashboard.mdx b/src/content/changelog/cloudflare-one/2025-09-16-new-ai-enabled-search-for-zero-trust-dashboard.mdx
index ae69ba66324..9969d44fb60 100644
--- a/src/content/changelog/cloudflare-one/2025-09-16-new-ai-enabled-search-for-zero-trust-dashboard.mdx
+++ b/src/content/changelog/cloudflare-one/2025-09-16-new-ai-enabled-search-for-zero-trust-dashboard.mdx
@@ -9,7 +9,7 @@ products:
Zero Trust Dashboard has a brand new, AI-powered search functionality. You can search your account by resources (applications, policies, device profiles, settings, etc.), pages, products, and more.
-
+
**Ask Cloudy** — You can also ask Cloudy, our AI agent, questions about Cloudflare Zero Trust. Cloudy is trained on our developer documentation and implementation guides, so it can tell you how to configure functionality, best practices, and can make recommendations.
Cloudy can then stay open with you as you move between pages to build configuration or answer more questions.
diff --git a/src/content/changelog/cloudflare-one/new-applications-71825.mdx b/src/content/changelog/cloudflare-one/new-applications-71825.mdx
index 3732caa8114..1cbf0a71d44 100644
--- a/src/content/changelog/cloudflare-one/new-applications-71825.mdx
+++ b/src/content/changelog/cloudflare-one/new-applications-71825.mdx
@@ -7,7 +7,7 @@ product: Gateway
42 new applications have been added for Zero Trust support within the Application Library and Gateway policy enforcement, giving you the ability to investigate or apply inline policies to these applications.
-33 of the 42 applications are Artificial Intelligence applications. The others are Human Resources (2 applications), Development (2 applications), Productivity (2 applications), Sales & Marketing, Public Cloud, and Security.
+33 of the 42 applications are Artificial Intelligence applications. The others are Human Resources (2 applications), Development (2 applications), Productivity (2 applications), Sales & Marketing, Public Cloud, and Security.
To view all available applications, log in to your Cloudflare [Zero Trust dashboard](https://one.dash.cloudflare.com/), navigate to the **App Library** under **My Team**.
diff --git a/src/content/changelog/dex/2025-11-12-dex-logpush-jobs.mdx b/src/content/changelog/dex/2025-11-12-dex-logpush-jobs.mdx
index 7a8ddd2b404..a6dd5ca921f 100644
--- a/src/content/changelog/dex/2025-11-12-dex-logpush-jobs.mdx
+++ b/src/content/changelog/dex/2025-11-12-dex-logpush-jobs.mdx
@@ -6,7 +6,7 @@ date: 2025-11-12
[Digital Experience Monitoring (DEX)](/cloudflare-one/insights/dex/) provides visibility into WARP device metrics, connectivity, and network performance across your Cloudflare SASE deployment.
-We've released four new WARP and DEX device data sets that can be exported via [Cloudflare Logpush](/cloudflare-one/insights/logs/logpush/). These Logpush data sets can be exported to R2, a cloud bucket, or a SIEM to build a customized logging and analytics experience.
+We've released four new WARP and DEX device data sets that can be exported via [Cloudflare Logpush](/cloudflare-one/insights/logs/logpush/). These Logpush data sets can be exported to R2, a cloud bucket, or a SIEM to build a customized logging and analytics experience.
1. [DEX Application Tests](/logs/logpush/logpush-job/datasets/account/dex_application_tests/)
2. [DEX Device State Events](/logs/logpush/logpush-job/datasets/account/dex_device_state_events/)
diff --git a/src/content/changelog/dex/2026-04-28-dex-speed-test.mdx b/src/content/changelog/dex/2026-04-28-dex-speed-test.mdx
index 37b7e2b2737..31340c7b0b9 100644
--- a/src/content/changelog/dex/2026-04-28-dex-speed-test.mdx
+++ b/src/content/changelog/dex/2026-04-28-dex-speed-test.mdx
@@ -4,7 +4,7 @@ description: Customers can run speed tests from the Cloudflare One Client to Clo
date: 2026-04-28
---
-IT teams can now remotely run speed tests from the [Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/) to Cloudflare's network edge.
+IT teams can now remotely run speed tests from the [Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/) to Cloudflare's network edge.
Each speed test includes the following metrics:
- Internet speed: download and upload throughput
diff --git a/src/content/changelog/dex/2026-04-29-dex-tests-to-auth.mdx b/src/content/changelog/dex/2026-04-29-dex-tests-to-auth.mdx
index abfb872fa28..36512129d24 100644
--- a/src/content/changelog/dex/2026-04-29-dex-tests-to-auth.mdx
+++ b/src/content/changelog/dex/2026-04-29-dex-tests-to-auth.mdx
@@ -4,7 +4,7 @@ description: Digital experience now supports testing applications with authentic
date: 2026-04-29
---
-[Digital experience tests](/cloudflare-one/insights/dex/tests/) now support testing applications protected by Cloudflare Access or third-party authentication. All authentication secrets are managed via [Cloudflare Secret Store](/secrets-store/).
+[Digital experience tests](/cloudflare-one/insights/dex/tests/) now support testing applications protected by Cloudflare Access or third-party authentication. All authentication secrets are managed via [Cloudflare Secret Store](/secrets-store/).
Digital experience tests also have enhanced configuration options including:
- New HTTP methods (DELETE, PATCH, POST, PUT)
diff --git a/src/content/changelog/dlp/2025-08-25-ai-prompt-protection.mdx b/src/content/changelog/dlp/2025-08-25-ai-prompt-protection.mdx
index 21f93780d77..5439170cf37 100644
--- a/src/content/changelog/dlp/2025-08-25-ai-prompt-protection.mdx
+++ b/src/content/changelog/dlp/2025-08-25-ai-prompt-protection.mdx
@@ -29,7 +29,7 @@ To help you apply these topics quickly, we have also released five new predefine
4. **Full Prompt Logging**
-
+
To aid in incident investigation, an optional setting in your Gateway policy allows you to [capture prompt logs](/cloudflare-one/data-loss-prevention/dlp-policies/logging-options/#log-generative-ai-prompt-content) to store the full interaction of prompts that trigger a policy match. To make investigations easier, logs can be filtered by ```conversation_id```, allowing you to reconstruct the full context of an interaction that led to a policy violation.
diff --git a/src/content/changelog/dlp/2026-04-28-pii-record-profile.mdx b/src/content/changelog/dlp/2026-04-28-pii-record-profile.mdx
index a4a744c0646..64134f5ef20 100644
--- a/src/content/changelog/dlp/2026-04-28-pii-record-profile.mdx
+++ b/src/content/changelog/dlp/2026-04-28-pii-record-profile.mdx
@@ -2,7 +2,7 @@
title: Detect PII records with a new predefined DLP profile
description: A new predefined DLP profile detects records that contain multiple types of personal data, reducing false positives from isolated matches.
date: 2026-04-28
-products:
+products:
- dlp
---
diff --git a/src/content/changelog/durable-objects/2025-08-21-durable-objects-get-by-name.mdx b/src/content/changelog/durable-objects/2025-08-21-durable-objects-get-by-name.mdx
index e03702fa3be..d88e587e3d7 100644
--- a/src/content/changelog/durable-objects/2025-08-21-durable-objects-get-by-name.mdx
+++ b/src/content/changelog/durable-objects/2025-08-21-durable-objects-get-by-name.mdx
@@ -10,11 +10,11 @@ date: 2025-08-21
You can now create a client (a [Durable Object stub](/durable-objects/api/stub/)) to a Durable Object with the new `getByName` method, removing the need to convert Durable Object names to IDs and then create a stub.
```js
-// Before: (1) translate name to ID then (2) get a client
+// Before: (1) translate name to ID then (2) get a client
const objectId = env.MY_DURABLE_OBJECT.idFromName("foo"); // or .newUniqueId()
-const stub = env.MY_DURABLE_OBJECT.get(objectId);
+const stub = env.MY_DURABLE_OBJECT.get(objectId);
-// Now: retrieve client to Durable Object directly via its name
+// Now: retrieve client to Durable Object directly via its name
const stub = env.MY_DURABLE_OBJECT.getByName("foo");
// Use client to send request to the remote Durable Object
diff --git a/src/content/changelog/durable-objects/2025-10-16-durable-objects-data-studio.mdx b/src/content/changelog/durable-objects/2025-10-16-durable-objects-data-studio.mdx
index 10b3c5b7270..b0b6b6b70c7 100644
--- a/src/content/changelog/durable-objects/2025-10-16-durable-objects-data-studio.mdx
+++ b/src/content/changelog/durable-objects/2025-10-16-durable-objects-data-studio.mdx
@@ -11,7 +11,7 @@ import { DashButton } from "~/components";
-You can now view and write to each Durable Object's storage using a UI editor on the Cloudflare dashboard. Only Durable Objects using [SQLite storage](/durable-objects/best-practices/access-durable-objects-storage/#create-sqlite-backed-durable-object-class) can use Data Studio.
+You can now view and write to each Durable Object's storage using a UI editor on the Cloudflare dashboard. Only Durable Objects using [SQLite storage](/durable-objects/best-practices/access-durable-objects-storage/#create-sqlite-backed-durable-object-class) can use Data Studio.
diff --git a/src/content/changelog/durable-objects/2025-12-12-durable-objects-sqlite-storage-billing.mdx b/src/content/changelog/durable-objects/2025-12-12-durable-objects-sqlite-storage-billing.mdx
index 7d4b1c19632..7118dec4586 100644
--- a/src/content/changelog/durable-objects/2025-12-12-durable-objects-sqlite-storage-billing.mdx
+++ b/src/content/changelog/durable-objects/2025-12-12-durable-objects-sqlite-storage-billing.mdx
@@ -9,7 +9,7 @@ date: 2025-12-12
import { DashButton } from "~/components";
-Storage billing for SQLite-backed Durable Objects will be enabled in January 2026, with a target date of January 7, 2026 (no earlier).
+Storage billing for SQLite-backed Durable Objects will be enabled in January 2026, with a target date of January 7, 2026 (no earlier).
To view your SQLite storage usage, go to the **Durable Objects** page
diff --git a/src/content/changelog/email-security-cf1/2025-12-03-submission-terminology-update.mdx b/src/content/changelog/email-security-cf1/2025-12-03-submission-terminology-update.mdx
index b8d67579c27..4a46eae0497 100644
--- a/src/content/changelog/email-security-cf1/2025-12-03-submission-terminology-update.mdx
+++ b/src/content/changelog/email-security-cf1/2025-12-03-submission-terminology-update.mdx
@@ -1,6 +1,6 @@
---
title: Reclassifications to Submissions
-description: Submission terminology update to reflect outcomes
+description: Submission terminology update to reflect outcomes
date: 2025-12-03T21:11:33Z
---
@@ -10,7 +10,7 @@ Submissions are leveraged to tune future variants of campaigns. To respect data
-This applies to all Email Security packages:
-- **Advantage**
-- **Enterprise**
-- **Enterprise + PhishGuard**
+This applies to all Email Security packages:
+- **Advantage**
+- **Enterprise**
+- **Enterprise + PhishGuard**
diff --git a/src/content/changelog/email-security-cf1/2026-01-12-enhanced-visibility-post-delivery-actions.mdx b/src/content/changelog/email-security-cf1/2026-01-12-enhanced-visibility-post-delivery-actions.mdx
index b38737ac382..66af7505732 100644
--- a/src/content/changelog/email-security-cf1/2026-01-12-enhanced-visibility-post-delivery-actions.mdx
+++ b/src/content/changelog/email-security-cf1/2026-01-12-enhanced-visibility-post-delivery-actions.mdx
@@ -4,7 +4,7 @@ description: Additional post delivery action log details for failures
date: 2026-01-12T11:15:33Z
---
-The Action Log now provides enriched data for post-delivery actions to improve troubleshooting. In addition to success confirmations, failed actions now display the targeted Destination folder and a specific failure reason within the Activity field.
+The Action Log now provides enriched data for post-delivery actions to improve troubleshooting. In addition to success confirmations, failed actions now display the targeted Destination folder and a specific failure reason within the Activity field.
:::note
Error messages will vary depending on whether you are using Google Workspace or Microsoft 365.
@@ -14,6 +14,6 @@ Error messages will vary depending on whether you are using Google Workspace or
This update allows you to see the full lifecycle of a failed action. For instance, if an administrator tries to move an email that has already been deleted or moved manually, the log will now show the multiple retry attempts and the specific destination error.
-This applies to all Email Security packages:
-- **Enterprise**
-- **Enterprise + PhishGuard**
+This applies to all Email Security packages:
+- **Enterprise**
+- **Enterprise + PhishGuard**
diff --git a/src/content/changelog/email-security-cf1/2026-02-02-improved-accessibility-search-for-monitoring.mdx b/src/content/changelog/email-security-cf1/2026-02-02-improved-accessibility-search-for-monitoring.mdx
index 2b9c5533289..f6968b160b9 100644
--- a/src/content/changelog/email-security-cf1/2026-02-02-improved-accessibility-search-for-monitoring.mdx
+++ b/src/content/changelog/email-security-cf1/2026-02-02-improved-accessibility-search-for-monitoring.mdx
@@ -6,17 +6,17 @@ date: 2026-02-02T11:05:33Z
We have updated the Monitoring page to provide a more streamlined and insightful experience for administrators, improving both data visualization and dashboard accessibility.
-* **Enhanced Visual Layout**: Optimized contrast and the introduction of stacked bar charts for clearer data visualization and trend analysis.
+* **Enhanced Visual Layout**: Optimized contrast and the introduction of stacked bar charts for clearer data visualization and trend analysis.
-* **Improved Accessibility & Usability**:
- * **Widget Search**: Added search functionality to multiple widgets, including Policies, Submitters, and Impersonation.
- * **Actionable UI**: All available actions are now accessible via dedicated buttons.
- * **State Indicators**: Improved UI states to clearly communicate loading, empty datasets, and error conditions.
+* **Improved Accessibility & Usability**:
+ * **Widget Search**: Added search functionality to multiple widgets, including Policies, Submitters, and Impersonation.
+ * **Actionable UI**: All available actions are now accessible via dedicated buttons.
+ * **State Indicators**: Improved UI states to clearly communicate loading, empty datasets, and error conditions.
* **Granular Data Breakdowns**: New views for dispositions by month, malicious email details, link actions, and impersonations.
-This applies to all Email Security packages:
-- **Advantage**
-- **Enterprise**
-- **Enterprise + PhishGuard**
+This applies to all Email Security packages:
+- **Advantage**
+- **Enterprise**
+- **Enterprise + PhishGuard**
diff --git a/src/content/changelog/fundamentals/2025-06-23-user-groups-ga.mdx b/src/content/changelog/fundamentals/2025-06-23-user-groups-ga.mdx
index a5377b7e567..5a11082f3c1 100644
--- a/src/content/changelog/fundamentals/2025-06-23-user-groups-ga.mdx
+++ b/src/content/changelog/fundamentals/2025-06-23-user-groups-ga.mdx
@@ -14,7 +14,7 @@ We're announcing the GA of **User Groups for Cloudflare Dashboard** and **System
**SCIM User Groups [GA]**: Centralize & simplify your user and group management at scale by syncing memberships directly from your upstream identity provider (like Okta or Entra ID) to the Cloudflare Platform. This ensures Cloudflare stays in sync with your identity provider, letting you apply Permission Policies to those synced groups directly within the Cloudflare Dashboard.
-**Stability & Scale**:
+**Stability & Scale**:
These features have undergone extensive testing during the Public Beta period and are now ready for production use across enterprises of all sizes.
:::note
diff --git a/src/content/changelog/fundamentals/2025-09-03-rate-limiting-improvement.mdx b/src/content/changelog/fundamentals/2025-09-03-rate-limiting-improvement.mdx
index 78ffc7cb93e..4b4a0e83d8b 100644
--- a/src/content/changelog/fundamentals/2025-09-03-rate-limiting-improvement.mdx
+++ b/src/content/changelog/fundamentals/2025-09-03-rate-limiting-improvement.mdx
@@ -1,15 +1,15 @@
---
title: Introducing new headers for rate limiting on Cloudflare's API
-description: Cloudflare's API handles rate limiting automatically in the SDKs and how to respond appropriately in your code.
+description: Cloudflare's API handles rate limiting automatically in the SDKs and how to respond appropriately in your code.
products:
- fundamentals
date: 2025-09-03
---
-Cloudflare's API now supports rate limiting headers using the pattern developed by the [IETF draft on rate limiting](https://ietf-wg-httpapi.github.io/ratelimit-headers/draft-ietf-httpapi-ratelimit-headers.html). This allows API consumers to know how many more calls are left until the rate limit is reached, as well as how long you will need to wait until more capacity is available.
+Cloudflare's API now supports rate limiting headers using the pattern developed by the [IETF draft on rate limiting](https://ietf-wg-httpapi.github.io/ratelimit-headers/draft-ietf-httpapi-ratelimit-headers.html). This allows API consumers to know how many more calls are left until the rate limit is reached, as well as how long you will need to wait until more capacity is available.
-Our SDKs automatically work with these new headers, backing off when rate limits are approached. There is no action required for users of the latest Cloudflare SDKs to take advantage of this.
+Our SDKs automatically work with these new headers, backing off when rate limits are approached. There is no action required for users of the latest Cloudflare SDKs to take advantage of this.
-As always, if you need any help with rate limits, please contact Support.
+As always, if you need any help with rate limits, please contact Support.
### Changes
#### New Headers
@@ -22,10 +22,10 @@ As always, if you need any help with rate limits, please contact Support.
- Retry-After: Number of Seconds until more capacity is available, rounded up
#### SDK Back offs
-- All of Cloudflare's latest SDKs will automatically respond to the headers, instituting a backoff when limits are approached.
+- All of Cloudflare's latest SDKs will automatically respond to the headers, instituting a backoff when limits are approached.
### GraphQL and Edge APIs
-These new headers and back offs are only available for Cloudflare REST APIs, and will not affect GraphQL.
+These new headers and back offs are only available for Cloudflare REST APIs, and will not affect GraphQL.
### For more information
* [Rate limits at Cloudflare](https://developers.cloudflare.com/fundamentals/api/reference/limits/)
diff --git a/src/content/changelog/fundamentals/2025-09-08-reminders-about-two-factor-authentication-backup-codes.mdx b/src/content/changelog/fundamentals/2025-09-08-reminders-about-two-factor-authentication-backup-codes.mdx
index f3c21ce5168..59449622a09 100644
--- a/src/content/changelog/fundamentals/2025-09-08-reminders-about-two-factor-authentication-backup-codes.mdx
+++ b/src/content/changelog/fundamentals/2025-09-08-reminders-about-two-factor-authentication-backup-codes.mdx
@@ -6,7 +6,7 @@ products:
date: 2025-09-08
---
-Two-factor authentication is the best way to help protect your account from account takeovers, but if you lose your second factor, you could be locked out of your account. Lock outs are one of the top reasons customers contact Cloudflare support, and our policies often don't allow us to bypass two-factor authentication for customers that are locked out. Today we are releasing an improvement where Cloudflare will periodically remind you to securely save your backup codes so you don't get locked out in the future.
+Two-factor authentication is the best way to help protect your account from account takeovers, but if you lose your second factor, you could be locked out of your account. Lock outs are one of the top reasons customers contact Cloudflare support, and our policies often don't allow us to bypass two-factor authentication for customers that are locked out. Today we are releasing an improvement where Cloudflare will periodically remind you to securely save your backup codes so you don't get locked out in the future.
## For more information
- [Two-factor authentication](/fundamentals/user-profiles/2fa/)
diff --git a/src/content/changelog/fundamentals/2025-09-25-sign-in-with-github.mdx b/src/content/changelog/fundamentals/2025-09-25-sign-in-with-github.mdx
index 7cdd79523b4..b8b0020bd0a 100644
--- a/src/content/changelog/fundamentals/2025-09-25-sign-in-with-github.mdx
+++ b/src/content/changelog/fundamentals/2025-09-25-sign-in-with-github.mdx
@@ -6,7 +6,7 @@ products:
date: 2025-09-25
---
-Cloudflare has launched sign in with GitHub as a log in option. This feature is available to all users with a verified email address who are not using SSO. To use it, simply click on the `Sign in with GitHub` button on the dashboard login page. You will be logged in with your primary GitHub email address.
+Cloudflare has launched sign in with GitHub as a log in option. This feature is available to all users with a verified email address who are not using SSO. To use it, simply click on the `Sign in with GitHub` button on the dashboard login page. You will be logged in with your primary GitHub email address.
## For more information
- [Log in to Cloudflare](/fundamentals/user-profiles/login/)
diff --git a/src/content/changelog/fundamentals/2025-10-30-email-2FA.mdx b/src/content/changelog/fundamentals/2025-10-30-email-2FA.mdx
index 206794e93f4..07fdea6b5a0 100644
--- a/src/content/changelog/fundamentals/2025-10-30-email-2FA.mdx
+++ b/src/content/changelog/fundamentals/2025-10-30-email-2FA.mdx
@@ -4,15 +4,15 @@ description: Cloudflare now offers email two-factor authentication to protect yo
date: 2025-10-30
---
-Two-factor authentication (2FA) is one of the best ways to protect your account from the risk of account takeover. Cloudflare has offered phishing resistant 2FA options including hardware based keys (for example, a Yubikey) and app based TOTP (time-based one-time password) options which use apps like Google or Microsoft's Authenticator app. Unfortunately, while these solutions are very secure, they can be lost if you misplace the hardware based key, or lose the phone which includes that app. The result is that users sometimes get locked out of their accounts and need to contact support.
+Two-factor authentication (2FA) is one of the best ways to protect your account from the risk of account takeover. Cloudflare has offered phishing resistant 2FA options including hardware based keys (for example, a Yubikey) and app based TOTP (time-based one-time password) options which use apps like Google or Microsoft's Authenticator app. Unfortunately, while these solutions are very secure, they can be lost if you misplace the hardware based key, or lose the phone which includes that app. The result is that users sometimes get locked out of their accounts and need to contact support.
-Today, we are announcing the addition of email as a 2FA factor for all Cloudflare accounts. Email 2FA is in wide use across the industry as a least common denominator for 2FA because it is low friction, loss resistant, and still improves security over username/password login only. We also know that most commercial email providers already require 2FA, so your email address is usually well protected already.
+Today, we are announcing the addition of email as a 2FA factor for all Cloudflare accounts. Email 2FA is in wide use across the industry as a least common denominator for 2FA because it is low friction, loss resistant, and still improves security over username/password login only. We also know that most commercial email providers already require 2FA, so your email address is usually well protected already.
You can now enable email 2FA on the Cloudflare dashboard:
1. Go to **Profile** at the top right corner.
2. Select **Authentication**.
-3. Under **Two-Factor Authentication**, select **Set up**.
+3. Under **Two-Factor Authentication**, select **Set up**.
## Sign-in security best practices
diff --git a/src/content/changelog/fundamentals/2025-10-30-member-management-improvements.mdx b/src/content/changelog/fundamentals/2025-10-30-member-management-improvements.mdx
index b8e0027220e..2f0093d6bd5 100644
--- a/src/content/changelog/fundamentals/2025-10-30-member-management-improvements.mdx
+++ b/src/content/changelog/fundamentals/2025-10-30-member-management-improvements.mdx
@@ -1,5 +1,5 @@
---
-title: Revamped Member Management UI
+title: Revamped Member Management UI
description: Simplifying the management of users, groups, and permissions within Cloudflare.
products:
- fundamentals
@@ -19,7 +19,7 @@ We overhauled the Invite Members UI to simplify inviting users and assigning per
**Refreshed Members Overview Page**
-
+
We've updated the Members Overview Page to clearly display:
- Member 2FA status
- Which members hold Super Admin privileges
@@ -30,12 +30,12 @@ We've updated the Members Overview Page to clearly display:
**New Member Permission Policies Details View**
-We've created a new member details screen that shows all permission policies associated with a member; including policies inherited from group associations to make it easier for members to understand the effective permissions they have.
+We've created a new member details screen that shows all permission policies associated with a member; including policies inherited from group associations to make it easier for members to understand the effective permissions they have.
-**Improved Member Permission Workflow**
+**Improved Member Permission Workflow**
We redesigned the permission management experience to make it faster and easier for administrators to review roles and grant access.
@@ -43,4 +43,4 @@ We redesigned the permission management experience to make it faster and easier
**Account-scoped Policies Restrictions Relaxed**
-Previously, customers could only associate a single account-scoped policy with a member. We've relaxed this restriction, and now Administrators can now assign multiple account-scoped policies to the same member; bringing policy assignment behavior in-line with user-groups and providing greater flexibility in managing member permissions.
\ No newline at end of file
+Previously, customers could only associate a single account-scoped policy with a member. We've relaxed this restriction, and now Administrators can now assign multiple account-scoped policies to the same member; bringing policy assignment behavior in-line with user-groups and providing greater flexibility in managing member permissions.
\ No newline at end of file
diff --git a/src/content/changelog/fundamentals/2026-01-23-New-2FA-Experience.mdx b/src/content/changelog/fundamentals/2026-01-23-New-2FA-Experience.mdx
index 4809af309b7..b3cb40ed2bc 100644
--- a/src/content/changelog/fundamentals/2026-01-23-New-2FA-Experience.mdx
+++ b/src/content/changelog/fundamentals/2026-01-23-New-2FA-Experience.mdx
@@ -6,9 +6,9 @@ date: 2026-01-23
-In an effort to improve overall user security, users without 2FA will be prompted upon login to enroll in email 2FA. This will improve user security posture while minimizing friction. Users without email 2FA enabled will see a prompt to secure their account with additional factors upon logging in. Enrolling in 2FA remains optional, but strongly encouraged as it is the best way to prevent account takeovers.
+In an effort to improve overall user security, users without 2FA will be prompted upon login to enroll in email 2FA. This will improve user security posture while minimizing friction. Users without email 2FA enabled will see a prompt to secure their account with additional factors upon logging in. Enrolling in 2FA remains optional, but strongly encouraged as it is the best way to prevent account takeovers.
-We also made changes to existing 2FA screens to improve the user experience. Now we have distinct experiences for each 2FA factor type, reflective of the way that factor works.
+We also made changes to existing 2FA screens to improve the user experience. Now we have distinct experiences for each 2FA factor type, reflective of the way that factor works.
-## For more information
+## For more information
* [Configure Email Two Factor Authentication](/fundamentals/user-profiles/2fa/#configure-email-two-factor-authentication)
diff --git a/src/content/changelog/fundamentals/2026-03-17-scim-authentik-support.mdx b/src/content/changelog/fundamentals/2026-03-17-scim-authentik-support.mdx
index 92f5a45e27a..c0c1a7659fe 100644
--- a/src/content/changelog/fundamentals/2026-03-17-scim-authentik-support.mdx
+++ b/src/content/changelog/fundamentals/2026-03-17-scim-authentik-support.mdx
@@ -6,7 +6,7 @@ products:
date: 2026-03-18
---
-Cloudflare dashboard SCIM provisioning now supports [Authentik](https://goauthentik.io/) as an identity provider, joining Okta and Microsoft Entra ID as explicitly supported providers.
+Cloudflare dashboard SCIM provisioning now supports [Authentik](https://goauthentik.io/) as an identity provider, joining Okta and Microsoft Entra ID as explicitly supported providers.
Customers can now sync users and group information from Authentik to Cloudflare, apply Permission Policies to those groups, and manage the lifecycle of users & groups directly from your Authentik Identity Provider.
diff --git a/src/content/changelog/fundamentals/2026-04-06-organizations-public-beta.mdx b/src/content/changelog/fundamentals/2026-04-06-organizations-public-beta.mdx
index 66f075b8044..99e5c7faac3 100644
--- a/src/content/changelog/fundamentals/2026-04-06-organizations-public-beta.mdx
+++ b/src/content/changelog/fundamentals/2026-04-06-organizations-public-beta.mdx
@@ -18,7 +18,7 @@ We're announcing the public beta of **Organizations** for enterprise customers,
**Centralized Account Management**: At launch, every Organization member has the Organization Super Admin role. Organization Super Admins can invite other users and manage any child account under the Organization implicitly.
**Shared policies**: Share [WAF](/waf/custom-rules/) or [Gateway](/cloudflare-one/traffic-policies/tiered-policies/organizations/) policies across multiple accounts within your Organization to simplify centralized policy management.
-**Implicit access**: Members of an Organization automatically receive Super Administrator permissions across child accounts, removing the need for explicit membership on each account. Additional Org-level roles will be available over the course of the year.
+**Implicit access**: Members of an Organization automatically receive Super Administrator permissions across child accounts, removing the need for explicit membership on each account. Additional Org-level roles will be available over the course of the year.
**Unified analytics**: View, filter, and download aggregate HTTP analytics across all Organization child accounts from a single dashboard for centralized visibility into traffic patterns and security events.
diff --git a/src/content/changelog/fundamentals/2026-04-10-secret-scanning-support.mdx b/src/content/changelog/fundamentals/2026-04-10-secret-scanning-support.mdx
index 4fb052b1583..6df437b0b5f 100644
--- a/src/content/changelog/fundamentals/2026-04-10-secret-scanning-support.mdx
+++ b/src/content/changelog/fundamentals/2026-04-10-secret-scanning-support.mdx
@@ -1,6 +1,6 @@
---
title: API tokens now detectable by secret scanning tools
-description: Cloudflare API tokens include identifiable patterns for automated leak detection in repositories and code.
+description: Cloudflare API tokens include identifiable patterns for automated leak detection in repositories and code.
date: 2026-04-10
---
diff --git a/src/content/changelog/fundamentals/2026-04-14-oauth-consent-and-revoke.mdx b/src/content/changelog/fundamentals/2026-04-14-oauth-consent-and-revoke.mdx
index ea662602678..cc3889dabe3 100644
--- a/src/content/changelog/fundamentals/2026-04-14-oauth-consent-and-revoke.mdx
+++ b/src/content/changelog/fundamentals/2026-04-14-oauth-consent-and-revoke.mdx
@@ -15,7 +15,7 @@ This gives you precise control who can access your data.
### Clear consent screens
The OAuth consent screen now shows:
- **What the application can access** — Explicit list of permissions being requested
-- **Who created the application** — Application owner and contact information
+- **Who created the application** — Application owner and contact information
- **Which accounts you're authorizing** — Checkboxes for account selection
### Revoke access anytime
Manage authorized OAuth applications from your profile:
diff --git a/src/content/changelog/gateway/2025-07-24-HTTP-Inspection-on-all-ports.mdx b/src/content/changelog/gateway/2025-07-24-HTTP-Inspection-on-all-ports.mdx
index 6d777cba096..2c45b70ad12 100644
--- a/src/content/changelog/gateway/2025-07-24-HTTP-Inspection-on-all-ports.mdx
+++ b/src/content/changelog/gateway/2025-07-24-HTTP-Inspection-on-all-ports.mdx
@@ -7,7 +7,7 @@ hidden: false
date: 2025-07-24
---
-[Gateway](/cloudflare-one/traffic-policies/) can now apply [HTTP filtering](/cloudflare-one/traffic-policies/http-policies/) to all proxied HTTP requests, not just traffic on standard HTTP (`80`) and HTTPS (`443`) ports. This means all requests can now be filtered by [A/V scanning](/cloudflare-one/traffic-policies/http-policies/antivirus-scanning/), [file sandboxing](/cloudflare-one/traffic-policies/http-policies/file-sandboxing/), [Data Loss Prevention (DLP)](/cloudflare-one/data-loss-prevention/#data-in-transit), and more.
+[Gateway](/cloudflare-one/traffic-policies/) can now apply [HTTP filtering](/cloudflare-one/traffic-policies/http-policies/) to all proxied HTTP requests, not just traffic on standard HTTP (`80`) and HTTPS (`443`) ports. This means all requests can now be filtered by [A/V scanning](/cloudflare-one/traffic-policies/http-policies/antivirus-scanning/), [file sandboxing](/cloudflare-one/traffic-policies/http-policies/file-sandboxing/), [Data Loss Prevention (DLP)](/cloudflare-one/data-loss-prevention/#data-in-transit), and more.
You can turn this [setting](/cloudflare-one/traffic-policies/network-policies/protocol-detection/#inspect-on-all-ports) on by going to **Settings** > **Network** > **Firewall** and choosing _Inspect on all ports_.
diff --git a/src/content/changelog/gateway/2025-07-28-Spam-domain-category-introduced.mdx b/src/content/changelog/gateway/2025-07-28-Spam-domain-category-introduced.mdx
index 99deeee7c9c..8fdc8ab2d97 100644
--- a/src/content/changelog/gateway/2025-07-28-Spam-domain-category-introduced.mdx
+++ b/src/content/changelog/gateway/2025-07-28-Spam-domain-category-introduced.mdx
@@ -3,9 +3,9 @@ title: Scam domain category introduced under Security Threats
description: You can now create policies specifically targeting the Scam content
date: 2025-07-28
---
-
+
We have introduced a new Security Threat category called **Scam**. Relevant domains are marked with the Scam category. Scam typically refers to fraudulent websites and schemes designed to trick victims into giving away money or personal information.
-
+
**New category added**
diff --git a/src/content/changelog/gateway/2025-08-15-gemini-application-replaces-bard.mdx b/src/content/changelog/gateway/2025-08-15-gemini-application-replaces-bard.mdx
index 295f092f251..74f63737a64 100644
--- a/src/content/changelog/gateway/2025-08-15-gemini-application-replaces-bard.mdx
+++ b/src/content/changelog/gateway/2025-08-15-gemini-application-replaces-bard.mdx
@@ -4,7 +4,7 @@ description: The Google Bard application has been fully replaced with Gemini
date: 2025-07-22
---
The **Google Bard** application (ID: 1198) has been deprecated and fully removed from the system. It has been replaced by the **Gemini** application (ID: 1340).
-Any existing Gateway policies that reference the old Google Bard application will no longer function.
+Any existing Gateway policies that reference the old Google Bard application will no longer function.
To ensure your policies continue to work as intended, you should update them to use the new Gemini application.
We recommend replacing all instances of the deprecated Bard application with the new Gemini application in your Gateway policies.
For more information about application policies, please see the [Cloudflare Gateway documentation](/cloudflare-one/traffic-policies/application-app-types/).
diff --git a/src/content/changelog/gateway/2025-11-06-Applications-recategorised-plan.mdx b/src/content/changelog/gateway/2025-11-06-Applications-recategorised-plan.mdx
index 6ae683bd709..1cd5326cc20 100644
--- a/src/content/changelog/gateway/2025-11-06-Applications-recategorised-plan.mdx
+++ b/src/content/changelog/gateway/2025-11-06-Applications-recategorised-plan.mdx
@@ -4,7 +4,7 @@ description: We are preparing to remap some existing applications to better refl
date: 2025-11-06
---
-We have previously added new application categories to better reflect their content and improve HTTP traffic management: refer to [Changelog](/cloudflare-one/changelog/gateway/#2025-10-28).
+We have previously added new application categories to better reflect their content and improve HTTP traffic management: refer to [Changelog](/cloudflare-one/changelog/gateway/#2025-10-28).
While the new categories are live now, we want to ensure you have ample time to review and adjust any existing rules you have configured against old categories.
The remapping of existing applications into these new categories will be completed by January 30, 2026.
This timeline allows you a dedicated period to:
diff --git a/src/content/changelog/gateway/Gateway-application-categories-added.mdx b/src/content/changelog/gateway/Gateway-application-categories-added.mdx
index ec9c5e87eb9..2f049a7fb32 100644
--- a/src/content/changelog/gateway/Gateway-application-categories-added.mdx
+++ b/src/content/changelog/gateway/Gateway-application-categories-added.mdx
@@ -4,7 +4,7 @@ description: Manage outbound traffic with more granular application categories
date: 2025-10-28
---
-To give you precision and flexibility while creating policies to block unwanted traffic, we are introducing new, more granular application categories in the Gateway product.
+To give you precision and flexibility while creating policies to block unwanted traffic, we are introducing new, more granular application categories in the Gateway product.
We have added the following categories to provide more precise organization and allow for finer-grained policy creation, designed around how users interact with different types of applications:
@@ -18,7 +18,7 @@ We have added the following categories to provide more precise organization and
- Photography & Graphic Design
- Travel
-The new categories are live now, but we are providing a transition period for existing applications to be fully remapped to these new categories.
+The new categories are live now, but we are providing a transition period for existing applications to be fully remapped to these new categories.
The full remapping will be completed by January 30, 2026.
diff --git a/src/content/changelog/log-explorer/2025-09-11-contextual-pivots.mdx b/src/content/changelog/log-explorer/2025-09-11-contextual-pivots.mdx
index 794a2ac99ef..a75aa1ccc71 100644
--- a/src/content/changelog/log-explorer/2025-09-11-contextual-pivots.mdx
+++ b/src/content/changelog/log-explorer/2025-09-11-contextual-pivots.mdx
@@ -4,7 +4,7 @@ description: Log Search now lets you pivot directly to related Cloudflare tools
date: 2025-09-11
---
-Directly from [Log Search](/log-explorer/log-search/) results, customers can pivot to other parts of the Cloudflare dashboard to immediately take action as a result of their investigation.
+Directly from [Log Search](/log-explorer/log-search/) results, customers can pivot to other parts of the Cloudflare dashboard to immediately take action as a result of their investigation.
From the `http_requests` or `fw_events` dataset results, right click on an IP Address or JA3 Fingerprint to pivot to the Investigate portal to lookup the reputation of an IP address or JA3 fingerprint.
@@ -14,6 +14,6 @@ Easily learn about error codes by linking directly to our documentation from the
-From the `gateway_http` dataset, click on a **policyid** to link directly to the Zero Trust dashboard to review or make changes to a specific Gateway policy.
+From the `gateway_http` dataset, click on a **policyid** to link directly to the Zero Trust dashboard to review or make changes to a specific Gateway policy.
diff --git a/src/content/changelog/log-explorer/2025-09-11-new-results-table-view.mdx b/src/content/changelog/log-explorer/2025-09-11-new-results-table-view.mdx
index 915ab5b7a8c..0d0eee35f4e 100644
--- a/src/content/changelog/log-explorer/2025-09-11-new-results-table-view.mdx
+++ b/src/content/changelog/log-explorer/2025-09-11-new-results-table-view.mdx
@@ -9,6 +9,6 @@ The results table view of **Log Search** has been updated with additional functi
- Remove/add columns.
- Resize columns.
- Sort columns.
-- Copy values from any field.
+- Copy values from any field.
\ No newline at end of file
diff --git a/src/content/changelog/log-explorer/2025-11-13-new-datasets.mdx b/src/content/changelog/log-explorer/2025-11-13-new-datasets.mdx
index eaa4f6d50ec..e4437cd5be1 100644
--- a/src/content/changelog/log-explorer/2025-11-13-new-datasets.mdx
+++ b/src/content/changelog/log-explorer/2025-11-13-new-datasets.mdx
@@ -33,7 +33,7 @@ The newly supported datasets include:
:::note
-`Auditlog` and `Auditlog_v2` datasets require `audit-log.read` permission for querying.
+`Auditlog` and `Auditlog_v2` datasets require `audit-log.read` permission for querying.
The `biso_user_actions` dataset requires either the `Super Admin` or `ZT PII` role for querying.
:::
diff --git a/src/content/changelog/security-center/2025-07-18-brand-protection-api.mdx b/src/content/changelog/security-center/2025-07-18-brand-protection-api.mdx
index 80b92a2e387..7733f2f6db6 100644
--- a/src/content/changelog/security-center/2025-07-18-brand-protection-api.mdx
+++ b/src/content/changelog/security-center/2025-07-18-brand-protection-api.mdx
@@ -4,13 +4,13 @@ title: New APIs for Brand Protection setup
description: You can now use the Brand Protection API endpoints to manage your Brand Protection queries
date: 2025-07-18
---
-
+
The Brand Protection API is now available, allowing users to create new queries and delete existing ones, fetch matches and more!
-
+
What you can do:
-- **create new string or logo query**
-- **delete string or logo queries**
-- **download matches for both logo and string queries**
-- **read matches for both logo and string queries**
+- **create new string or logo query**
+- **delete string or logo queries**
+- **download matches for both logo and string queries**
+- **read matches for both logo and string queries**
Ready to start? Check out the [Brand Protection API](/api/resources/brand_protection/) in our documentation.
diff --git a/src/content/changelog/security-center/2025-10-27-RFI-Tokens-in-Dash.mdx b/src/content/changelog/security-center/2025-10-27-RFI-Tokens-in-Dash.mdx
index a8da24443aa..58288565e96 100644
--- a/src/content/changelog/security-center/2025-10-27-RFI-Tokens-in-Dash.mdx
+++ b/src/content/changelog/security-center/2025-10-27-RFI-Tokens-in-Dash.mdx
@@ -4,7 +4,7 @@ description: The Requests for Information (RFI) dashboard now shows the number o
date: 2025-10-27
---
-The Requests for Information (RFI) dashboard now shows users the number of tokens used by each submitted RFI to better understand usage of tokens and how they relate to each request submitted.
+The Requests for Information (RFI) dashboard now shows users the number of tokens used by each submitted RFI to better understand usage of tokens and how they relate to each request submitted.
diff --git a/src/content/changelog/security-center/2025-10-31-brand-protection-logo-dashboard-report-abuse.mdx b/src/content/changelog/security-center/2025-10-31-brand-protection-logo-dashboard-report-abuse.mdx
index 5c14e85f934..07257c943d5 100644
--- a/src/content/changelog/security-center/2025-10-31-brand-protection-logo-dashboard-report-abuse.mdx
+++ b/src/content/changelog/security-center/2025-10-31-brand-protection-logo-dashboard-report-abuse.mdx
@@ -1,9 +1,9 @@
---
title: Report logo misuse to Cloudflare directly from the Brand Protection dashboard
-description: You can now use the Brand Protection logo dashboard to report abuse on the Cloudflare network
+description: You can now use the Brand Protection logo dashboard to report abuse on the Cloudflare network
date: 2025-10-31
---
The Brand Protection logo query dashboard now allows you to use the **Report to Cloudflare** button to submit an Abuse report directly from the Brand Protection logo queries dashboard. While you could previously report new domains that were impersonating your brand before, now you can do the same for websites found to be using your logo without your permission. The abuse reports will be prefilled and you will only need to validate a few fields before you can click the submit button, after which our team process your request.
-Ready to start? Check out the [Brand Protection docs](/security-center/brand-protection/).
+Ready to start? Check out the [Brand Protection docs](/security-center/brand-protection/).
diff --git a/src/content/changelog/security-center/2025-11-21-Threat-Events-now-show-events-insights.mdx b/src/content/changelog/security-center/2025-11-21-Threat-Events-now-show-events-insights.mdx
index 9f9d5dd72cd..fcd53972aec 100644
--- a/src/content/changelog/security-center/2025-11-21-Threat-Events-now-show-events-insights.mdx
+++ b/src/content/changelog/security-center/2025-11-21-Threat-Events-now-show-events-insights.mdx
@@ -4,7 +4,7 @@ description: Threat events users can now access threat insights curated by our t
date: 2025-11-21
---
-The threat events platform now has threat insights available for some relevant parent events. Threat intelligence analyst users can access these insights for their threat hunting activity.
-Insights are also highlighted in the Cloudflare dashboard by a small `lightning icon` and the insights can refer to multiple, connected events, potentially part of the same attack or campaign and associated with the same threat actor.
+The threat events platform now has threat insights available for some relevant parent events. Threat intelligence analyst users can access these insights for their threat hunting activity.
+Insights are also highlighted in the Cloudflare dashboard by a small `lightning icon` and the insights can refer to multiple, connected events, potentially part of the same attack or campaign and associated with the same threat actor.
-For more information, refer to [Analyze threat events](/security-center/cloudforce-one/#analyze-threat-events).
+For more information, refer to [Analyze threat events](/security-center/cloudforce-one/#analyze-threat-events).
diff --git a/src/content/changelog/security-center/2026-04-08-threat-events-notification.mdx b/src/content/changelog/security-center/2026-04-08-threat-events-notification.mdx
index 14417dfa3c7..14c2ac82414 100644
--- a/src/content/changelog/security-center/2026-04-08-threat-events-notification.mdx
+++ b/src/content/changelog/security-center/2026-04-08-threat-events-notification.mdx
@@ -3,25 +3,25 @@ title: Real-time alerts and daily digests for Threat Events
description: You can now subscribe to automated notifications for your saved views in Threat Events
date: 2026-04-08
---
-
+
You can now automate your threat monitoring by setting up custom alerts in your saved views. Instead of manually checking the dashboard for updates, you can subscribe to notifications that trigger whenever new data matches your specific filter sets, like new activity associated to a particular threat actor or spikes in activity within your industry.
-
+
### Stay ahead of emerging threats
-
+
By linking your saved views to the Cloudflare Notifications Center, you can ensure the right information reaches your team at the right time.
-
+
- **Immediate Alerts**: receive real-time notifications the moment a critical event is detected that matches your saved criteria. This is essential for high-priority monitoring, such as tracking active campaigns from specific APT groups.
-
+
- **Daily Digests**: opt for a summarized report delivered once a day. This is ideal for maintaining situational awareness of broader trends, like regional activity shifts or industry-wide threat landscapes, without cluttering your inbox.
-
+
-
+
### How to get started
-
+
To set up an alert, go to **Application Security** > **Threat Intelligence** > **Threat Events**. From there:
-
+
1. Choose your datasets and apply your desired filters and select **Save View** (or select an existing one).
2. Open the **Manage Saved Views** menu.
3. Select **Add Alert** next to your chosen view to configure your notification preferences in the Cloudflare dashboard.
-
+
For more technical details on configuring notifications, refer to the [Threat Events documentation](/security-center/cloudforce-one/).
diff --git a/src/content/changelog/security-center/2026-05-12-URL-scanner-report-agent-readiness.mdx b/src/content/changelog/security-center/2026-05-12-URL-scanner-report-agent-readiness.mdx
index 7728d2033ec..fbe348b261e 100644
--- a/src/content/changelog/security-center/2026-05-12-URL-scanner-report-agent-readiness.mdx
+++ b/src/content/changelog/security-center/2026-05-12-URL-scanner-report-agent-readiness.mdx
@@ -9,16 +9,16 @@ We’ve added a new **Agent Readiness** tab to URL Scanner reports accessible vi
The Internet is shifting from a human-read web to a machine-read web. AI agents now browse, interact with, and even perform transactions on websites. If a site isn't "agent-ready," these bots may consume excessive bandwidth, fail to find critical information, or be unable to navigate your services efficiently.
This update provides material value by breaking down readiness into six actionable categories:
-- **Basic Web Presence**
+- **Basic Web Presence**
- **Discoverability**
-- **Content Accessibility**
-- **Bot Access Control**
-- **Protocol Discovery**
-- **Commerce**
+- **Content Accessibility**
+- **Bot Access Control**
+- **Protocol Discovery**
+- **Commerce**
## Accessing the report
-You can view these scores for any scanned URL directly in the dashboard or via our API.
+You can view these scores for any scanned URL directly in the dashboard or via our API.
* **Dashboard:** Go to **Protect & Connect > Application Security > Investigate**. After running a scan, select the **Agent Readiness** tab in the report.
* **API:** Use the [URL Scanner API](https://developers.cloudflare.com/radar/investigate/url-scanner/) to programmatically retrieve these scores for your infrastructure.
diff --git a/src/content/changelog/security-center/2026-06-08-create-waf-rules-from-threat-events.mdx b/src/content/changelog/security-center/2026-06-08-create-waf-rules-from-threat-events.mdx
index 230867e699c..420d27f1d6c 100644
--- a/src/content/changelog/security-center/2026-06-08-create-waf-rules-from-threat-events.mdx
+++ b/src/content/changelog/security-center/2026-06-08-create-waf-rules-from-threat-events.mdx
@@ -7,7 +7,7 @@ Cloudforce One users can now turn [Threat Events indicators](/security-center/cl
## Why this matters
-Threat intelligence is most effective when it is immediately actionable. Previously, blocking threat actors required manually extracting indicators from threat events and copying them into your firewall rules.
+Threat intelligence is most effective when it is immediately actionable. Previously, blocking threat actors required manually extracting indicators from threat events and copying them into your firewall rules.
This new integration bridges the gap between threat discovery and threat mitigation:
* When you identify an active threat pattern - such as an ongoing campaign targeting a specific industry, or using a known indicator type - you can pivot from investigation to mitigation in a single click.
* Instead of writing complex, static IP rules, this functionality allows you to leverage the specific filtering logic you have already defined and saved within your Threat Events ecosystem.
diff --git a/src/content/changelog/terraform/2025-08-01-terraform-v5.8.2-provider.mdx b/src/content/changelog/terraform/2025-08-01-terraform-v5.8.2-provider.mdx
index 280ce29c2ae..a61a03ff056 100644
--- a/src/content/changelog/terraform/2025-08-01-terraform-v5.8.2-provider.mdx
+++ b/src/content/changelog/terraform/2025-08-01-terraform-v5.8.2-provider.mdx
@@ -18,8 +18,8 @@ Thank you for continuing to raise issues. We triage them weekly and they help ma
- `cloudflare_argo_tiered_caching`
- Addressed chronic drift issues in `cloudflare_logpush_job`, `cloudflare_zero_trust_dns_location`, `cloudflare_ruleset` & `cloudflare_api_token`
- `cloudflare_zone_subscription` returns expected values `rate_plan.id` from former versions
-- `cloudflare_workers_script` can now successfully be destroyed with bindings & migration for Durable Objects now recorded in tfstate
-- Ability to configure `add_headers` under `cloudflare_zero_trust_gateway_policy`
+- `cloudflare_workers_script` can now successfully be destroyed with bindings & migration for Durable Objects now recorded in tfstate
+- Ability to configure `add_headers` under `cloudflare_zero_trust_gateway_policy`
- Other bug fixes
For a more detailed look at all of the changes, see the [changelog](https://github.com/cloudflare/terraform-provider-cloudflare/releases/tag/v5.8.2) in GitHub.
diff --git a/src/content/changelog/terraform/2025-08-15-terraform-v5.8.4-provider.mdx b/src/content/changelog/terraform/2025-08-15-terraform-v5.8.4-provider.mdx
index 32201f4ca38..9554a95ae02 100644
--- a/src/content/changelog/terraform/2025-08-15-terraform-v5.8.4-provider.mdx
+++ b/src/content/changelog/terraform/2025-08-15-terraform-v5.8.4-provider.mdx
@@ -6,9 +6,9 @@ products:
date: 2025-08-15
---
-Earlier this year, we announced the launch of the new [Terraform v5 Provider](/changelog/2025-02-03-terraform-v5-provider/). We are aware of the high number of [issues](https://github.com/cloudflare/terraform-provider-cloudflare) reported by the Cloudflare Community related to the v5 release. We have committed to releasing improvements on a two week cadence to ensure stability and reliability.
+Earlier this year, we announced the launch of the new [Terraform v5 Provider](/changelog/2025-02-03-terraform-v5-provider/). We are aware of the high number of [issues](https://github.com/cloudflare/terraform-provider-cloudflare) reported by the Cloudflare Community related to the v5 release. We have committed to releasing improvements on a two week cadence to ensure stability and reliability.
-One key change we adopted in recent weeks is a pivot to more comprehensive, test-driven development. We are still evaluating individual issues, but are also investing in much deeper testing to drive our stabilization efforts. We will subsequently be investing in comprehensive migration scripts. As a result, you will see several of the highest traffic APIs have been stabilized in the most recent release, and are supported by comprehensive acceptance tests.
+One key change we adopted in recent weeks is a pivot to more comprehensive, test-driven development. We are still evaluating individual issues, but are also investing in much deeper testing to drive our stabilization efforts. We will subsequently be investing in comprehensive migration scripts. As a result, you will see several of the highest traffic APIs have been stabilized in the most recent release, and are supported by comprehensive acceptance tests.
Thank you for continuing to raise issues. We triage them weekly and they help make our products stronger.
diff --git a/src/content/changelog/terraform/2025-11-20-terraform-v5.13.0-provider.mdx b/src/content/changelog/terraform/2025-11-20-terraform-v5.13.0-provider.mdx
index 3886135203e..b8944169148 100644
--- a/src/content/changelog/terraform/2025-11-20-terraform-v5.13.0-provider.mdx
+++ b/src/content/changelog/terraform/2025-11-20-terraform-v5.13.0-provider.mdx
@@ -6,11 +6,11 @@ products:
date: 2025-11-20
---
-Earlier this year, we announced the launch of the new Terraform v5 Provider. We are aware of the high number of issues reported by the Cloudflare community related to the v5 release. We have committed to releasing improvements on a [2-3 week cadence](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5774) to ensure its stability and reliability, including the v5.13 release. We have also pivoted from an [issue-to-issue approach to a resource-per-resource approach](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6237) - we will be focusing on specific resources to not only stabilize the resource but also ensure it is migration-friendly for those migrating from v4 to v5.
+Earlier this year, we announced the launch of the new Terraform v5 Provider. We are aware of the high number of issues reported by the Cloudflare community related to the v5 release. We have committed to releasing improvements on a [2-3 week cadence](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5774) to ensure its stability and reliability, including the v5.13 release. We have also pivoted from an [issue-to-issue approach to a resource-per-resource approach](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6237) - we will be focusing on specific resources to not only stabilize the resource but also ensure it is migration-friendly for those migrating from v4 to v5.
Thank you for continuing to raise issues. They make our provider stronger and help us build products that reflect your needs.
-This release includes new features, new resources and data sources, bug fixes, updates to our Developer Documentation, and more.
+This release includes new features, new resources and data sources, bug fixes, updates to our Developer Documentation, and more.
### Breaking Change
Please be aware that there are breaking changes for the `cloudflare_api_token` and `cloudflare_account_token` resources. These changes eliminate configuration drift caused by policy ordering differences in the Cloudflare API.
@@ -20,12 +20,12 @@ For more specific information about the changes or the actions required, please
### Features
-* **New resources and data sources added**
+* **New resources and data sources added**
* cloudflare_connectivity_directory
* cloudflare_sso_connector
* cloudflare_universal_ssl_setting
* **api_token+account_tokens:** state upgrader and schema bump ([#6472](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6472))
-* **docs:** make docs explicit when a resource does not have import support
+* **docs:** make docs explicit when a resource does not have import support
* **magic_transit_connector:** support self-serve license key ([#6398](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6398))
* **worker_version:** add content_base64 support
* **worker_version:** boolean support for run_worker_first ([#6407](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6407))
@@ -42,11 +42,11 @@ For more specific information about the changes or the actions required, please
* **dns_record:** inconsistent apply error ([#6452](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6452))
* **pages_domain:** resource tests ([#6338](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6338))
* **pages_project:** unintended resource state drift ([#6377](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6377))
-* **queue_consumer:** id population ([#6181](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6181))
+* **queue_consumer:** id population ([#6181](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6181))
* **workers_kv:** multipart request ([#6367](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6367))
-* **workers_kv:** updating workers metadata attribute to be read from endpoint ([#6386](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6386))
-* **workers_script_subdomain:** add note to cloudflare_workers_script_subdomain about redundancy with cloudflare_worker ([#6383](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6383))
-* **workers_script:** allow config.run_worker_first to accept list input
+* **workers_kv:** updating workers metadata attribute to be read from endpoint ([#6386](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6386))
+* **workers_script_subdomain:** add note to cloudflare_workers_script_subdomain about redundancy with cloudflare_worker ([#6383](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6383))
+* **workers_script:** allow config.run_worker_first to accept list input
* **zero_trust_device_custom_profile_local_domain_fallback:** drift issues ([#6365](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6365))
* **zero_trust_device_custom_profile:** resolve drift issues ([#6364](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6364))
* **zero_trust_dex_test:** correct configurability for 'targeted' attribute to fix drift
diff --git a/src/content/changelog/terraform/2025-12-05-terraform-v5.14.0-provider.mdx b/src/content/changelog/terraform/2025-12-05-terraform-v5.14.0-provider.mdx
index a33c746b859..e2157363da7 100644
--- a/src/content/changelog/terraform/2025-12-05-terraform-v5.14.0-provider.mdx
+++ b/src/content/changelog/terraform/2025-12-05-terraform-v5.14.0-provider.mdx
@@ -6,7 +6,7 @@ products:
date: 2025-12-05
---
-Earlier this year, we announced the launch of the new Terraform v5 Provider. We are aware of the high number of issues reported by the Cloudflare community related to the v5 release. We have committed to releasing improvements on a [2-3 week cadence](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5774) to ensure its stability and reliability, including the v5.14 release. We have also pivoted from an [issue-to-issue approach to a resource-per-resource approach](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6237) - we will be focusing on specific resources to not only stabilize the resource but also ensure it is migration-friendly for those migrating from v4 to v5.
+Earlier this year, we announced the launch of the new Terraform v5 Provider. We are aware of the high number of issues reported by the Cloudflare community related to the v5 release. We have committed to releasing improvements on a [2-3 week cadence](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5774) to ensure its stability and reliability, including the v5.14 release. We have also pivoted from an [issue-to-issue approach to a resource-per-resource approach](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6237) - we will be focusing on specific resources to not only stabilize the resource but also ensure it is migration-friendly for those migrating from v4 to v5.
Thank you for continuing to raise issues. They make our provider stronger and help us build products that reflect your needs.
@@ -14,7 +14,7 @@ This release includes bug fixes, the stabilization of even more popular resource
### Deprecation notice
-Resource affected: `api_shield_discovery_operation`
+Resource affected: `api_shield_discovery_operation`
Cloudflare continuously discovers and updates API endpoints and web assets of your web applications. To improve the maintainability of these dynamic resources, we are working on reducing the need to actively engage with discovered operations.
@@ -26,17 +26,17 @@ The corresponding public API endpoint of [discovered operations](https://develop
### Bug fixes
-- **account_members**: Makes member policies a set ([#6488](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6488))
+- **account_members**: Makes member policies a set ([#6488](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6488))
- **pages_project**: Ensures non empty refresh plans ([#6515](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6515))
-- **R2**: Improves sweeper ([#6512](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6512))
-- **workers_kv**: Ignores value import state for verify ([#6521](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6521))
-- **workers_script**: No longer treats the migrations attribute as WriteOnly ([#6489](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6489))
-- **workers_script**: Resolves resource drift when worker has unmanaged secret ([#6504](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6504))
-- **zero_trust_device_posture_rule**: Preserves input.version and other fields ([#6500](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6500)) and ([#6503](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6503))
+- **R2**: Improves sweeper ([#6512](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6512))
+- **workers_kv**: Ignores value import state for verify ([#6521](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6521))
+- **workers_script**: No longer treats the migrations attribute as WriteOnly ([#6489](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6489))
+- **workers_script**: Resolves resource drift when worker has unmanaged secret ([#6504](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6504))
+- **zero_trust_device_posture_rule**: Preserves input.version and other fields ([#6500](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6500)) and ([#6503](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6503))
- **zero_trust_dlp_custom_profile**: Adds sweepers for `dlp_custom_profile`
- **zone_subscription|account_subscription**: Adds `partners_ent` as valid enum for `rate_plan.id` ([#6505](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6505))
-- **zone**: Ensures datasource model schema parity ([#6487](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6487))
-- **subscription**: Updates import signature to accept account_id/subscription_id to import account subscription ([#6510](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6510))
+- **zone**: Ensures datasource model schema parity ([#6487](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6487))
+- **subscription**: Updates import signature to accept account_id/subscription_id to import account subscription ([#6510](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6510))
### Upgrade to newer version
We suggest waiting to migrate to v5 while we work on stabilization. This helps with avoiding any blocking issues while the Terraform resources are actively being [stabilized](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6237). We will be releasing a new migration tool in March 2026 to help support v4 to v5 transitions for our most popular resources.
diff --git a/src/content/changelog/terraform/2026-04-24-tf-migrate-tool-released.mdx b/src/content/changelog/terraform/2026-04-24-tf-migrate-tool-released.mdx
index 4aa693f7bd5..c56c69a421e 100644
--- a/src/content/changelog/terraform/2026-04-24-tf-migrate-tool-released.mdx
+++ b/src/content/changelog/terraform/2026-04-24-tf-migrate-tool-released.mdx
@@ -6,7 +6,7 @@ products:
- terraform
---
-We're excited to announce **tf-migrate**, a purpose-built CLI tool that simplifies migrating from Cloudflare Terraform Provider v4 to v5.
+We're excited to announce **tf-migrate**, a purpose-built CLI tool that simplifies migrating from Cloudflare Terraform Provider v4 to v5.
## v5 is stable and ready for production
@@ -24,7 +24,7 @@ Cloudflare uses tf-migrate to migrate our own infrastructure — the same tool w
- **Cross-file reference updates** – Automatically finds and updates all references to renamed resources across your entire configuration
- **Dry-run mode** – Preview all changes before applying them to ensure safety
-Combined with the automatic state upgraders introduced in v5.19+, tf-migrate eliminates the manual work and risk that previously made v5 migrations challenging. Tf-migrate operates directly on the config, and the built-in state upgraders handle the rest.
+Combined with the automatic state upgraders introduced in v5.19+, tf-migrate eliminates the manual work and risk that previously made v5 migrations challenging. Tf-migrate operates directly on the config, and the built-in state upgraders handle the rest.
## Supported resources
diff --git a/src/content/changelog/waf/2025-08-11-waf-release.mdx b/src/content/changelog/waf/2025-08-11-waf-release.mdx
index 62764e4b098..1822dee2711 100644
--- a/src/content/changelog/waf/2025-08-11-waf-release.mdx
+++ b/src/content/changelog/waf/2025-08-11-waf-release.mdx
@@ -24,7 +24,7 @@ This week's update focuses on a wide range of enterprise software, from network
- Node.js (CVE-2025-27210): An incomplete fix for a previous vulnerability (CVE-2025-23084) in Node.js affects the `path.join()` API method on Windows systems. The vulnerability can be triggered using reserved Windows device names such as `CON`, `PRN`, or `AUX`.
-- WordPress:Plugin:Simple File List (CVE-2025-34085, CVE-2020-36847):
+- WordPress:Plugin:Simple File List (CVE-2025-34085, CVE-2020-36847):
This vulnerability in the Simple File List plugin for WordPress allows an unauthenticated remote attacker to upload arbitrary files to a vulnerable site. This can be exploited to achieve remote code execution on the server.
(Note: CVE-2025-34085 has been rejected as a duplicate.)
@@ -37,7 +37,7 @@ This vulnerability in the Simple File List plugin for WordPress allows an unauth
- Manager-IO (CVE-2025-54122): A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability is present in the proxy handler of both Manager Desktop and Server editions up to version 25.7.18.2519. This allows an unauthenticated attacker to bypass network isolation and access internal services.
-- Ingress-Nginx (CVE-2025-1974): A vulnerability in the Ingress-Nginx controller for Kubernetes allows an attacker to bypass access control rules. An unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.
+- Ingress-Nginx (CVE-2025-1974): A vulnerability in the Ingress-Nginx controller for Kubernetes allows an attacker to bypass access control rules. An unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.
- PaperCut NG/MF (CVE-2023-2533): A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF. Under specific conditions, an attacker could exploit this to alter security settings or execute arbitrary code if they can deceive an administrator with an active login session into clicking a malicious link.
@@ -50,7 +50,7 @@ This vulnerability in the Simple File List plugin for WordPress allows an unauth
These vulnerabilities span a broad range of enterprise technologies, including network access control systems, monitoring platforms, web servers, CMS platforms, cloud services, and collaboration tools. Exploitation techniques range from remote code execution and command injection to authentication bypass, SQL injection, path traversal, and configuration weaknesses.
-A critical flaw in perimeter devices like Ivanti EPMM or SonicWall SMA could allow an unauthenticated attacker to gain remote code execution, completely breaching the primary network defense. A separate vulnerability within Cisco's Identity Services Engine could then be exploited to bypass network segmentation, granting an attacker widespread internal access. Insecure deserialization issues in platforms like Wazuh Server and CrushFTP could then be used to run malicious payloads or steal sensitive files from administrative consoles. Weaknesses in web delivery controllers like Ingress-Nginx or popular content management systems such as WordPress, SharePoint, and Kentico Xperience create vectors to bypass security controls, exfiltrate confidential data, or fully compromise servers.
+A critical flaw in perimeter devices like Ivanti EPMM or SonicWall SMA could allow an unauthenticated attacker to gain remote code execution, completely breaching the primary network defense. A separate vulnerability within Cisco's Identity Services Engine could then be exploited to bypass network segmentation, granting an attacker widespread internal access. Insecure deserialization issues in platforms like Wazuh Server and CrushFTP could then be used to run malicious payloads or steal sensitive files from administrative consoles. Weaknesses in web delivery controllers like Ingress-Nginx or popular content management systems such as WordPress, SharePoint, and Kentico Xperience create vectors to bypass security controls, exfiltrate confidential data, or fully compromise servers.
@@ -171,8 +171,8 @@ A critical flaw in perimeter devices like Ivanti EPMM or SonicWall SMA could all
| Cloudflare Managed Ruleset |
- |
- 100806 |
+
+ 100806 |
Wazuh Server - Remote Code Execution - CVE:CVE-2025-24016 |
Log |
Block |
@@ -186,7 +186,7 @@ A critical flaw in perimeter devices like Ivanti EPMM or SonicWall SMA could all
100824 |
CrushFTP - Remote Code Execution - CVE:CVE-2025-54309 |
Log |
- Block |
+ Block |
This is a New Detection |
@@ -197,7 +197,7 @@ A critical flaw in perimeter devices like Ivanti EPMM or SonicWall SMA could all
| 100824A |
CrushFTP - Remote Code Execution - CVE:CVE-2025-54309 - 2 |
Log |
- Block |
+ Block |
This is a New Detection |
@@ -208,7 +208,7 @@ A critical flaw in perimeter devices like Ivanti EPMM or SonicWall SMA could all
| 100825 |
AMI MegaRAC - Auth Bypass - CVE:CVE-2024-54085 |
Log |
- Block |
+ Block |
This is a New Detection |
diff --git a/src/content/changelog/waf/2025-08-22-waf-release.mdx b/src/content/changelog/waf/2025-08-22-waf-release.mdx
index 29597b72c3d..3da0158aa6f 100644
--- a/src/content/changelog/waf/2025-08-22-waf-release.mdx
+++ b/src/content/changelog/waf/2025-08-22-waf-release.mdx
@@ -51,7 +51,7 @@ import { RuleID } from "~/components";
| N/A |
Disabled |
This is a New Detection |
-
+
| Cloudflare Managed Ruleset |
diff --git a/src/content/changelog/waf/2025-09-01-waf-release.mdx b/src/content/changelog/waf/2025-09-01-waf-release.mdx
index 5470b675623..ff7dfac10f5 100644
--- a/src/content/changelog/waf/2025-09-01-waf-release.mdx
+++ b/src/content/changelog/waf/2025-09-01-waf-release.mdx
@@ -17,7 +17,7 @@ This week, a critical vulnerability was disclosed in Fortinet FortiWeb (versions
**Impact**
-Exploitation could allow an unauthenticated attacker to impersonate any existing user on the device, potentially enabling them to modify system settings or exfiltrate sensitive information, posing a serious security risk. Upgrading to the latest vendor-released version is strongly recommended.
+Exploitation could allow an unauthenticated attacker to impersonate any existing user on the device, potentially enabling them to modify system settings or exfiltrate sensitive information, posing a serious security risk. Upgrading to the latest vendor-released version is strongly recommended.
diff --git a/src/content/changelog/waf/2025-09-08-waf-release.mdx b/src/content/changelog/waf/2025-09-08-waf-release.mdx
index 1784243e8d5..51f2bf86f5d 100644
--- a/src/content/changelog/waf/2025-09-08-waf-release.mdx
+++ b/src/content/changelog/waf/2025-09-08-waf-release.mdx
@@ -6,7 +6,7 @@ date: 2025-09-08
import { RuleID } from "~/components";
-**This week's update**
+**This week's update**
This week’s focus highlights newly disclosed vulnerabilities in web frameworks, enterprise applications, and widely deployed CMS plugins. The vulnerabilities include SSRF, authentication bypass, arbitrary file upload, and remote code execution (RCE), exposing organizations to high-impact risks such as unauthorized access, system compromise, and potential data exposure. In addition, security rule enhancements have been deployed to cover general command injection and server-side injection attacks, further strengthening protections.
@@ -56,7 +56,7 @@ Administrators are strongly advised to apply vendor patches immediately, remove
| Cloudflare Managed Ruleset |
- |
+
100617 |
Next.js - SSRF - CVE:CVE-2025-57822 |
Log |
@@ -73,7 +73,7 @@ Administrators are strongly advised to apply vendor patches immediately, remove
Log |
Block |
This rule is merged into the original rule "Common Payloads for Server-Side Template Injection" (ID: ) |
-
+
| Cloudflare Managed Ruleset |
@@ -84,7 +84,7 @@ Administrators are strongly advised to apply vendor patches immediately, remove
| Log |
Disabled |
This is a New Detection |
-
+
| Cloudflare Managed Ruleset |
@@ -139,6 +139,6 @@ Administrators are strongly advised to apply vendor patches immediately, remove
| Log |
Block |
This is a New Detection |
-
+
\ No newline at end of file
diff --git a/src/content/changelog/waf/2025-09-22-waf-release.mdx b/src/content/changelog/waf/2025-09-22-waf-release.mdx
index fd3fff204e4..df3fbd4303f 100644
--- a/src/content/changelog/waf/2025-09-22-waf-release.mdx
+++ b/src/content/changelog/waf/2025-09-22-waf-release.mdx
@@ -11,9 +11,9 @@ This week emphasizes two critical vendor-specific vulnerabilities: a full elevat
**Key Findings**
-* Azure (CVE-2025-54914): Vulnerability in Azure Networking allowing elevation of privileges.
+* Azure (CVE-2025-54914): Vulnerability in Azure Networking allowing elevation of privileges.
-* Skyvern (CVE-2025-49619): Skyvern ≤ 0.1.85 has a server-side template injection (SSTI) vulnerability in its Prompt field (workflow blocks) via Jinja2. Authenticated users with low privileges can get remote code execution (blind).
+* Skyvern (CVE-2025-49619): Skyvern ≤ 0.1.85 has a server-side template injection (SSTI) vulnerability in its Prompt field (workflow blocks) via Jinja2. Authenticated users with low privileges can get remote code execution (blind).
* Generic SQLi / SSRF improvements: Expanded rule coverage to detect obfuscated SQL injection patterns and SSRF across host, local, and cloud contexts.
@@ -21,9 +21,9 @@ This week emphasizes two critical vendor-specific vulnerabilities: a full elevat
These vulnerabilities allow attackers to escalate privileges or execute code under conditions where previously they could not:
-* Azure CVE-2025-54914 enables an attacker from the network with no credentials to gain high-level access within Azure Networking; could lead to full compromise of networking components.
+* Azure CVE-2025-54914 enables an attacker from the network with no credentials to gain high-level access within Azure Networking; could lead to full compromise of networking components.
-* Skyvern CVE-2025-49619 allows authenticated users with minimal privilege to exploit SSTI for remote code execution, undermining isolation of workflow components.
+* Skyvern CVE-2025-49619 allows authenticated users with minimal privilege to exploit SSTI for remote code execution, undermining isolation of workflow components.
* The improvements for SQLi and SSRF reduce risk from common injection and request-based attacks.
diff --git a/src/content/changelog/waf/2025-10-06-waf-release.mdx b/src/content/changelog/waf/2025-10-06-waf-release.mdx
index d4f1efa95c7..cf3033a56fa 100644
--- a/src/content/changelog/waf/2025-10-06-waf-release.mdx
+++ b/src/content/changelog/waf/2025-10-06-waf-release.mdx
@@ -20,7 +20,7 @@ This week’s highlights prioritise an emergency Oracle E-Business Suite RCE rul
**Impact**
-* CVE-2025-61882 — Oracle E-Business Suite remote code execution (emergency detection): attacker-controlled input can yield full system compromise, data exfiltration, and operational outage; immediate blocking enforced.
+* CVE-2025-61882 — Oracle E-Business Suite remote code execution (emergency detection): attacker-controlled input can yield full system compromise, data exfiltration, and operational outage; immediate blocking enforced.
* CVE-2025-59358 / CVE-2025-59359 / CVE-2025-59360 / CVE-2025-59361 — Unauthenticated command-injection in Chaos Mesh controllers allowing remote code execution, cluster compromise, and service disruption (high availability risk).
@@ -93,7 +93,7 @@ This week’s highlights prioritise an emergency Oracle E-Business Suite RCE rul
| Log |
Block |
This is a New Detection |
-
+
| Cloudflare Managed Ruleset |
@@ -126,6 +126,6 @@ This week’s highlights prioritise an emergency Oracle E-Business Suite RCE rul
| N/A |
Disabled |
This is a New Detection |
-
+
\ No newline at end of file
diff --git a/src/content/changelog/waf/2025-10-07-emergency-waf-release.mdx b/src/content/changelog/waf/2025-10-07-emergency-waf-release.mdx
index fa9d65c7613..aa9759d2e9f 100644
--- a/src/content/changelog/waf/2025-10-07-emergency-waf-release.mdx
+++ b/src/content/changelog/waf/2025-10-07-emergency-waf-release.mdx
@@ -7,7 +7,7 @@ date: 2025-10-07
import { RuleID } from "~/components";
This week highlights multiple critical Cisco vulnerabilities (CVE-2025-20363, CVE-2025-20333, CVE-2025-20362). This flaw stems from improper input validation in HTTP(S) requests. An authenticated VPN user could send crafted requests to execute code as root, potentially compromising the device.
-The initial two rules were made available on September 28, with a third rule added today, October 7, for more robust protection.
+The initial two rules were made available on September 28, with a third rule added today, October 7, for more robust protection.
* Cisco (CVE-2025-20333, CVE-2025-20362, CVE-2025-20363): Multiple vulnerabilities that could allow attackers to exploit unsafe deserialization and input validation flaws. Successful exploitation may result in arbitrary code execution, privilege escalation, or command injection on affected systems.
diff --git a/src/content/changelog/waf/2025-10-20-waf-release.mdx b/src/content/changelog/waf/2025-10-20-waf-release.mdx
index b566732da2e..23a04b69122 100644
--- a/src/content/changelog/waf/2025-10-20-waf-release.mdx
+++ b/src/content/changelog/waf/2025-10-20-waf-release.mdx
@@ -39,7 +39,7 @@ New WAF rule deployed for Oracle E-Business Suite (CVE-2025-61882) to block una
Log |
Block |
This rule is merged into the original rule "Remote Code Execution - Common Bash Bypass" (ID: ) |
-
+
| Cloudflare Managed Ruleset |
diff --git a/src/content/changelog/waf/2025-11-05-emergency-waf-release.mdx b/src/content/changelog/waf/2025-11-05-emergency-waf-release.mdx
index c9584fd1902..e73e8bff125 100644
--- a/src/content/changelog/waf/2025-11-05-emergency-waf-release.mdx
+++ b/src/content/changelog/waf/2025-11-05-emergency-waf-release.mdx
@@ -14,7 +14,7 @@ The Metro Development Server exposes an HTTP endpoint that is vulnerable to OS c
**Impact**
-Successful exploitation of CVE-2025-11953 may result in remote command execution on developer workstations or CI/build agents, leading to credential and secret exposure, source tampering, and potential lateral movement into internal networks. Administrators and developers are strongly advised to apply the vendor's patches and restrict Metro’s network exposure to reduce this risk.
+Successful exploitation of CVE-2025-11953 may result in remote command execution on developer workstations or CI/build agents, leading to credential and secret exposure, source tampering, and potential lateral movement into internal networks. Administrators and developers are strongly advised to apply the vendor's patches and restrict Metro’s network exposure to reduce this risk.
diff --git a/src/content/changelog/waf/2025-11-10-waf-release.mdx b/src/content/changelog/waf/2025-11-10-waf-release.mdx
index c442f868948..6f0e60f36da 100644
--- a/src/content/changelog/waf/2025-11-10-waf-release.mdx
+++ b/src/content/changelog/waf/2025-11-10-waf-release.mdx
@@ -39,7 +39,7 @@ Exploitation may allow attackers to change internal logic or cause unexpected be
| Log |
Disabled |
This is a new detection |
-
+
| Cloudflare Managed Ruleset |
@@ -61,6 +61,6 @@ Exploitation may allow attackers to change internal logic or cause unexpected be
| Log |
Disabled |
This is a new detection |
-
+
diff --git a/src/content/changelog/waf/2025-12-01-waf-release.mdx b/src/content/changelog/waf/2025-12-01-waf-release.mdx
index 5c9725909eb..9cc8aed15a6 100644
--- a/src/content/changelog/waf/2025-12-01-waf-release.mdx
+++ b/src/content/changelog/waf/2025-12-01-waf-release.mdx
@@ -39,7 +39,7 @@ If exploited, the vulnerability enables full remote command execution on the und
| Log |
Block |
This is a new detection |
-
+
| Cloudflare Managed Ruleset |
@@ -50,6 +50,6 @@ If exploited, the vulnerability enables full remote command execution on the und
| Log |
Block |
This rule is merged into the original rule "XSS - JS Context Escape" (ID: ) |
-
+
diff --git a/src/content/changelog/waf/2025-12-18-waf-release.mdx b/src/content/changelog/waf/2025-12-18-waf-release.mdx
index 161f57af1c4..3eb4d251917 100644
--- a/src/content/changelog/waf/2025-12-18-waf-release.mdx
+++ b/src/content/changelog/waf/2025-12-18-waf-release.mdx
@@ -48,7 +48,7 @@ This week's release focuses on improvements to existing detections to enhance co
N/A |
PostgreSQL - SQLi - Copy - Beta |
Log |
- Block |
+ Block |
This rule is merged into the original rule "PostgreSQL - SQLi - COPY" (ID: ) |
@@ -59,7 +59,7 @@ This week's release focuses on improvements to existing detections to enhance co
| N/A |
Generic Rules - Command Execution - Body |
Log |
- Disabled |
+ Disabled |
This is a new detection. |
@@ -128,5 +128,5 @@ This week's release focuses on improvements to existing detections to enhance co
| Block |
This rule is merged into the original rule "SQLi - Equation" (ID: ) |
-
+
diff --git a/src/content/changelog/waf/2026-01-12-waf-release.mdx b/src/content/changelog/waf/2026-01-12-waf-release.mdx
index f98c0a33796..c08689eb9af 100644
--- a/src/content/changelog/waf/2026-01-12-waf-release.mdx
+++ b/src/content/changelog/waf/2026-01-12-waf-release.mdx
@@ -6,7 +6,7 @@ date: 2026-01-12
import { RuleID } from "~/components";
-This week's release focuses on improvements to existing detections to enhance coverage.
+This week's release focuses on improvements to existing detections to enhance coverage.
**Key Findings**
@@ -45,8 +45,8 @@ This week's release focuses on improvements to existing detections to enhance co
N/A |
SQLi - Benchmark Function - Beta |
Log |
- Block |
+ Block |
This rule is merged into the original rule "SQLi - Benchmark Function" (ID: ) |
-
+
diff --git a/src/content/changelog/waf/2026-01-15-waf-release.mdx b/src/content/changelog/waf/2026-01-15-waf-release.mdx
index 63c93358717..3b6048de1f4 100644
--- a/src/content/changelog/waf/2026-01-15-waf-release.mdx
+++ b/src/content/changelog/waf/2026-01-15-waf-release.mdx
@@ -6,7 +6,7 @@ date: 2026-01-15
import { RuleID } from "~/components";
-This week's release focuses on improvements to existing detections to enhance coverage.
+This week's release focuses on improvements to existing detections to enhance coverage.
**Key Findings**
@@ -45,8 +45,8 @@ This week's release focuses on improvements to existing detections to enhance co
N/A |
SQLi - Sub Query - Beta |
Log |
- Block |
+ Block |
This rule is merged into the original rule "SQLi - Sub Query" (ID: ) |
-
+
diff --git a/src/content/changelog/waf/2026-01-20-waf-release.mdx b/src/content/changelog/waf/2026-01-20-waf-release.mdx
index 0da1e57c513..c7a9d70025a 100644
--- a/src/content/changelog/waf/2026-01-20-waf-release.mdx
+++ b/src/content/changelog/waf/2026-01-20-waf-release.mdx
@@ -6,7 +6,7 @@ date: 2026-01-20
import { RuleID } from "~/components";
-This week's release focuses on improvements to existing detections to enhance coverage.
+This week's release focuses on improvements to existing detections to enhance coverage.
**Key Findings**
@@ -45,8 +45,8 @@ This week's release focuses on improvements to existing detections to enhance co
N/A |
SQLi - Comparison - Beta |
Log |
- Block |
+ Block |
This rule is merged into the original rule "SQLi - Comparison" (ID: ) |
-
+
diff --git a/src/content/changelog/waf/2026-02-10-waf-release.mdx b/src/content/changelog/waf/2026-02-10-waf-release.mdx
index 16ed2526ce4..2624efa9bd3 100644
--- a/src/content/changelog/waf/2026-02-10-waf-release.mdx
+++ b/src/content/changelog/waf/2026-02-10-waf-release.mdx
@@ -6,7 +6,7 @@ date: 2026-02-10
import { RuleID } from "~/components";
-This week’s release changes the rule action from BLOCK to Disabled for Anomaly:Header:User-Agent - Fake Google Bot.
+This week’s release changes the rule action from BLOCK to Disabled for Anomaly:Header:User-Agent - Fake Google Bot.
diff --git a/src/content/changelog/waf/2026-03-02-waf-release.mdx b/src/content/changelog/waf/2026-03-02-waf-release.mdx
index 5e417a5421f..ced956c0fa5 100644
--- a/src/content/changelog/waf/2026-03-02-waf-release.mdx
+++ b/src/content/changelog/waf/2026-03-02-waf-release.mdx
@@ -64,6 +64,6 @@ Successful exploitation of these SmarterMail vulnerabilities could lead to full
| Block |
This rule is merged into the original rule "Command Injection - Nslookup" (ID: ) |
-
+
diff --git a/src/content/changelog/waf/2026-03-12-emergency-waf-release.mdx b/src/content/changelog/waf/2026-03-12-emergency-waf-release.mdx
index 37ee704eb66..204512353b1 100644
--- a/src/content/changelog/waf/2026-03-12-emergency-waf-release.mdx
+++ b/src/content/changelog/waf/2026-03-12-emergency-waf-release.mdx
@@ -40,7 +40,7 @@ Successful exploitation of Ivanti EPMM vulnerability allows unauthenticated remo
Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
diff --git a/src/content/changelog/waf/2026-03-23-waf-release.mdx b/src/content/changelog/waf/2026-03-23-waf-release.mdx
index 4b55ee8e500..b9a3bfe11cc 100644
--- a/src/content/changelog/waf/2026-03-23-waf-release.mdx
+++ b/src/content/changelog/waf/2026-03-23-waf-release.mdx
@@ -48,7 +48,7 @@ This week's release focuses on new improvements to enhance coverage.
| N/A |
Command Injection - Generic 9 - Header Vector |
Log |
- Disabled |
+ Disabled |
This is a new detection. |
@@ -59,7 +59,7 @@ This week's release focuses on new improvements to enhance coverage.
| N/A |
Command Injection - Generic 9 - Body Vector |
Log |
- Disabled |
+ Disabled |
This is a new detection. |
@@ -73,5 +73,5 @@ This week's release focuses on new improvements to enhance coverage.
| Block |
This rule has been merged into the original rule "PHP, vBulletin, jQuery File Upload - Code Injection, Dangerous File Upload - CVE:CVE-2018-9206, CVE:CVE-2019-17132" (ID: ) |
-
+
diff --git a/src/content/changelog/waf/2026-03-30-waf-release.mdx b/src/content/changelog/waf/2026-03-30-waf-release.mdx
index 1bf0c23738b..1c68a3c9f42 100644
--- a/src/content/changelog/waf/2026-03-30-waf-release.mdx
+++ b/src/content/changelog/waf/2026-03-30-waf-release.mdx
@@ -50,7 +50,7 @@ Successful exploitation of the Fortinet and Magento vulnerabilities could allow
N/A |
Generic Rules - Parameter Pollution - Header - Form |
Log |
- Disabled |
+ Disabled |
This is a new detection. |
@@ -61,7 +61,7 @@ Successful exploitation of the Fortinet and Magento vulnerabilities could allow
| N/A |
Generic Rules - Parameter Pollution - URI |
Log |
- Disabled |
+ Disabled |
This is a new detection. |
@@ -85,6 +85,6 @@ Successful exploitation of the Fortinet and Magento vulnerabilities could allow
| Log |
Block |
This is a new detection. |
-
-
+
+
diff --git a/src/content/changelog/waf/2026-04-15-waf-release.mdx b/src/content/changelog/waf/2026-04-15-waf-release.mdx
index 48b63b279a7..d87794d78ab 100644
--- a/src/content/changelog/waf/2026-04-15-waf-release.mdx
+++ b/src/content/changelog/waf/2026-04-15-waf-release.mdx
@@ -54,7 +54,7 @@ Successful exploitation of these vulnerabilities could allow unauthenticated att
Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -65,7 +65,7 @@ Successful exploitation of these vulnerabilities could allow unauthenticated att
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
diff --git a/src/content/changelog/waf/2026-04-21-waf-release.mdx b/src/content/changelog/waf/2026-04-21-waf-release.mdx
index d31b75ad221..e931a8565fd 100644
--- a/src/content/changelog/waf/2026-04-21-waf-release.mdx
+++ b/src/content/changelog/waf/2026-04-21-waf-release.mdx
@@ -57,10 +57,9 @@ We are continuously refining our managed rules to provide more resilient protect
| Disabled |
This is a new detection. This rule is merged into the original rule
- "Command Injection - Generic 8 - body" (ID:{" "}
- ). The rule previously known as "Command Injection - Generic 8" is now renamed to "Command Injection - Generic 8 - body".
+ "Command Injection - Generic 8 - body" (ID: ). The rule previously known as "Command Injection - Generic 8" is now renamed to "Command Injection - Generic 8 - body".
|
-
+
| Cloudflare Managed Ruleset |
@@ -72,8 +71,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Block |
This is a new detection. This rule is merged into the original rule
- "MySQL - SQLi - Executable Comment - Body" (ID:{" "}
- ) The rule previously known as "MySQL - SQLi - Executable Comment" is now renamed to "MySQL - SQLi - Executable Comment - Body".
+ "MySQL - SQLi - Executable Comment - Body" (ID: ) The rule previously known as "MySQL - SQLi - Executable Comment" is now renamed to "MySQL - SQLi - Executable Comment - Body".
|
@@ -88,7 +86,7 @@ We are continuously refining our managed rules to provide more resilient protect
|
This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -101,7 +99,7 @@ We are continuously refining our managed rules to provide more resilient protect
|
This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -114,7 +112,7 @@ We are continuously refining our managed rules to provide more resilient protect
|
This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -127,7 +125,7 @@ We are continuously refining our managed rules to provide more resilient protect
|
This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -139,10 +137,9 @@ We are continuously refining our managed rules to provide more resilient protect
| Block |
This is a new detection. This rule is merged into the original rule
- "SQLi - Sleep Function" (ID:{" "}
- )
+ "SQLi - Sleep Function" (ID: )
|
-
+
| Cloudflare Managed Ruleset |
@@ -153,9 +150,9 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
- This is a new detection.
+ This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -166,9 +163,9 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
- This is a new detection.
+ This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -179,9 +176,9 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
- This is a new detection.
+ This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -192,9 +189,9 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
- This is a new detection.
+ This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -208,7 +205,7 @@ We are continuously refining our managed rules to provide more resilient protect
This is a new detection. This rule is merged into the original rule
"SQLi - Probing" (ID: )
|
-
+
| Cloudflare Managed Ruleset |
@@ -221,7 +218,7 @@ We are continuously refining our managed rules to provide more resilient protect
|
This rule had duplicate detection logic and has been deprecated.
|
-
+
| Cloudflare Managed Ruleset |
@@ -234,8 +231,8 @@ We are continuously refining our managed rules to provide more resilient protect
|
This rule has been renamed to differentiate from "SQLi - UNION in MSSQL" (ID: ) and contains updated rule logic.
|
-
-
+
+
| Cloudflare Managed Ruleset |
@@ -247,7 +244,7 @@ We are continuously refining our managed rules to provide more resilient protect
|
This rule had duplicate detection logic and has been deprecated.
|
-
+
| Cloudflare Managed Ruleset |
@@ -258,9 +255,9 @@ We are continuously refining our managed rules to provide more resilient protect
| Disabled |
Disabled |
- This is a new detection.
+ This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -273,7 +270,7 @@ We are continuously refining our managed rules to provide more resilient protect
|
This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -284,9 +281,9 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Disabled |
- This is a new detection.
+ This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -297,9 +294,9 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Disabled |
- This is a new detection.
+ This is a new detection.
|
-
+
| Cloudflare Managed Ruleset |
@@ -310,8 +307,8 @@ We are continuously refining our managed rules to provide more resilient protect
| Disabled |
Disabled |
- This is a new detection.
+ This is a new detection.
|
-
+
diff --git a/src/content/changelog/waf/2026-04-27-waf-release.mdx b/src/content/changelog/waf/2026-04-27-waf-release.mdx
index 0693afdefc1..c441198d960 100644
--- a/src/content/changelog/waf/2026-04-27-waf-release.mdx
+++ b/src/content/changelog/waf/2026-04-27-waf-release.mdx
@@ -42,8 +42,7 @@ We are continuously refining our managed rules to provide more resilient protect
Block |
This is a new detection. This rule is merged into the original rule
- "PostgreSQL - SQLi - COPY - Body (ID:{" "}
- ). The rule previously known as "PostgreSQL - SQLi - COPY" is now renamed to "PostgreSQL - SQLi - COPY - Body".
+ "PostgreSQL - SQLi - COPY - Body (ID: ). The rule previously known as "PostgreSQL - SQLi - COPY" is now renamed to "PostgreSQL - SQLi - COPY - Body".
|
@@ -56,7 +55,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -67,7 +66,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -79,8 +78,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Block |
This is a new detection. This rule is merged into the original rule
- "SQLi - AND/OR MAKE_SET/ELT - Body" (ID:{" "}
- ). The rule previously known as "SQLi - AND/OR MAKE_SET/ELT" is now renamed to "SQLi - AND/OR MAKE_SET/ELT - Body".
+ "SQLi - AND/OR MAKE_SET/ELT - Body" (ID: ). The rule previously known as "SQLi - AND/OR MAKE_SET/ELT" is now renamed to "SQLi - AND/OR MAKE_SET/ELT - Body".
|
@@ -93,7 +91,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -116,8 +114,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Block |
This is a new detection. This rule is merged into the original rule
- "SQLi - Common Patterns - Body" (ID:{" "}
- ). The rule previously known as "SQLi - Common Patterns" is now renamed to "SQLi - Common Patterns - Body".
+ "SQLi - Common Patterns - Body" (ID: ). The rule previously known as "SQLi - Common Patterns" is now renamed to "SQLi - Common Patterns - Body".
|
@@ -130,7 +127,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -153,8 +150,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Block |
This is a new detection. This rule is merged into the original rule
- "SQLi - Equation - Body" (ID:{" "}
- ). The rule previously known as "SQLi - Equation" is now renamed to "SQLi - Equation - Body".
+ "SQLi - Equation - Body" (ID: ). The rule previously known as "SQLi - Equation" is now renamed to "SQLi - Equation - Body".
|
@@ -167,7 +163,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -190,8 +186,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Block |
This is a new detection. This rule is merged into the original rule
- "SQLi - AND/OR Digit Operator Digit - Body" (ID:{" "}
- ). The rule previously known as "SQLi - AND/OR Digit Operator Digit" is now renamed to "SQLi - AND/OR Digit Operator Digit - Body".
+ "SQLi - AND/OR Digit Operator Digit - Body" (ID: ). The rule previously known as "SQLi - AND/OR Digit Operator Digit" is now renamed to "SQLi - AND/OR Digit Operator Digit - Body".
|
@@ -227,8 +222,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Block |
This is a new detection. This rule is merged into the original rule
- "SQLi - Benchmark Function - Body" (ID:{" "}
- ). The rule previously known as "SQLi - Benchmark Function" is now renamed to "SQLi - Benchmark Function - Body".
+ "SQLi - Benchmark Function - Body" (ID: ). The rule previously known as "SQLi - Benchmark Function" is now renamed to "SQLi - Benchmark Function - Body".
|
@@ -241,7 +235,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -264,8 +258,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Block |
This is a new detection. This rule is merged into the original rule
- "SQLi - Comparison - Body" (ID:{" "}
- ). The rule previously known as "SQLi - Comparison" is now renamed to "SQLi - Comparison - Body".
+ "SQLi - Comparison - Body" (ID: ). The rule previously known as "SQLi - Comparison" is now renamed to "SQLi - Comparison - Body".
|
@@ -278,7 +271,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -299,9 +292,8 @@ We are continuously refining our managed rules to provide more resilient protect
| SQLi - String Concatenation - Body - Beta |
Log |
Block |
- This is a new detection. This rule is merged into the original rule "SQLi - String Concatenation - Headers" (ID:{" "}
- ).The rule previously known as "SQLi - String Concatenation - Headers" is now renamed to "SQLi - String Concatenation - Body". |
-
+ This is a new detection. This rule is merged into the original rule "SQLi - String Concatenation - Headers" (ID: ).The rule previously known as "SQLi - String Concatenation - Headers" is now renamed to "SQLi - String Concatenation - Body". |
+
| Cloudflare Managed Ruleset |
@@ -311,9 +303,8 @@ We are continuously refining our managed rules to provide more resilient protect
| SQLi - String Concatenation - Headers |
Log |
Block |
- This is a new detection.(Former Id was{" "}
- ) |
-
+ This is a new detection.(Former Id was ) |
+
| Cloudflare Managed Ruleset |
@@ -323,9 +314,8 @@ We are continuously refining our managed rules to provide more resilient protect
| SQLi - String Concatenation - URI |
Log |
Block |
- This is a new detection. (Former Id was{" "}
- ) |
-
+ This is a new detection. (Former Id was ) |
+
| Cloudflare Managed Ruleset |
@@ -337,10 +327,9 @@ We are continuously refining our managed rules to provide more resilient protect
| Block |
This is a new detection. This rule is merged into the original rule
- "SQLi - SELECT Expression - Body" (ID:{" "}
- ). The rule previously known as "SQLi - SELECT Expression" is now renamed to "SQLi - SELECT Expression - Body".
+ "SQLi - SELECT Expression - Body" (ID: ). The rule previously known as "SQLi - SELECT Expression" is now renamed to "SQLi - SELECT Expression - Body".
|
-
+
| Cloudflare Managed Ruleset |
@@ -351,7 +340,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -362,7 +351,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -374,10 +363,9 @@ We are continuously refining our managed rules to provide more resilient protect
| Block |
This is a new detection. This rule is merged into the original rule
- "SQLi - ORD and ASCII- Body" (ID:{" "}
- ). The rule previously known as "SQLi - ORD and ASCII" is now renamed to "SQLi - ORD and ASCII- Body".
+ "SQLi - ORD and ASCII- Body" (ID: ). The rule previously known as "SQLi - ORD and ASCII" is now renamed to "SQLi - ORD and ASCII- Body".
|
-
+
| Cloudflare Managed Ruleset |
@@ -388,7 +376,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -399,7 +387,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
| Cloudflare Managed Ruleset |
@@ -410,6 +398,6 @@ We are continuously refining our managed rules to provide more resilient protect
| Log |
Block |
This is a new detection. |
-
+
\ No newline at end of file
diff --git a/src/content/changelog/waf/2026-05-04-waf-release.mdx b/src/content/changelog/waf/2026-05-04-waf-release.mdx
index 1d27b8dbad9..ed86ce353f8 100644
--- a/src/content/changelog/waf/2026-05-04-waf-release.mdx
+++ b/src/content/changelog/waf/2026-05-04-waf-release.mdx
@@ -3,21 +3,21 @@ title: "WAF Release - 2026-05-04"
description: Cloudflare WAF managed rulesets 2026-05-04 release
date: 2026-05-04
---
-
+
import { RuleID } from "~/components";
-
+
This week's release focuses on new detections to expand coverage across command injection, SQL injection, PHP object injection, remote code execution, and XSS attack vectors.
-
+
**Key Findings**
-
+
- Existing rule enhancements have been deployed to improve detection resilience against broad classes of web attacks and strengthen behavioral coverage.
-
-
+
+
**Continuous Rule Improvements**
-
+
We are continuously refining our managed rules to provide more resilient protection and deeper insights into attack patterns. To ensure an optimal security posture, we recommend consistently monitoring the Security Events dashboard and adjusting rule actions as these enhancements are deployed.
-
-
+
+
@@ -42,8 +42,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Block |
This is a new detection. This rule is merged into the original rule
- "XSS, HTML Injection - Object Tag" (ID:{" "}
- ).
+ "XSS, HTML Injection - Object Tag" (ID: ).
|
@@ -87,8 +86,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Disabled |
This is a new detection. This rule is merged into the original rule
- "Command Injection - Generic 9 - Body Vector" (ID:{" "}
- )
+ "Command Injection - Generic 9 - Body Vector" (ID: )
|
@@ -102,8 +100,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Disabled |
This is a new detection. This rule is merged into the original rule
- "Command Injection - Generic 9 - Header Vector" (ID:{" "}
- )
+ "Command Injection - Generic 9 - Header Vector" (ID: )
|
@@ -117,8 +114,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Disabled |
This is a new detection. This rule is merged into the original rule
- "Command Injection - Generic 9 - URI Vector" (ID:{" "}
- )
+ "Command Injection - Generic 9 - URI Vector" (ID: )
|
@@ -201,8 +197,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Disabled |
This is a new detection. This rule is merged into the original rule
- "Remote Code Execution - Common Bash Bypass Body" (ID:{" "}
- ). The rule previously
+ "Remote Code Execution - Common Bash Bypass Body" (ID: ). The rule previously
known as "Remote Code Execution - Common Bash Bypass Beta" is now
renamed to "Remote Code Execution - Common Bash Bypass Body".
|
@@ -218,8 +213,7 @@ We are continuously refining our managed rules to provide more resilient protect
Disabled |
This is a new detection. This rule is merged into the original rule
- "PHP Object Injection - 2" (ID:{" "}
- )
+ "PHP Object Injection - 2" (ID: )
|
@@ -255,8 +249,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Disabled |
This is a new detection. This rule is merged into the original rule
- "SQLi - DROP - 2" (ID:{" "}
- )
+ "SQLi - DROP - 2" (ID: )
|
diff --git a/src/content/changelog/waf/2026-05-11-waf-release.mdx b/src/content/changelog/waf/2026-05-11-waf-release.mdx
index 043c71508d1..aec0317157f 100644
--- a/src/content/changelog/waf/2026-05-11-waf-release.mdx
+++ b/src/content/changelog/waf/2026-05-11-waf-release.mdx
@@ -40,8 +40,7 @@ We are continuously refining our managed rules to provide more resilient protect
| Disabled |
This is a new detection. This rule is merged into the original rule
- "Remote Code Execution - Java Deserialization" (ID:{" "}
- ).
+ "Remote Code Execution - Java Deserialization" (ID: ).
|
diff --git a/src/content/changelog/waf/2026-05-20-waf-release.mdx b/src/content/changelog/waf/2026-05-20-waf-release.mdx
index f6bd07a5a23..12593844586 100644
--- a/src/content/changelog/waf/2026-05-20-waf-release.mdx
+++ b/src/content/changelog/waf/2026-05-20-waf-release.mdx
@@ -37,8 +37,7 @@ We are continuously refining our managed rules to provide more resilient protect
N/A |
Block |
- This rule is merged into the original rule "Sitecore - Cache Poisoning - CVE:CVE-2025-53693" (ID:{" "}
- ).
+ This rule is merged into the original rule "Sitecore - Cache Poisoning - CVE:CVE-2025-53693" (ID: ).
|
diff --git a/src/content/changelog/workers-ai/2025-10-02-deepgram-flux.mdx b/src/content/changelog/workers-ai/2025-10-02-deepgram-flux.mdx
index 41abd7c5924..75dcaf2c7f4 100644
--- a/src/content/changelog/workers-ai/2025-10-02-deepgram-flux.mdx
+++ b/src/content/changelog/workers-ai/2025-10-02-deepgram-flux.mdx
@@ -31,19 +31,19 @@ export default {
},
} satisfies ExportedHandler;
```
-
+
2. Deploy your worker
```bash
npx wrangler deploy
```
-
+
3. Write a client script to connect to your worker and start sending random audio bytes to it
```js
const ws = new WebSocket('wss://');
-
+
ws.onopen = () => {
console.log('Connected to WebSocket');
-
+
// Generate and send random audio bytes
// You can replace this part with a function
// that reads from your mic or other audio source
@@ -51,21 +51,21 @@ ws.onopen = () => {
ws.send(audioData);
console.log('Audio data sent');
};
-
+
ws.onmessage = (event) => {
// Transcription will be received here
// Add your custom logic to parse the data
console.log('Received:', event.data);
};
-
+
ws.onerror = (error) => {
console.error('WebSocket error:', error);
};
-
+
ws.onclose = () => {
console.log('WebSocket closed');
};
-
+
// Generate random audio data (1 second of noise at 44.1kHz, mono)
function generateRandomAudio() {
const sampleRate = 44100;
@@ -73,11 +73,11 @@ function generateRandomAudio() {
const numSamples = sampleRate * duration;
const buffer = new ArrayBuffer(numSamples * 2);
const view = new Int16Array(buffer);
-
+
for (let i = 0; i < numSamples; i++) {
view[i] = Math.floor(Math.random() * 65536 - 32768);
}
-
+
return buffer;
}
```
\ No newline at end of file
diff --git a/src/content/changelog/workers-ai/2025-11-25-flux-2-dev-workers-ai.mdx b/src/content/changelog/workers-ai/2025-11-25-flux-2-dev-workers-ai.mdx
index dc6814a67cd..aab413b9cf0 100644
--- a/src/content/changelog/workers-ai/2025-11-25-flux-2-dev-workers-ai.mdx
+++ b/src/content/changelog/workers-ai/2025-11-25-flux-2-dev-workers-ai.mdx
@@ -4,7 +4,7 @@ description: Partnering with Black Forest Labs to bring their latest FLUX.2 mode
date: 2025-11-25
---
-We've partnered with Black Forest Labs (BFL) to bring their latest FLUX.2 [dev] model to Workers AI! This model excels in generating high-fidelity images with physical world grounding, multi-language support, and digital asset creation. You can also create specific super images with granular controls like JSON prompting.
+We've partnered with Black Forest Labs (BFL) to bring their latest FLUX.2 [dev] model to Workers AI! This model excels in generating high-fidelity images with physical world grounding, multi-language support, and digital asset creation. You can also create specific super images with granular controls like JSON prompting.
Read the [BFL blog](https://bfl.ai/flux2) to learn more about the model itself. Read our [Cloudflare blog](https://blog.cloudflare.com/flux-2-workers-ai) to see the model in action, or try it out yourself on our [multi modal playground](https://multi-modal.ai.cloudflare.com/).
@@ -106,20 +106,20 @@ Through Workers AI Binding:
async function streamToBlob(stream: ReadableStream, contentType: string): Promise {
const reader = stream.getReader();
const chunks = [];
-
+
while (true) {
const { done, value } = await reader.read();
if (done) break;
chunks.push(value);
}
-
+
return new Blob(chunks, { type: contentType });
}
const image0 = await fetch("http://image-url");
const image1 = await fetch("http://image-url");
const form = new FormData();
-
+
const image_blob0 = await streamToBlob(image0.body, "image/png");
const image_blob1 = await streamToBlob(image1.body, "image/png");
form.append('input_image_0', image_blob0)
@@ -134,7 +134,7 @@ const formRequest = new Request('http://dummy', {
});
const formStream = formRequest.body;
const formContentType = formRequest.headers.get('content-type') || 'multipart/form-data';
-
+
const resp = await env.AI.run("@cf/black-forest-labs/flux-2-dev", {
multipart: {
body: form,
@@ -164,19 +164,19 @@ The model supports prompting in JSON to get more granular control over images. Y
"items": {
"type": "object",
"properties": {
- "type": {
- "type": "string",
- "description": "Type of subject (e.g., desert nomad, blacksmith, DJ, falcon)"
+ "type": {
+ "type": "string",
+ "description": "Type of subject (e.g., desert nomad, blacksmith, DJ, falcon)"
},
- "description": {
- "type": "string",
- "description": "Physical attributes, clothing, accessories"
+ "description": {
+ "type": "string",
+ "description": "Physical attributes, clothing, accessories"
},
- "pose": {
- "type": "string",
- "description": "Action or stance"
+ "pose": {
+ "type": "string",
+ "description": "Action or stance"
},
- "position": {
+ "position": {
"type": "string",
"enum": ["foreground", "midground", "background"],
"description": "Depth placement in scene"
@@ -229,33 +229,33 @@ The model supports prompting in JSON to get more granular control over images. Y
"camera": {
"type": "object",
"properties": {
- "angle": {
+ "angle": {
"type": "string",
"enum": ["eye level", "low angle", "slightly low", "bird's-eye", "worm's-eye", "over-the-shoulder", "isometric"],
"description": "Camera perspective"
},
- "distance": {
+ "distance": {
"type": "string",
"enum": ["close-up", "medium close-up", "medium shot", "medium wide", "wide shot", "extreme wide"],
"description": "Framing distance"
},
- "focus": {
+ "focus": {
"type": "string",
"enum": ["deep focus", "macro focus", "selective focus", "sharp on subject", "soft background"],
"description": "Focus type"
},
- "lens": {
+ "lens": {
"type": "string",
"enum": ["14mm", "24mm", "35mm", "50mm", "70mm", "85mm"],
"description": "Focal length (wide to telephoto)"
},
- "f-number": {
- "type": "string",
- "description": "Aperture (e.g., f/2.8, the smaller the number the more blurry the background)"
+ "f-number": {
+ "type": "string",
+ "description": "Aperture (e.g., f/2.8, the smaller the number the more blurry the background)"
},
- "ISO": {
- "type": "number",
- "description": "Light sensitivity value (comfortable range between 100 & 6400, lower = less sensitivity)"
+ "ISO": {
+ "type": "number",
+ "description": "Light sensitivity value (comfortable range between 100 & 6400, lower = less sensitivity)"
}
}
},
diff --git a/src/content/changelog/workers/2025-02-07-new-ways-to-get-started-on-workers.mdx b/src/content/changelog/workers/2025-02-07-new-ways-to-get-started-on-workers.mdx
index ad672d11844..f32fe3b353c 100644
--- a/src/content/changelog/workers/2025-02-07-new-ways-to-get-started-on-workers.mdx
+++ b/src/content/changelog/workers/2025-02-07-new-ways-to-get-started-on-workers.mdx
@@ -8,13 +8,13 @@ date: 2025-02-07 00:00:00 UTC
-You can now create a Worker by:
-* **Importing a Git repository**: Choose an existing Git repo on your GitHub/GitLab account and set up [Workers Builds](/workers/ci-cd/builds/configuration/) to deploy your Worker.
-* **Deploying a template with Git**: Choose from a brand new selection of production ready [examples](https://github.com/cloudflare/templates) to help you get started with popular frameworks like [Astro](https://astro.build/), [Remix](https://remix.run/) and [Next](https://nextjs.org/) or build stateful applications with Cloudflare resources like [D1 databases](/d1/), [Workers AI](/workers-ai/) or [Durable Objects](/durable-objects/)! When you're ready to deploy, Cloudflare will set up your project by cloning the template to your GitHub/GitLab account, provisioning any required [resources](/workers/runtime-apis/bindings/) and deploying your Worker.
+You can now create a Worker by:
+* **Importing a Git repository**: Choose an existing Git repo on your GitHub/GitLab account and set up [Workers Builds](/workers/ci-cd/builds/configuration/) to deploy your Worker.
+* **Deploying a template with Git**: Choose from a brand new selection of production ready [examples](https://github.com/cloudflare/templates) to help you get started with popular frameworks like [Astro](https://astro.build/), [Remix](https://remix.run/) and [Next](https://nextjs.org/) or build stateful applications with Cloudflare resources like [D1 databases](/d1/), [Workers AI](/workers-ai/) or [Durable Objects](/durable-objects/)! When you're ready to deploy, Cloudflare will set up your project by cloning the template to your GitHub/GitLab account, provisioning any required [resources](/workers/runtime-apis/bindings/) and deploying your Worker.
-With every push to your chosen branch, Cloudflare will automatically build and deploy your Worker.
+With every push to your chosen branch, Cloudflare will automatically build and deploy your Worker.
To get started, go to the [Workers dashboard](https://dash.cloudflare.com/?to=/:account/workers-and-pages/create).
-These new features are available today in the Cloudflare dashboard to a subset of Cloudflare customers, and will be coming to all customers in the next few weeks. Don't see it in your dashboard, but want early access? Add your Cloudflare Account ID to [this form](https://forms.gle/U1qhkF2snNJDGJJa9).
+These new features are available today in the Cloudflare dashboard to a subset of Cloudflare customers, and will be coming to all customers in the next few weeks. Don't see it in your dashboard, but want early access? Add your Cloudflare Account ID to [this form](https://forms.gle/U1qhkF2snNJDGJJa9).
diff --git a/src/content/changelog/workers/2025-04-08-deploy-to-cloudflare-button.mdx b/src/content/changelog/workers/2025-04-08-deploy-to-cloudflare-button.mdx
index d24d77883df..5cf9c732ce2 100644
--- a/src/content/changelog/workers/2025-04-08-deploy-to-cloudflare-button.mdx
+++ b/src/content/changelog/workers/2025-04-08-deploy-to-cloudflare-button.mdx
@@ -1,28 +1,28 @@
---
title: Deploy a Workers application in seconds with one-click
-description: You can now add a Deploy to Cloudflare button to your repository's README to help other developers set up and deploy your project.
+description: You can now add a Deploy to Cloudflare button to your repository's README to help other developers set up and deploy your project.
products:
- workers
date: 2025-04-08 00:00:00 UTC
---
-You can now add a [Deploy to Cloudflare](/workers/platform/deploy-buttons/) button to the README of your Git repository containing a Workers application — making it simple for other developers to quickly set up and deploy your project!
+You can now add a [Deploy to Cloudflare](/workers/platform/deploy-buttons/) button to the README of your Git repository containing a Workers application — making it simple for other developers to quickly set up and deploy your project!
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/templates/tree/main/saas-admin-template)
-The Deploy to Cloudflare button:
-1. **Creates a new Git repository on your GitHub/ GitLab account**: Cloudflare will automatically clone and create a new repository on your account, so you can continue developing.
-2. **Automatically provisions resources the app needs**: If your repository requires Cloudflare primitives like a [Workers KV namespace](/kv/), a [D1 database](/d1/), or an [R2 bucket](/r2/), Cloudflare will automatically provision them on your account and bind them to your Worker upon deployment.
+The Deploy to Cloudflare button:
+1. **Creates a new Git repository on your GitHub/ GitLab account**: Cloudflare will automatically clone and create a new repository on your account, so you can continue developing.
+2. **Automatically provisions resources the app needs**: If your repository requires Cloudflare primitives like a [Workers KV namespace](/kv/), a [D1 database](/d1/), or an [R2 bucket](/r2/), Cloudflare will automatically provision them on your account and bind them to your Worker upon deployment.
3. **Configures Workers Builds (CI/CD)**: Every new push to your production branch on your newly created repository will automatically build and deploy courtesy of [Workers Builds](/workers/ci-cd/builds/).
-4. **Adds preview URLs to each pull request**: If you'd like to test your changes before deploying, you can push changes to a [non-production branch](/workers/ci-cd/builds/build-branches/#configure-non-production-branch-builds) and [preview URLs](/workers/configuration/previews/) will be generated and [posted back to GitHub as a comment](/workers/ci-cd/builds/git-integration/github-integration/#pull-request-comment).
+4. **Adds preview URLs to each pull request**: If you'd like to test your changes before deploying, you can push changes to a [non-production branch](/workers/ci-cd/builds/build-branches/#configure-non-production-branch-builds) and [preview URLs](/workers/configuration/previews/) will be generated and [posted back to GitHub as a comment](/workers/ci-cd/builds/git-integration/github-integration/#pull-request-comment).
-To create a Deploy to Cloudflare button in your README, you can add the following snippet, including your Git repository URL:
+To create a Deploy to Cloudflare button in your README, you can add the following snippet, including your Git repository URL:
```md
[](https://deploy.workers.cloudflare.com/?url=)
```
-Check out our [documentation](/workers/platform/deploy-buttons/) for more information on how to set up a deploy button for your application and best practices to ensure a successful deployment for other developers.
+Check out our [documentation](/workers/platform/deploy-buttons/) for more information on how to set up a deploy button for your application and best practices to ensure a successful deployment for other developers.
diff --git a/src/content/changelog/workers/2025-06-05-open-next-size.mdx b/src/content/changelog/workers/2025-06-05-open-next-size.mdx
index dc09195d363..f812ab669e4 100644
--- a/src/content/changelog/workers/2025-06-05-open-next-size.mdx
+++ b/src/content/changelog/workers/2025-06-05-open-next-size.mdx
@@ -15,4 +15,4 @@ This means that users will now see a decrease from 14 to 8MiB (2.3 to 1.6MiB gzi
Users only need to update to the latest version of `@opennextjs/cloudflare` to automatically benefit from these improvements.
Note that we published [CVE-2005-6087](https://github.com/opennextjs/opennextjs-cloudflare/security/advisories/GHSA-rvpw-p7vw-wj3m) for a SSRF vulnerability in the `@opennextjs/cloudflare` package.
-The vulnerability has been fixed from `@opennextjs/cloudflare` v1.3.0 onwards. Please update to any version after this one.
+The vulnerability has been fixed from `@opennextjs/cloudflare` v1.3.0 onwards. Please update to any version after this one.
diff --git a/src/content/changelog/workers/2025-08-04-builds-increased-disk-size.mdx b/src/content/changelog/workers/2025-08-04-builds-increased-disk-size.mdx
index 69b92f1517e..b698527b0c0 100644
--- a/src/content/changelog/workers/2025-08-04-builds-increased-disk-size.mdx
+++ b/src/content/changelog/workers/2025-08-04-builds-increased-disk-size.mdx
@@ -4,7 +4,7 @@ description: Increased the available disk space for Workers Builds from 8 GB to
- workers
date: 2025-08-04T01:00:00Z
---
-As part of the ongoing open beta for [Workers Builds](/workers/ci-cd/builds/), we’ve increased the available disk space for builds from **8 GB** to **20 GB** for both Free and Paid plans.
+As part of the ongoing open beta for [Workers Builds](/workers/ci-cd/builds/), we’ve increased the available disk space for builds from **8 GB** to **20 GB** for both Free and Paid plans.
This provides more space for larger projects, dependencies, and build artifacts while improving overall build reliability.
diff --git a/src/content/changelog/workers/2025-08-08-support-long-branch-names-preview-aliases.mdx b/src/content/changelog/workers/2025-08-08-support-long-branch-names-preview-aliases.mdx
index 4b869cc6a72..25b61e49d7e 100644
--- a/src/content/changelog/workers/2025-08-08-support-long-branch-names-preview-aliases.mdx
+++ b/src/content/changelog/workers/2025-08-08-support-long-branch-names-preview-aliases.mdx
@@ -19,7 +19,7 @@ Now, Cloudflare automatically truncates long branch names and appends a unique h
- **Hash generation**: The hash is derived from the full branch name to ensure uniqueness
- **Stable URLs**: The same branch always generates the same hash across all commits
-## Requirements and compatibility
+## Requirements and compatibility
- **Wrangler 4.30.0 or later**: This feature requires updating to wrangler@4.30.0+
- **No configuration needed**: Works automatically with existing preview URL setups
\ No newline at end of file
diff --git a/src/content/changelog/workers/2025-08-14-workers-terraform-and-sdk-improvements.mdx b/src/content/changelog/workers/2025-08-14-workers-terraform-and-sdk-improvements.mdx
index 71100f87446..824bd515c2f 100644
--- a/src/content/changelog/workers/2025-08-14-workers-terraform-and-sdk-improvements.mdx
+++ b/src/content/changelog/workers/2025-08-14-workers-terraform-and-sdk-improvements.mdx
@@ -128,6 +128,6 @@ await cf.kv.namespaces.values.update("my-kv-namespace", "key1", {
const value = await c.env.KV.get<{hello: string}>("key1", "json");
```
-You'd get back this: `{metadata:'my metadata', value:"{'hello':'world'}"}` instead of the correct value of `{hello: 'world'}`
+You'd get back this: `{metadata:'my metadata', value:"{'hello':'world'}"}` instead of the correct value of `{hello: 'world'}`
This is fixed in cloudflare-typescript 4.5.0 and will be fixed in cloudflare-python 4.4.0.
diff --git a/src/content/changelog/workers/2025-08-15-static-assets-redirect-url.mdx b/src/content/changelog/workers/2025-08-15-static-assets-redirect-url.mdx
index 26a69c93645..5ec56c8d385 100644
--- a/src/content/changelog/workers/2025-08-15-static-assets-redirect-url.mdx
+++ b/src/content/changelog/workers/2025-08-15-static-assets-redirect-url.mdx
@@ -3,7 +3,7 @@ title: 'Workers Static Assets: Corrected handling of double slashes in redirect
description: Corrected handling of double slashes in redirect rule paths
date: 2025-08-15
---
-
-[Static Assets](/workers/static-assets/): Fixed a bug in how [redirect rules](https://developers.cloudflare.com/workers/static-assets/redirects/) defined in your Worker's `_redirects` file are processed.
+
+[Static Assets](/workers/static-assets/): Fixed a bug in how [redirect rules](https://developers.cloudflare.com/workers/static-assets/redirects/) defined in your Worker's `_redirects` file are processed.
If you're serving Static Assets with a `_redirects` file containing a rule like `/ja/* /:splat`, paths with double slashes were previously misinterpreted as external URLs. For example, visiting `/ja//example.com` would incorrectly redirect to `https://example.com` instead of `/example.com` on your domain. This has been fixed and double slashes now correctly resolve as local paths. Note: [Cloudflare Pages](/pages/) was not affected by this issue.
diff --git a/src/content/changelog/workers/2025-09-07-builds-increased-cpu-paid.mdx b/src/content/changelog/workers/2025-09-07-builds-increased-cpu-paid.mdx
index 8226df15cb8..21db9acdcf3 100644
--- a/src/content/changelog/workers/2025-09-07-builds-increased-cpu-paid.mdx
+++ b/src/content/changelog/workers/2025-09-07-builds-increased-cpu-paid.mdx
@@ -4,7 +4,7 @@ description: Increased the available vCPU for Workers Builds from 2 to 4 vCPUs f
- workers
date: 2025-09-18
---
-We recently [increased the available disk space](/changelog/2025-08-04-builds-increased-disk-size/) from 8 GB to 20 GB for **all** plans. Building on that improvement, we’re now doubling the CPU power available for paid plans — from 2 vCPU to **4 vCPU**.
+We recently [increased the available disk space](/changelog/2025-08-04-builds-increased-disk-size/) from 8 GB to 20 GB for **all** plans. Building on that improvement, we’re now doubling the CPU power available for paid plans — from 2 vCPU to **4 vCPU**.
These changes continue our focus on making [Workers Builds](/workers/ci-cd/builds/) faster and more reliable.
@@ -13,7 +13,7 @@ These changes continue our focus on making [Workers Builds](/workers/ci-cd/build
| CPU | 2 vCPU | **4 vCPU** |
## Performance Improvements
-- **Fast build times**: Even single-threaded workloads benefit from having more vCPUs
+- **Fast build times**: Even single-threaded workloads benefit from having more vCPUs
- **2x faster multi-threaded builds**: Tools like [esbuild](https://esbuild.github.io/) and [webpack](https://webpack.js.org/) can now utilize additional cores, delivering near-linear performance scaling
All other [build limits](/workers/ci-cd/builds/limits-and-pricing/) — including memory, build minutes, and timeout remain unchanged.
\ No newline at end of file
diff --git a/src/content/changelog/workers/2025-09-11-increased-version-rollback-limit.mdx b/src/content/changelog/workers/2025-09-11-increased-version-rollback-limit.mdx
index ad92d184dcd..2cfa86690d6 100644
--- a/src/content/changelog/workers/2025-09-11-increased-version-rollback-limit.mdx
+++ b/src/content/changelog/workers/2025-09-11-increased-version-rollback-limit.mdx
@@ -7,12 +7,12 @@ date: 2025-09-11
---
The number of recent versions available for a Worker rollback has been increased from 10 to 100.
-This allows you to:
+This allows you to:
-* Promote any of the 100 most recent versions to be the active deployment.
+* Promote any of the 100 most recent versions to be the active deployment.
* Split traffic using [gradual deployments](/workers/configuration/versions-and-deployments/gradual-deployments/) between your latest code and any of the 100 most recent versions.
You can do this through the Cloudflare dashboard or with [Wrangler's rollback command](/workers/wrangler/commands/general/#rollback)
-Learn more about [versioned deployments](/workers/configuration/versions-and-deployments/) and [rollbacks](/workers/configuration/versions-and-deployments/rollbacks/).
+Learn more about [versioned deployments](/workers/configuration/versions-and-deployments/) and [rollbacks](/workers/configuration/versions-and-deployments/rollbacks/).
diff --git a/src/content/changelog/workers/2025-09-17-update-preview-url-setting.mdx b/src/content/changelog/workers/2025-09-17-update-preview-url-setting.mdx
index b43c774dfed..1138b2c2afc 100644
--- a/src/content/changelog/workers/2025-09-17-update-preview-url-setting.mdx
+++ b/src/content/changelog/workers/2025-09-17-update-preview-url-setting.mdx
@@ -1,11 +1,11 @@
---
title: Preview URLs now default to opt-in
-description: We performed a one-time update to disable preview URLs on Workers with workers.dev disabled to require an explicit opt-in.
+description: We performed a one-time update to disable preview URLs on Workers with workers.dev disabled to require an explicit opt-in.
date: 2025-09-17
---
import { WranglerConfig, Aside } from "~/components";
-To prevent the accidental exposure of applications, we've updated how [Worker preview URLs](/workers/configuration/previews/) (`-..workers.dev`) are handled. We made this change to ensure preview URLs are only active when intentionally configured, improving the default security posture of your Workers.
+To prevent the accidental exposure of applications, we've updated how [Worker preview URLs](/workers/configuration/previews/) (`-..workers.dev`) are handled. We made this change to ensure preview URLs are only active when intentionally configured, improving the default security posture of your Workers.
## One-Time Update for Workers with workers.dev Disabled
We performed a one-time update to disable preview URLs for existing Workers where the [workers.dev subdomain](/workers/configuration/routing/workers-dev/) was also disabled.
diff --git a/src/content/changelog/workers/2025-09-19-ratelimit-workers-ga.mdx b/src/content/changelog/workers/2025-09-19-ratelimit-workers-ga.mdx
index f4d8ebd421f..2e03e6d00a5 100644
--- a/src/content/changelog/workers/2025-09-19-ratelimit-workers-ga.mdx
+++ b/src/content/changelog/workers/2025-09-19-ratelimit-workers-ga.mdx
@@ -5,8 +5,8 @@ products:
- workers
date: 2025-09-19
---
-
-[Rate Limiting within Cloudflare Workers](/workers/runtime-apis/bindings/rate-limit/) is now Generally Available (GA).
+
+[Rate Limiting within Cloudflare Workers](/workers/runtime-apis/bindings/rate-limit/) is now Generally Available (GA).
The `ratelimit` binding is now stable and recommended for all production workloads. Existing deployments using the unsafe binding will continue to function to allow for a smooth transition.
diff --git a/src/content/changelog/workers/2025-09-23-wrangler-dev-multi-config-cross-command-support.mdx b/src/content/changelog/workers/2025-09-23-wrangler-dev-multi-config-cross-command-support.mdx
index 0af736a78a8..0a7ef296ff9 100644
--- a/src/content/changelog/workers/2025-09-23-wrangler-dev-multi-config-cross-command-support.mdx
+++ b/src/content/changelog/workers/2025-09-23-wrangler-dev-multi-config-cross-command-support.mdx
@@ -13,7 +13,7 @@ wrangler dev --config ./web/wrangler.jsonc --config ./api/wrangler.jsonc
```
Previously, if you ran the command above and then also ran wrangler dev for a different Worker, the Workers running in separate wrangler dev sessions could not communicate with each other. This prevented you from being able to use [Service Bindings](https://developers.cloudflare.com/workers/runtime-apis/bindings/service-bindings/) and [Tail Workers](https://developers.cloudflare.com/workers/observability/logs/tail-workers/) in local development, when running separate wrangler dev sessions.
-
+
Now, the following works as expected:
```sh
diff --git a/src/content/changelog/workers/2025-09-26-analytics-engine-sql-enhancements.mdx b/src/content/changelog/workers/2025-09-26-analytics-engine-sql-enhancements.mdx
index 811b7c54cb4..0f57532bb61 100644
--- a/src/content/changelog/workers/2025-09-26-analytics-engine-sql-enhancements.mdx
+++ b/src/content/changelog/workers/2025-09-26-analytics-engine-sql-enhancements.mdx
@@ -1,15 +1,15 @@
---
title: Workers Analytics Engine adds supports for new SQL functions
-description: Workers Analytics Engine now supports additional SQL functions including new mathematical operations, aggregate functions, and bit functions!
+description: Workers Analytics Engine now supports additional SQL functions including new mathematical operations, aggregate functions, and bit functions!
date: 2025-10-02
products:
- workers-analytics-engine
---
You can now perform more powerful queries directly in [Workers Analytics Engine](https://developers.cloudflare.com/analytics/analytics-engine/) with a major expansion of our SQL function library.
-Workers Analytics Engine allows you to ingest and store high-cardinality data at scale (such as custom analytics) and query your data through a simple SQL API.
+Workers Analytics Engine allows you to ingest and store high-cardinality data at scale (such as custom analytics) and query your data through a simple SQL API.
-Today, we've expanded Workers Analytics Engine's SQL capabilities with several new functions:
+Today, we've expanded Workers Analytics Engine's SQL capabilities with several new functions:
[**New aggregate functions:**](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/aggregate-functions/)
- `argMin()` - Returns the value associated with the minimum in a group
@@ -35,7 +35,7 @@ Today, we've expanded Workers Analytics Engine's SQL capabilities with several n
[**New mathematical functions:**](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/mathematical-functions/)
- `abs()` - Returns the absolute value of a number
- `log()` - Computes the natural logarithm of a number
-- `round()` - Rounds a number to a specified number of decimal places
+- `round()` - Rounds a number to a specified number of decimal places
- `ceil()` - Rounds a number up to the nearest integer
- `floor()` - Rounds a number down to the nearest integer
- `pow()` - Returns a number raised to the power of another number
@@ -46,11 +46,11 @@ Today, we've expanded Workers Analytics Engine's SQL capabilities with several n
[**New encoding functions:**](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/encoding-functions/)
- `hex()` - Converts a number to its hexadecimal representation
-- `bin()` - Converts a string to its binary representation
+- `bin()` - Converts a string to its binary representation
[**New type conversion functions:**](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/type-conversion-functions/)
- `toUInt8()` - Converts any numeric expression, or expression resulting in a string representation of a decimal, into an unsigned 8 bit integer
-## Ready to get started?
-Whether you're building usage-based billing systems, customer analytics dashboards, or other custom analytics, these functions let you get the most out of your data. [Get started ](/analytics/analytics-engine/get-started/) with Workers Analytics Engine and explore all available functions in our [SQL reference documentation](/analytics/analytics-engine/sql-reference/).
+## Ready to get started?
+Whether you're building usage-based billing systems, customer analytics dashboards, or other custom analytics, these functions let you get the most out of your data. [Get started ](/analytics/analytics-engine/get-started/) with Workers Analytics Engine and explore all available functions in our [SQL reference documentation](/analytics/analytics-engine/sql-reference/).
diff --git a/src/content/changelog/workers/2025-10-23-preview-url-default-behavior.mdx b/src/content/changelog/workers/2025-10-23-preview-url-default-behavior.mdx
index 7e4144ec5e2..384b679123e 100644
--- a/src/content/changelog/workers/2025-10-23-preview-url-default-behavior.mdx
+++ b/src/content/changelog/workers/2025-10-23-preview-url-default-behavior.mdx
@@ -12,7 +12,7 @@ This change is intended to provide a more intuitive and secure experience by ali
- **If your workers.dev route is enabled and you do not explicitly set Preview URLs to enabled or disabled:** Preview URLs will default to enabled
- **If your workers.dev route is disabled and you do not explicitly set Preview URLs to enabled or disabled:** Preview URLs will default to disabled
-You can override the default setting by explicitly enabling or disabling the preview URL in your Worker's configuration through the [API](/api/resources/workers/subresources/scripts/subresources/subdomain/), [Dashboard](/workers/configuration/previews/#from-the-dashboard), or [Wrangler](/workers/configuration/previews/#from-the-wrangler-configuration-file).
+You can override the default setting by explicitly enabling or disabling the preview URL in your Worker's configuration through the [API](/api/resources/workers/subresources/scripts/subresources/subdomain/), [Dashboard](/workers/configuration/previews/#from-the-dashboard), or [Wrangler](/workers/configuration/previews/#from-the-wrangler-configuration-file).
**Wrangler Version Behavior**
@@ -27,7 +27,7 @@ In July, [we introduced preview URLs to Workers](/changelog/2025-07-23-workers-p
To address this, we made a [one-time update](/changelog/2025-09-17-update-preview-url-setting/) to disable preview URLs on existing Workers that had their workers.dev route disabled and changed the default behavior to be disabled for all new deployments where a preview URL setting was not explicitly configured.
-While this change helped secure many customers, it was disruptive for customers who keep their `workers.dev` route enabled and actively use the preview functionality, as it now required them to explicitly enable preview URLs on every redeployment.This new, more intuitive behavior ensures that your preview URL settings align with your `workers.dev` configuration by default, providing a more secure and predictable experience.
+While this change helped secure many customers, it was disruptive for customers who keep their `workers.dev` route enabled and actively use the preview functionality, as it now required them to explicitly enable preview URLs on every redeployment.This new, more intuitive behavior ensures that your preview URL settings align with your `workers.dev` configuration by default, providing a more secure and predictable experience.
**Securing access to `workers.dev` and preview URL endpoints**
diff --git a/src/content/changelog/workers/2025-10-24-automatic-resource-provisioning.mdx b/src/content/changelog/workers/2025-10-24-automatic-resource-provisioning.mdx
index 8d5b16c36bd..a4a42cacd64 100644
--- a/src/content/changelog/workers/2025-10-24-automatic-resource-provisioning.mdx
+++ b/src/content/changelog/workers/2025-10-24-automatic-resource-provisioning.mdx
@@ -10,7 +10,7 @@ import { Render, TypeScriptExample, WranglerConfig } from "~/components";
Previously, if you wanted to develop or deploy a worker with attached resources, you'd have to first manually create the desired resources. Now, if your Wrangler configuration file includes a KV namespace, D1 database, or R2 bucket that does not yet exist on your account, you can develop locally and deploy your application seamlessly, without having to run additional commands.
-Automatic provisioning is launching as an open beta, and we'd love to hear your feedback to help us make improvements! It currently works for KV, R2, and D1 bindings. You can disable the feature using the `--no-x-provision` flag.
+Automatic provisioning is launching as an open beta, and we'd love to hear your feedback to help us make improvements! It currently works for KV, R2, and D1 bindings. You can disable the feature using the `--no-x-provision` flag.
To use this feature, update to wrangler@4.45.0 and add bindings to your config file _without_ resource IDs e.g.:
diff --git a/src/content/changelog/workers/2025-11-12-analytics-engine-further-sql-enhancements.mdx b/src/content/changelog/workers/2025-11-12-analytics-engine-further-sql-enhancements.mdx
index aa66f983da2..6e7acdce43f 100644
--- a/src/content/changelog/workers/2025-11-12-analytics-engine-further-sql-enhancements.mdx
+++ b/src/content/changelog/workers/2025-11-12-analytics-engine-further-sql-enhancements.mdx
@@ -7,9 +7,9 @@ products:
---
You can now perform more powerful queries directly in [Workers Analytics Engine](https://developers.cloudflare.com/analytics/analytics-engine/) with a major expansion of our SQL function library.
-Workers Analytics Engine allows you to ingest and store high-cardinality data at scale (such as custom analytics) and query your data through a simple SQL API.
+Workers Analytics Engine allows you to ingest and store high-cardinality data at scale (such as custom analytics) and query your data through a simple SQL API.
-Today, we've expanded Workers Analytics Engine's SQL capabilities with several new functions:
+Today, we've expanded Workers Analytics Engine's SQL capabilities with several new functions:
[**New aggregate functions:**](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/aggregate-functions/)
- `countIf()` - count the number of rows which satisfy a provided condition
@@ -36,5 +36,5 @@ Today, we've expanded Workers Analytics Engine's SQL capabilities with several n
- `today()`
- `toYYYYMM()`
-## Ready to get started?
-Whether you're building usage-based billing systems, customer analytics dashboards, or other custom analytics, these functions let you get the most out of your data. [Get started ](/analytics/analytics-engine/get-started/) with Workers Analytics Engine and explore all available functions in our [SQL reference documentation](/analytics/analytics-engine/sql-reference/).
+## Ready to get started?
+Whether you're building usage-based billing systems, customer analytics dashboards, or other custom analytics, these functions let you get the most out of your data. [Get started ](/analytics/analytics-engine/get-started/) with Workers Analytics Engine and explore all available functions in our [SQL reference documentation](/analytics/analytics-engine/sql-reference/).
diff --git a/src/content/changelog/workers/2025-12-19-tanstack-start-prerendering.mdx b/src/content/changelog/workers/2025-12-19-tanstack-start-prerendering.mdx
index 2a6b5bff074..1d59e24695a 100644
--- a/src/content/changelog/workers/2025-12-19-tanstack-start-prerendering.mdx
+++ b/src/content/changelog/workers/2025-12-19-tanstack-start-prerendering.mdx
@@ -6,7 +6,7 @@ products:
date: 2025-12-19
---
-[TanStack Start](https://tanstack.com/start/) apps can now prerender routes to static HTML at build time with access to build time environment variables
+[TanStack Start](https://tanstack.com/start/) apps can now prerender routes to static HTML at build time with access to build time environment variables
and bindings, and serve them as [static assets](/workers/static-assets/). To enable prerendering, configure the `prerender` option of the TanStack Start plugin in your Vite config:
```ts title="vite.config.ts"
diff --git a/src/content/changelog/workers/2026-05-06-react-nextjs-vulnerabilities.mdx b/src/content/changelog/workers/2026-05-06-react-nextjs-vulnerabilities.mdx
index 47a711a702b..ffd136835ae 100644
--- a/src/content/changelog/workers/2026-05-06-react-nextjs-vulnerabilities.mdx
+++ b/src/content/changelog/workers/2026-05-06-react-nextjs-vulnerabilities.mdx
@@ -9,7 +9,7 @@ date: 2026-05-07 12:00:00 UTC
Multiple security vulnerabilities were disclosed by the React team and Vercel affecting React Server Components and Next.js. These include denial of service, middleware and proxy bypass, server-side request forgery, cross-site scripting, and cache poisoning issues across a range of severity levels.
-**We strongly recommend updating your application and its dependencies immediately.** Patched versions are available for React (`react-server-dom-webpack`, `react-server-dom-parcel`, and `react-server-dom-turbopack` `19.0.6`, `19.1.7`, and `19.2.6`) and Next.js (`15.5.16` and `16.2.5`).
+**We strongly recommend updating your application and its dependencies immediately.** Patched versions are available for React (`react-server-dom-webpack`, `react-server-dom-parcel`, and `react-server-dom-turbopack` `19.0.6`, `19.1.7`, and `19.2.6`) and Next.js (`15.5.16` and `16.2.5`).
## WAF protections
diff --git a/src/content/changelog/workflows/2025-10-28-raising-limits.mdx b/src/content/changelog/workflows/2025-10-28-raising-limits.mdx
index dbd052de60e..17cd43d31b1 100644
--- a/src/content/changelog/workflows/2025-10-28-raising-limits.mdx
+++ b/src/content/changelog/workflows/2025-10-28-raising-limits.mdx
@@ -12,6 +12,6 @@ We've raised the [Cloudflare Workflows](/workflows/) account-level limits for al
* **Instance creation rate** increased from 100 workflow instances per 10 seconds to 100 instances per second
* **Concurrency limit** increased from 4,500 to 10,000 workflow instances per account
-These increases mean you can create new instances up to 10x faster, and have more workflow instances concurrently executing. To learn more and get started with Workflows, refer to [the getting started guide](/workflows/get-started/guide/).
+These increases mean you can create new instances up to 10x faster, and have more workflow instances concurrently executing. To learn more and get started with Workflows, refer to [the getting started guide](/workflows/get-started/guide/).
If your application requires a higher limit, fill out the [Limit Increase Request Form](/workers/platform/limits/) or contact your account team. Please refer to [Workflows pricing](/workflows/reference/pricing/) for more information.
diff --git a/src/content/changelog/workflows/2026-05-01-dynamic-workflows.mdx b/src/content/changelog/workflows/2026-05-01-dynamic-workflows.mdx
index 4afac919aa7..93eb4609614 100644
--- a/src/content/changelog/workflows/2026-05-01-dynamic-workflows.mdx
+++ b/src/content/changelog/workflows/2026-05-01-dynamic-workflows.mdx
@@ -7,15 +7,15 @@ products:
date: 2026-05-01
---
-You can now use [`@cloudflare/dynamic-workflows`](https://github.com/cloudflare/dynamic-workflows) to run a [Workflow](/workflows/) inside a [Dynamic Worker](/dynamic-workers/), ensuring durable execution for code that is loaded at runtime.
+You can now use [`@cloudflare/dynamic-workflows`](https://github.com/cloudflare/dynamic-workflows) to run a [Workflow](/workflows/) inside a [Dynamic Worker](/dynamic-workers/), ensuring durable execution for code that is loaded at runtime.
The Worker Loader loads Dynamic Workers on demand, which previously made durability challenging. Even within a Dynamic Worker, a Workflow might sleep for hours or days between steps, and by the time it resumes, the original Dynamic Worker code would no longer be in memory.
-The library solves this by tagging each Workflow instance with metadata that identifies which Dynamic Worker to load — for example, a tenant ID — then reloading the matching Dynamic Worker through the Worker Loader whenever a Workflow awakens.
+The library solves this by tagging each Workflow instance with metadata that identifies which Dynamic Worker to load — for example, a tenant ID — then reloading the matching Dynamic Worker through the Worker Loader whenever a Workflow awakens.
Because Dynamic Workers are created on-demand, you do not have to register each Workflow up front or manage them individually. Load the Workflow code in the Dynamic Worker when it is needed, and the Workflows engine handles persistence and retries behind the scenes. Your Workflow code itself is unaffected by the routing and behaves as normal.
-This unlocks patterns where the Workflow code itself is dynamic. For example, this is useful with:
+This unlocks patterns where the Workflow code itself is dynamic. For example, this is useful with:
- **SaaS platforms** where each tenant defines their own automation, such as onboarding sequences, approval chains, or billing retry logic.
- **AI agent frameworks** where agents generate and execute multi-step plans at runtime, surviving restarts and waiting for human approval between tool calls.
diff --git a/src/content/docs/agents/examples/voice-agent.mdx b/src/content/docs/agents/examples/voice-agent.mdx
index 2c8df8e0f91..a65444337c8 100644
--- a/src/content/docs/agents/examples/voice-agent.mdx
+++ b/src/content/docs/agents/examples/voice-agent.mdx
@@ -209,7 +209,7 @@ function App() {
{metrics && (
- LLM: {metrics.llm_ms}ms | TTS: {metrics.tts_ms}ms | First audio:{" "}
+ LLM: {metrics.llm_ms}ms | TTS: {metrics.tts_ms}ms | First audio:
{metrics.first_audio_ms}ms
)}
diff --git a/src/content/docs/ai-gateway/configuration/authentication.mdx b/src/content/docs/ai-gateway/configuration/authentication.mdx
index 780ade1a3e2..2663d337893 100644
--- a/src/content/docs/ai-gateway/configuration/authentication.mdx
+++ b/src/content/docs/ai-gateway/configuration/authentication.mdx
@@ -65,8 +65,8 @@ const openai = createOpenAI({
## Expected behavior
:::note
-When an AI Gateway is accessed from a Cloudflare Worker using a **binding**, the `cf-aig-authorization` header does not need to be manually included.
-Requests made through bindings are **pre-authenticated** within the associated Cloudflare account.
+When an AI Gateway is accessed from a Cloudflare Worker using a **binding**, the `cf-aig-authorization` header does not need to be manually included.
+Requests made through bindings are **pre-authenticated** within the associated Cloudflare account.
:::
The following table outlines gateway behavior based on the authentication settings and header status:
diff --git a/src/content/docs/ai-gateway/features/dynamic-routing/usage.mdx b/src/content/docs/ai-gateway/features/dynamic-routing/usage.mdx
index 72c2fa37068..c3f834a1e95 100644
--- a/src/content/docs/ai-gateway/features/dynamic-routing/usage.mdx
+++ b/src/content/docs/ai-gateway/features/dynamic-routing/usage.mdx
@@ -92,7 +92,7 @@ export default {
## Response Metadata
-The response from a dynamic route is the same as the response from a model. There is additional metadata used to notify the model and provider used, you can check the following headers
+The response from a dynamic route is the same as the response from a model. There is additional metadata used to notify the model and provider used, you can check the following headers
- `cf-aig-model` - The model used
- `cf-aig-provider` - The slug of provider used
diff --git a/src/content/docs/ai-gateway/tutorials/pruna-p-video.mdx b/src/content/docs/ai-gateway/tutorials/pruna-p-video.mdx
index 9f0277bdd3a..0eb2356a2a0 100644
--- a/src/content/docs/ai-gateway/tutorials/pruna-p-video.mdx
+++ b/src/content/docs/ai-gateway/tutorials/pruna-p-video.mdx
@@ -127,7 +127,7 @@ Keep polling until `status` is `succeeded` (or `failed`). When complete, the `ou
## Next steps
-From here you can:
+From here you can:
- Use [logging](/ai-gateway/observability/logging/) to monitor requests and debug issues.
- Set up [rate limiting](/ai-gateway/features/rate-limiting/) to control usage.
diff --git a/src/content/docs/ai-gateway/usage/providers/google-ai-studio.mdx b/src/content/docs/ai-gateway/usage/providers/google-ai-studio.mdx
index 7d986484bd9..28fb950507d 100644
--- a/src/content/docs/ai-gateway/usage/providers/google-ai-studio.mdx
+++ b/src/content/docs/ai-gateway/usage/providers/google-ai-studio.mdx
@@ -98,7 +98,7 @@ const ai = new GoogleGenAI({
baseUrl: `https://gateway.ai.cloudflare.com/v1/${account_id}/${gateway_name}/google-ai-studio`,
headers: {
'cf-aig-authorization': 'Bearer {cf_aig_token}',
- }
+ }
}
});
diff --git a/src/content/docs/ai/related-products/ai-gateway.mdx b/src/content/docs/ai/related-products/ai-gateway.mdx
index c868d2c8ec2..75063087b32 100644
--- a/src/content/docs/ai/related-products/ai-gateway.mdx
+++ b/src/content/docs/ai/related-products/ai-gateway.mdx
@@ -6,5 +6,5 @@ sidebar:
external_link: /ai-gateway/
products:
- ai
- - ai-gateway
+ - ai-gateway
---
diff --git a/src/content/docs/analytics/account-and-zone-analytics/account-analytics.mdx b/src/content/docs/analytics/account-and-zone-analytics/account-analytics.mdx
index 0d4aaf4a63b..8b1234e9cec 100644
--- a/src/content/docs/analytics/account-and-zone-analytics/account-analytics.mdx
+++ b/src/content/docs/analytics/account-and-zone-analytics/account-analytics.mdx
@@ -72,7 +72,7 @@ This panel features spark lines for various caching metrics, including: *request
-This panel displays spark lines for 4xx and 5xx error rates, respectively. Learn more about [HTTP Status Codes](/support/troubleshooting/http-status-codes/).
+This panel displays spark lines for 4xx and 5xx error rates, respectively. Learn more about [HTTP Status Codes](/support/troubleshooting/http-status-codes/).
#### Network
diff --git a/src/content/docs/analytics/account-and-zone-analytics/analytics-with-workers.mdx b/src/content/docs/analytics/account-and-zone-analytics/analytics-with-workers.mdx
index 76dccf882a4..ba9ad2530ea 100644
--- a/src/content/docs/analytics/account-and-zone-analytics/analytics-with-workers.mdx
+++ b/src/content/docs/analytics/account-and-zone-analytics/analytics-with-workers.mdx
@@ -36,9 +36,9 @@ For a breakdown of subrequest traffic (origin facing traffic), you may go to the
* If you are not currently using Workers (do not have Workers deployed on any routes or filters), we will not have any information to show you.
* If your Worker sends a static response back to the client without ever calling fetch() to an origin, you are not making any subrequests, thus, all traffic will be shown in zone Analytics
-**Will this impact billing?**
+**Will this impact billing?**
-No, [billing for Workers](/workers/platform/pricing/) is based on requests that go through a Worker.
+No, [billing for Workers](/workers/platform/pricing/) is based on requests that go through a Worker.
**Why am I seeing such a high cache hit ratio?**
diff --git a/src/content/docs/analytics/account-and-zone-analytics/zone-analytics.mdx b/src/content/docs/analytics/account-and-zone-analytics/zone-analytics.mdx
index 4daa2505504..4fe90056d4b 100644
--- a/src/content/docs/analytics/account-and-zone-analytics/zone-analytics.mdx
+++ b/src/content/docs/analytics/account-and-zone-analytics/zone-analytics.mdx
@@ -48,7 +48,7 @@ Below is a summary of each Analytics app tab.
#### Free plan
-These metrics include legitimate user requests as well as crawlers and threats. The HTTP Traffic tab features the following panels:
+These metrics include legitimate user requests as well as crawlers and threats. The HTTP Traffic tab features the following panels:
- **Web Traffic** - Displays metrics for _Requests_, _Bandwidth_, and _Unique Visitors_. If you are using Cloudflare Workers, subrequests data will not be visible in zone Traffic Analytics. Instead, you can find subrequests analytics under the **Workers & Pages** tab in the **Overview** section. Refer to [Worker Analytics](/analytics/account-and-zone-analytics/analytics-with-workers/#worker-analytics) for more information.
- **Web Traffic Requests by Country** - Is an interactive map that breaks down the number of requests by country. This panel also includes a data table for **Top Traffic Countries / Regions** that display the countries with the most number of requests (up to five, if the data exists).
@@ -123,4 +123,4 @@ This panel features metrics for Cloudflare Workers. To learn more, read [Cloudfl
### Logs
-The Logs tab is not a metrics feature. Instead, Customers in the Enterprise plan can enable the [Cloudflare Logs Logpush](/logs/logpush/) service. You can use Logpush to download and analyze data using any analytics tool of your choice.
+The Logs tab is not a metrics feature. Instead, Customers in the Enterprise plan can enable the [Cloudflare Logs Logpush](/logs/logpush/) service. You can use Logpush to download and analyze data using any analytics tool of your choice.
diff --git a/src/content/docs/analytics/analytics-engine/grafana.mdx b/src/content/docs/analytics/analytics-engine/grafana.mdx
index e6af88fd7a7..b13fc8a7d6c 100644
--- a/src/content/docs/analytics/analytics-engine/grafana.mdx
+++ b/src/content/docs/analytics/analytics-engine/grafana.mdx
@@ -35,8 +35,8 @@ SELECT
blob1 AS label,
SUM(_sample_interval * double1) / SUM(_sample_interval) AS average_metric
FROM dataset_name
-WHERE
- timestamp <= NOW()
+WHERE
+ timestamp <= NOW()
AND timestamp > NOW() - INTERVAL '1' DAY
GROUP BY blob1, t
ORDER BY t
diff --git a/src/content/docs/analytics/analytics-engine/pricing.mdx b/src/content/docs/analytics/analytics-engine/pricing.mdx
index 059f55deae8..bef373bc86e 100644
--- a/src/content/docs/analytics/analytics-engine/pricing.mdx
+++ b/src/content/docs/analytics/analytics-engine/pricing.mdx
@@ -23,7 +23,7 @@ Workers Analytics Engine is priced based on two metrics — data points written
Currently, you will not be billed for your use of Workers Analytics Engine. Pricing information here is shared in advance, so that you can estimate what your costs will be once Cloudflare starts billing for usage in the coming months.
-If you are an Enterprise customer, contact your account team for information about Workers Analytics Engine pricing and billing.
+If you are an Enterprise customer, contact your account team for information about Workers Analytics Engine pricing and billing.
:::
### Data points written
diff --git a/src/content/docs/analytics/graphql-api/features/confidence-intervals.mdx b/src/content/docs/analytics/graphql-api/features/confidence-intervals.mdx
index 2def716afc9..e7b861904a5 100644
--- a/src/content/docs/analytics/graphql-api/features/confidence-intervals.mdx
+++ b/src/content/docs/analytics/graphql-api/features/confidence-intervals.mdx
@@ -9,14 +9,14 @@ products:
- graphql-api
---
-Confidence intervals help assess accuracy and quantify uncertainty in results from sampled datasets. When querying sum or count fields on adaptive datasets, you can request a confidence interval to understand the possible range around an estimate. For example, specifying a confidence level of `0.95` returns the estimate, along with the range of values that likely contains the true value 95% of the time.
+Confidence intervals help assess accuracy and quantify uncertainty in results from sampled datasets. When querying sum or count fields on adaptive datasets, you can request a confidence interval to understand the possible range around an estimate. For example, specifying a confidence level of `0.95` returns the estimate, along with the range of values that likely contains the true value 95% of the time.
## Availability
- **Supported datasets**: Adaptive (sampled) datasets only.
- **Supported fields**: All `sum` and `count` fields.
-- **Usage**: Confidence `level` must be provided as a decimal between 0 and 1 (for example,`0.90`, `0.95`, `0.99`).
-- **Default**: If no confidence level is specified, intervals are not returned.
+- **Usage**: Confidence `level` must be provided as a decimal between 0 and 1 (for example,`0.90`, `0.95`, `0.99`).
+- **Default**: If no confidence level is specified, intervals are not returned.
## Usage example
@@ -54,9 +54,9 @@ query SingleDatasetWithConfidence($zoneTag: string, $start: Time, $end: Time) {
### Response
-The response includes the following values:
+The response includes the following values:
-- `estimate`: The estimated value, based on sampled data.
+- `estimate`: The estimated value, based on sampled data.
- `lower`: The lower bound of the confidence interval.
- `sampleSize`: The number of sampled data points used to calculate the estimate.
- `upper`: The upper bound of the confidence interval.
diff --git a/src/content/docs/analytics/graphql-api/features/sorting.mdx b/src/content/docs/analytics/graphql-api/features/sorting.mdx
index 40da7401acb..398978bde63 100644
--- a/src/content/docs/analytics/graphql-api/features/sorting.mdx
+++ b/src/content/docs/analytics/graphql-api/features/sorting.mdx
@@ -15,7 +15,7 @@ The default order for an aggregated dataset is by the fields on which the aggreg
:::note[Note]
-Ordering within nested structures is not supported.
+Ordering within nested structures is not supported.
:::
## Examples
diff --git a/src/content/docs/analytics/graphql-api/getting-started/index.mdx b/src/content/docs/analytics/graphql-api/getting-started/index.mdx
index 2ba6111561b..a357cbb2656 100644
--- a/src/content/docs/analytics/graphql-api/getting-started/index.mdx
+++ b/src/content/docs/analytics/graphql-api/getting-started/index.mdx
@@ -29,7 +29,7 @@ specific information, such as Firewall and Workers events, please refer to
[Tutorials][6].
:::note[Data unavailability: Customer Metadata Boundary configuration]
-
+
:::
[1]: /analytics/graphql-api/getting-started/authentication/
diff --git a/src/content/docs/analytics/graphql-api/tutorials/querying-access-login-events.mdx b/src/content/docs/analytics/graphql-api/tutorials/querying-access-login-events.mdx
index 4fbbc812304..3728e59d82c 100644
--- a/src/content/docs/analytics/graphql-api/tutorials/querying-access-login-events.mdx
+++ b/src/content/docs/analytics/graphql-api/tutorials/querying-access-login-events.mdx
@@ -65,7 +65,7 @@ https://api.cloudflare.com/client/v4/graphql \
:::note
-Rather than filter by `cfRayId`, you may also [filter](/analytics/graphql-api/features/filtering/) by any other field in the query such as `userUuid` or `deviceId`.
+Rather than filter by `cfRayId`, you may also [filter](/analytics/graphql-api/features/filtering/) by any other field in the query such as `userUuid` or `deviceId`.
:::
## Response
diff --git a/src/content/docs/analytics/index.mdx b/src/content/docs/analytics/index.mdx
index 8c9eca78825..28fcaab9bc5 100644
--- a/src/content/docs/analytics/index.mdx
+++ b/src/content/docs/analytics/index.mdx
@@ -20,19 +20,19 @@ Cloudflare visualizes the metadata collected by our products in the Cloudflare d
## Features
-Send unlimited-cardinality data from your Worker to a time-series database. Query it with SQL.
+Send unlimited-cardinality data from your Worker to a time-series database. Query it with SQL.
-Provides details about the requests and traffic related to your Cloudflare accounts and zones.
+Provides details about the requests and traffic related to your Cloudflare accounts and zones.
-Provides near real-time visibility into network and transport-layer traffic patterns and DDoS attacks.
+Provides near real-time visibility into network and transport-layer traffic patterns and DDoS attacks.
-Provides all of your performance, security, and reliability data from one endpoint. Select exactly what you need, from one metric for a domain to multiple metrics aggregated for your account.
+Provides all of your performance, security, and reliability data from one endpoint. Select exactly what you need, from one metric for a domain to multiple metrics aggregated for your account.
***
@@ -40,9 +40,9 @@ Provides all of your performance, security, and reliability data from one endpoi
## Related products
-Cloudflare Workers allows developers to build serverless applications and deploy instantly across the globe for exceptional performance, reliability, and scale.
+Cloudflare Workers allows developers to build serverless applications and deploy instantly across the globe for exceptional performance, reliability, and scale.
-Detailed logs that contain metadata generated by Cloudflare products helpful for debugging, identifying configuration adjustments, and creating analytics.
+Detailed logs that contain metadata generated by Cloudflare products helpful for debugging, identifying configuration adjustments, and creating analytics.
diff --git a/src/content/docs/analytics/sampling.mdx b/src/content/docs/analytics/sampling.mdx
index 815514bf779..f033f99202f 100644
--- a/src/content/docs/analytics/sampling.mdx
+++ b/src/content/docs/analytics/sampling.mdx
@@ -20,17 +20,17 @@ To make this possible, data is stored at multiple resolutions (100%, 10%, 1%), e
Cloudflare's data pipeline handles [over 700 million events per second](https://blog.cloudflare.com/how-we-make-sense-of-too-much-data) (and growing) across its global network. Processing and storing all this data in real-time would be prohibitively expensive and time-consuming. By leveraging carefully designed sampling methods, Cloudflare Analytics delivers accurate and actionable data, balancing precision with performance.
-Sampling enables:
+Sampling enables:
- **Scalability**: Reduces the volume of data processed without compromising insights.
- **Performance**: Speeds up query execution for analytics.
- **Cost-Efficiency**: Minimizes resource usage and storage needs.
-## Can I trust sampled data?
+## Can I trust sampled data?
Sampled data is highly reliable, and can provide insights that are as dependable as those derived from full datasets. Cloudflare designs sampling techniques to ensure we capture the essential characteristics of the entire dataset, delivering results you can trust.
-Sampling is an approach similarly used in other domains, for instance:
+Sampling is an approach similarly used in other domains, for instance:
- Google Maps: Just as online maps display lower-resolution images when zoomed out and higher-resolution images when zoomed in — keeping the total number of pixels relatively constant — Cloudflare Analytics dynamically adjusts sampling rates to efficiently provide insights, ensuring queries return consistent and accurate results regardless of dataset size.
@@ -44,19 +44,19 @@ In the near future, we plan to expose confidence intervals along with query resu
## Additional considerations
-**When sampling occurs**
+**When sampling occurs**
- Sampling is typically applied to very high-traffic datasets where full data analysis would be impractical.
- For smaller datasets, full data analysis is often performed without sampling.
-**Sampling rates**
+**Sampling rates**
- Sampling rates vary depending on the dataset and product.
- Cloudflare ensures that sampling rates are consistent within a single dataset to maintain accuracy across queries.
-**Impact on metrics**
+**Impact on metrics**
- While sampling reduces the volume of processed data, aggregated metrics like totals, averages, and percentiles are extrapolated based on the sample size. This ensures the reported metrics represent the entire dataset accurately.
**Limitations**
-- Sampling may not capture extremely rare events with very low occurrence rates.
+- Sampling may not capture extremely rare events with very low occurrence rates.
**Sampling in analytics interfaces**
- GraphQL API: Sampling metadata is included in the query response. For more information, refer to the sampling [GraphQL Analytics API](/analytics/graphql-api/sampling/) documentation.
diff --git a/src/content/docs/api-shield/management-and-monitoring/index.mdx b/src/content/docs/api-shield/management-and-monitoring/index.mdx
index 182cc0cab64..df2ec90e195 100644
--- a/src/content/docs/api-shield/management-and-monitoring/index.mdx
+++ b/src/content/docs/api-shield/management-and-monitoring/index.mdx
@@ -6,7 +6,7 @@ products:
- api-shield
sidebar:
order: 5
- group:
+ group:
hideIndex: true
---
diff --git a/src/content/docs/api-shield/reference/index.mdx b/src/content/docs/api-shield/reference/index.mdx
index d51edc25345..a7c345d779f 100644
--- a/src/content/docs/api-shield/reference/index.mdx
+++ b/src/content/docs/api-shield/reference/index.mdx
@@ -6,7 +6,7 @@ products:
- api-shield
sidebar:
order: 6
- group:
+ group:
hideIndex: true
---
diff --git a/src/content/docs/api-shield/reference/terraform.mdx b/src/content/docs/api-shield/reference/terraform.mdx
index 823b0b64274..6c99adbce22 100644
--- a/src/content/docs/api-shield/reference/terraform.mdx
+++ b/src/content/docs/api-shield/reference/terraform.mdx
@@ -62,7 +62,7 @@ resource "cloudflare_api_shield_operation" "get_image" {
host = "example.com"
endpoint = "/api/images/{var1}"
}
-
+
resource "cloudflare_api_shield_operation" "post_image" {
zone_id = var.zone_id
method = "POST"
@@ -75,7 +75,7 @@ resource "cloudflare_api_shield_operation" "post_image" {
:::note
-It is required to configure Endpoint Management if you want to set up Schema validation using Terraform.
+It is required to configure Endpoint Management if you want to set up Schema validation using Terraform.
:::
Refer to the example configuration below to manage [Schema validation](/api-shield/security/schema-validation/api/) on your zone.
@@ -90,13 +90,13 @@ resource "cloudflare_schema_validation_schemas" "example_schema" {
source = file("./schemas/example-schema.yaml")
validation_enabled = true
}
-
+
# Block all requests that violate schema by default
resource "cloudflare_schema_validation_settings" "zone_level_settings" {
zone_id = var.zone_id
validation_default_mitigation_action = "block"
}
-
+
# For endpoint post_image - only log requests that violate schema
resource "cloudflare_schema_validation_operation_settings" "post_image_log_only" {
zone_id = var.zone_id
diff --git a/src/content/docs/api-shield/security/sequence-mitigation/custom-rules.mdx b/src/content/docs/api-shield/security/sequence-mitigation/custom-rules.mdx
index 08a2a8da0c1..fa3472a1c9f 100644
--- a/src/content/docs/api-shield/security/sequence-mitigation/custom-rules.mdx
+++ b/src/content/docs/api-shield/security/sequence-mitigation/custom-rules.mdx
@@ -41,30 +41,30 @@ Each saved endpoint will have an endpoint ID visible in its details page in Endp
The visitor must wait more than 2 seconds after requesting endpoint `aaaaaaaa` before requesting endpoint `bbbbbbbb`:
```txt
-cf.sequence.current_op eq "bbbbbbbb" and
+cf.sequence.current_op eq "bbbbbbbb" and
cf.sequence.msec_since_op["aaaaaaaa"] ge 2000
```
The visitor must request endpoints `aaaaaaaa`, then `bbbbbbbb`, then `cccccccc` in that exact order:
```txt
-cf.sequence.current_op eq "cccccccc" and
-cf.sequence.previous_ops[0] == "bbbbbbbb" and
+cf.sequence.current_op eq "cccccccc" and
+cf.sequence.previous_ops[0] == "bbbbbbbb" and
cf.sequence.previous_ops[1] == "aaaaaaaa"
```
The visitor must request endpoint `aaaaaaaa` before endpoint `bbbbbbbb`, but endpoint `aaaaaaaa` can be anywhere in the previous 10 requests:
```txt
-cf.sequence.current_op eq "bbbbbbbb" and
+cf.sequence.current_op eq "bbbbbbbb" and
any(cf.sequence.previous_ops[*] == "aaaaaaaa")
```
The visitor must request either endpoint `aaaaaaaa` before endpoint `bbbbbbbb`, or endpoint `cccccccc` before endpoint `bbbbbbbb`:
```txt
-(cf.sequence.current_op eq "bbbbbbbb" and
-any(cf.sequence.previous_ops[*] == "aaaaaaaa")) or
-(cf.sequence.current_op eq "bbbbbbbb" and
+(cf.sequence.current_op eq "bbbbbbbb" and
+any(cf.sequence.previous_ops[*] == "aaaaaaaa")) or
+(cf.sequence.current_op eq "bbbbbbbb" and
any(cf.sequence.previous_ops[*] == "cccccccc"))
```
\ No newline at end of file
diff --git a/src/content/docs/api-shield/security/sequence-mitigation/index.mdx b/src/content/docs/api-shield/security/sequence-mitigation/index.mdx
index 184e0fe3410..d24e6ee7622 100644
--- a/src/content/docs/api-shield/security/sequence-mitigation/index.mdx
+++ b/src/content/docs/api-shield/security/sequence-mitigation/index.mdx
@@ -30,7 +30,7 @@ Using sequence mitigation, you can enforce that request pattern with two new seq
:::note
-You can create sequence mitigation rules for a sequence even if the sequence is not listed in [Sequence Analytics](/api-shield/security/sequence-analytics/).
+You can create sequence mitigation rules for a sequence even if the sequence is not listed in [Sequence Analytics](/api-shield/security/sequence-analytics/).
:::
## Process
diff --git a/src/content/docs/api-shield/security/volumetric-abuse-detection.mdx b/src/content/docs/api-shield/security/volumetric-abuse-detection.mdx
index ac20b0d3877..ce78e2f6775 100644
--- a/src/content/docs/api-shield/security/volumetric-abuse-detection.mdx
+++ b/src/content/docs/api-shield/security/volumetric-abuse-detection.mdx
@@ -27,7 +27,7 @@ Volumetric Abuse Detection rate limits are a way to prevent blatant volumetric a
Volumetric Abuse Detection analyzes your API's individual session traffic statistics to recommend per-endpoint, per-session rate limits.
-To access your endpoints:
+To access your endpoints:
Old dashboard: **Security** > **API Shield** > **Endpoint Management**
@@ -47,7 +47,7 @@ Thresholds are suggested only for endpoints that satisfy all of the following re
After adding a session identifier, allow 24 hours for rate limit recommendations to appear on endpoints in the Cloudflare dashboard.
-### Rate limiting recommendation calculation
+### Rate limiting recommendation calculation
Select an endpoint row in **Endpoints** to view its rate limit recommendation. The detail view shows the overall recommended value and percentile-based values (p50, p90, p99).
diff --git a/src/content/docs/artifacts/examples/git-client.mdx b/src/content/docs/artifacts/examples/git-client.mdx
index a297d94fb81..8101a829775 100644
--- a/src/content/docs/artifacts/examples/git-client.mdx
+++ b/src/content/docs/artifacts/examples/git-client.mdx
@@ -14,7 +14,7 @@ To do this, you need to:
- Fetch the repo's remote URL from the REST API
- Mint a short-lived token scoped to that repo
-Once you have the remote URL and token, you can use them to run Git commands against the repo.
+Once you have the remote URL and token, you can use them to run Git commands against the repo.
This example assumes the repo already exists and that you have a [Cloudflare API token](/fundamentals/api/get-started/create-token/) with **Artifacts** > **Edit**.
diff --git a/src/content/docs/artifacts/examples/isomorphic-git.mdx b/src/content/docs/artifacts/examples/isomorphic-git.mdx
index 9af04311857..9c52163751b 100644
--- a/src/content/docs/artifacts/examples/isomorphic-git.mdx
+++ b/src/content/docs/artifacts/examples/isomorphic-git.mdx
@@ -18,7 +18,7 @@ Use this when your Worker needs to programmatically build and push file trees to
## Prerequisites
-Follow the [Artifacts Workers setup guide](/artifacts/get-started/workers/) to set up a Worker with an Artifacts binding.
+Follow the [Artifacts Workers setup guide](/artifacts/get-started/workers/) to set up a Worker with an Artifacts binding.
### Install the dependency
diff --git a/src/content/docs/artifacts/get-started/rest-api.mdx b/src/content/docs/artifacts/get-started/rest-api.mdx
index 12133db357b..1e16278ef03 100644
--- a/src/content/docs/artifacts/get-started/rest-api.mdx
+++ b/src/content/docs/artifacts/get-started/rest-api.mdx
@@ -82,7 +82,7 @@ The response resembles the following:
"messages": []
}
```
-The response includes two values which you will need for Git operations:
+The response includes two values which you will need for Git operations:
- `remote`: the Git remote URL for this repo. `` will be your actual Cloudflare account ID. Use this URL for all Git commands (git push, git clone). Note that this uses a different URL than the REST API you used to create the repo.
- `token`: a short-lived credential for Git operations. The token encodes its expiry directly in the `?expires=` suffix as a Unix timestamp.
diff --git a/src/content/docs/artifacts/get-started/workers.mdx b/src/content/docs/artifacts/get-started/workers.mdx
index eb9e40bedbb..1467fbbfbc2 100644
--- a/src/content/docs/artifacts/get-started/workers.mdx
+++ b/src/content/docs/artifacts/get-started/workers.mdx
@@ -244,7 +244,7 @@ git clone "$ARTIFACTS_AUTH_REMOTE" artifacts-clone
## 7. Deploy your Worker
-Switch back to your Worker project directory:
+Switch back to your Worker project directory:
```sh
cd artifacts-worker
```
diff --git a/src/content/docs/automatic-platform-optimization/reference/page-rule-integration.mdx b/src/content/docs/automatic-platform-optimization/reference/page-rule-integration.mdx
index 80a3a268e1f..fcc6e05ec4c 100644
--- a/src/content/docs/automatic-platform-optimization/reference/page-rule-integration.mdx
+++ b/src/content/docs/automatic-platform-optimization/reference/page-rule-integration.mdx
@@ -13,7 +13,7 @@ The following Page Rules can control APO. Any changes to caching via Page Rules
:::caution
-Consider using [Cache Rules](/cache/how-to/cache-rules/) instead to control APO due to their enhanced configurability.
+Consider using [Cache Rules](/cache/how-to/cache-rules/) instead to control APO due to their enhanced configurability.
:::
* **Cache Level: Bypass** — APO bypasses pages with response header `cf-apo-via: origin,page-rules`
diff --git a/src/content/docs/bots/account-abuse-protection.mdx b/src/content/docs/bots/account-abuse-protection.mdx
index ddd1362d953..1e383413433 100644
--- a/src/content/docs/bots/account-abuse-protection.mdx
+++ b/src/content/docs/bots/account-abuse-protection.mdx
@@ -21,7 +21,7 @@ import { Render, Description, DashButton, Steps } from "~/components"
Identify and mitigate attacks on your customer and user accounts.
-Account abuse — bulk account creation and account takeover attacks — can cause financial losses and erode user trust. Fraud detection allows you to detect and mitigate these attacks among your traffic. You can use fraud signals to [update or create new rules](/waf/custom-rules/) for suspicious account activity, or pass signals to your origin to integrate into authentication and authorization systems.
+Account abuse — bulk account creation and account takeover attacks — can cause financial losses and erode user trust. Fraud detection allows you to detect and mitigate these attacks among your traffic. You can use fraud signals to [update or create new rules](/waf/custom-rules/) for suspicious account activity, or pass signals to your origin to integrate into authentication and authorization systems.
## Availability
@@ -38,15 +38,15 @@ Contact your Cloudflare account team to request access.
User ID is a cryptographically hashed, per-zone identifier that customers can use in [Security Analytics](/waf/analytics/security-analytics/), [Security Rules](/waf/custom-rules/), and [Managed Transforms](/rules/transform/managed-transforms/reference/). Hashed User IDs are created by encrypting the primary credentials your users provide, converting them into opaque identifiers unique to your zone. This allows traffic analysis while protecting user privacy. With access to hashed User ID, website owners can:
- Review which users have the most activity on your website.
-- Find the details on a specific user's characteristics and activity patterns.
-- Mitigate traffic based on the user, such as blocking a user with historically suspicious activity.
-- Combine fields to see when accounts are being targeted with leaked credentials.
+- Find the details on a specific user's characteristics and activity patterns.
+- Mitigate traffic based on the user, such as blocking a user with historically suspicious activity.
+- Combine fields to see when accounts are being targeted with leaked credentials.
- Manage network patterns or signals associated with specific users.
:::note[Data privacy]
-User profiling was created with privacy in mind. Its design and engineering align with our privacy and compliance programs and contain technical controls that protect the privacy of users. Hashed User IDs are created by encrypting the primary credentials your users use to access your applications.
+User profiling was created with privacy in mind. Its design and engineering align with our privacy and compliance programs and contain technical controls that protect the privacy of users. Hashed User IDs are created by encrypting the primary credentials your users use to access your applications.
-Other Cloudflare customers cannot access your user profiles. They are unique to your zone.
+Other Cloudflare customers cannot access your user profiles. They are unique to your zone.
:::
User ID is an opt-in feature that can be enabled in Security Settings.
@@ -65,13 +65,13 @@ To enable, edit, or disable the setting:
### Ephemeral IDs
-Customers using Cloudflare [Turnstile](/turnstile/) can utilize ephemeral IDs for Fraud detection.
+Customers using Cloudflare [Turnstile](/turnstile/) can utilize ephemeral IDs for Fraud detection.
Refer to [Fraud detection with ephemeral IDs](/turnstile/tutorials/fraud-detection-with-ephemeral-ids/) for more information.
### Account takeover detections
-Cloudflare Bot Management includes dedicated detection IDs for account takeover attacks.
+Cloudflare Bot Management includes dedicated detection IDs for account takeover attacks.
Refer to [Account takeover detections](/bots/additional-configurations/detection-ids/account-takeover-detections/) for more information.
@@ -85,25 +85,25 @@ Account takeover (ATO) detections are not available for accounts using the [Data
### Prerequisites
-Fraud detection requires the following configurations and settings to be enabled to properly identify suspicious behavior.
+Fraud detection requires the following configurations and settings to be enabled to properly identify suspicious behavior.
#### Security Settings
-- User ID: Cloudflare encrypts or hashes your user IDs to better understand typical user traffic patterns across your applications. Enabling Cloudflare to create hashed user ID mappings to your users will allow you to receive account takeover and bulk account creation detections.
+- User ID: Cloudflare encrypts or hashes your user IDs to better understand typical user traffic patterns across your applications. Enabling Cloudflare to create hashed user ID mappings to your users will allow you to receive account takeover and bulk account creation detections.
-#### Eligible traffic
+#### Eligible traffic
-Cloudflare automatically identifies certain login and sign up traffic on your applications and runs these detections without any additional configurations.
+Cloudflare automatically identifies certain login and sign up traffic on your applications and runs these detections without any additional configurations.
- Sign-ups: Cloudflare automatically monitors traffic on endpoints that match common sign up endpoints.
- Login: Cloudflare automatically monitors traffic on endpoints that match common login endpoints.
Verify that your endpoints are properly labeled to ensure Cloudflare can detect and monitor them correctly.
-
:::tip[Enhanced with leaked credential detections]
@@ -114,30 +114,30 @@ Cloudflare also recommends enabling [Leaked credentials detection](/waf/detectio
### Detections
-Fraud detections focus on account abuse attacks such as account takeover, bulk account creation, and credential quality. These detections run on all eligible traffic and can be used across [Cloudflare Rules](/rules/) to log, challenge, and/or block requests to your sign up and login endpoints.
+Fraud detections focus on account abuse attacks such as account takeover, bulk account creation, and credential quality. These detections run on all eligible traffic and can be used across [Cloudflare Rules](/rules/) to log, challenge, and/or block requests to your sign up and login endpoints.
#### Account creation
-Disposable Email Checks detect when users sign up with throwaway email addresses commonly used for promotion abuse and fake account creation. These disposable email services allow attackers to create thousands of unique accounts without maintaining real infrastructure.
+Disposable Email Checks detect when users sign up with throwaway email addresses commonly used for promotion abuse and fake account creation. These disposable email services allow attackers to create thousands of unique accounts without maintaining real infrastructure.
-You can use the following binary field as you build rules to enforce security preferences, choosing to block all disposable emails outright, or issue a [challenge](/cloudflare-challenges/challenge-types/) to anyone attempting to create an account with a disposable email.
+You can use the following binary field as you build rules to enforce security preferences, choosing to block all disposable emails outright, or issue a [challenge](/cloudflare-challenges/challenge-types/) to anyone attempting to create an account with a disposable email.
#### Suspicious emails
-Cloudflare analyzes the components of an email used during sign up to help identify suspicious patterns. Refer to [prerequisites](#prerequisites) to ensure your traffic is eligible for detections.
+Cloudflare analyzes the components of an email used during sign up to help identify suspicious patterns. Refer to [prerequisites](#prerequisites) to ensure your traffic is eligible for detections.
-Cloudflare does not store email addresses during this analysis. All detections processed without any storage or caching.
+Cloudflare does not store email addresses during this analysis. All detections processed without any storage or caching.
| Detection tag | Description |
| --- | --- |
| `cf.fraud_detection.disposable_email` | Identifies emails with domains that are commonly found in lists of temporary or disposable email services. |
| `cf.fraud.email_risk` | Analyzes the randomness (entropy) of characters in an email username and top level domain. For example, `a8xk2m9p@example.com` has high entropy (very random characters), while `john.smith@example.com` has low entropy (recognizable pattern).
High risk emails indicate high entropy, while medium and low risk emails indicate less randomness in the string of characters. |
----
+---
### Mitigations
-The following Fraud detection fields can be used in Security Rules to help identify and mitigate suspicious traffic.
+The following Fraud detection fields can be used in Security Rules to help identify and mitigate suspicious traffic.
#### Security Rules
@@ -150,7 +150,7 @@ The following fields can be used in new and existing Security Rules.
#### Other rules
-You can use Fraud detection data in Request Header [Transform Rules](/rules/transform/managed-transforms/) to pass information down to the origin.
+You can use Fraud detection data in Request Header [Transform Rules](/rules/transform/managed-transforms/) to pass information down to the origin.
#### LogPush
@@ -160,12 +160,12 @@ You can add Fraud detection fields to existing or new [LogPush](/logs/logpush/)
## Analytics
-You can find Fraud data and detections in Security Analytics, where you can see top User IDs.
+You can find Fraud data and detections in Security Analytics, where you can see top User IDs.
-Fraud fields can be used as filters to identify suspicious patterns in your traffic.
+Fraud fields can be used as filters to identify suspicious patterns in your traffic.
-The hashed User ID field within Security Analytics also provides Fraud customers with data that can help review detections and patterns per individual users rather than requests. You can review user level aggregations for IPs and IP counts, event types (login or sign up), locations, devices, and browsers.
+The hashed User ID field within Security Analytics also provides Fraud customers with data that can help review detections and patterns per individual users rather than requests. You can review user level aggregations for IPs and IP counts, event types (login or sign up), locations, devices, and browsers.
A user level profile also provides a quick way to review the latest events associated with a user so that you can identify any anomalies and create a custom rule to log, block, or challenge that user.
diff --git a/src/content/docs/bots/additional-configurations/ja3-ja4-fingerprint/index.mdx b/src/content/docs/bots/additional-configurations/ja3-ja4-fingerprint/index.mdx
index b575e485e4d..fbb96e75139 100644
--- a/src/content/docs/bots/additional-configurations/ja3-ja4-fingerprint/index.mdx
+++ b/src/content/docs/bots/additional-configurations/ja3-ja4-fingerprint/index.mdx
@@ -17,7 +17,7 @@ JA4 improves on JA3 by sorting ClientHello extensions, which reduces the number
:::note
-JA3 and JA4 fingerprints are only available to Enterprise customers who have purchased Bot Management.
+JA3 and JA4 fingerprints are only available to Enterprise customers who have purchased Bot Management.
:::
@@ -74,7 +74,7 @@ When JA4 Signals are missing, the output appears as follows:
:::note
-This sample was generated using [Workers' Cloudflare Object script](/workers/examples/accessing-the-cloudflare-object/).
+This sample was generated using [Workers' Cloudflare Object script](/workers/examples/accessing-the-cloudflare-object/).
:::
diff --git a/src/content/docs/bots/concepts/bot/index.mdx b/src/content/docs/bots/concepts/bot/index.mdx
index 79b102ed141..8135d250679 100644
--- a/src/content/docs/bots/concepts/bot/index.mdx
+++ b/src/content/docs/bots/concepts/bot/index.mdx
@@ -29,7 +29,7 @@ For more background, refer to [What is a bot?](https://www.cloudflare.com/learni
:::note
-The method for allowing or blocking verified bots depends on [your plan](/bots/concepts/bot/verified-bots/#availability).
+The method for allowing or blocking verified bots depends on [your plan](/bots/concepts/bot/verified-bots/#availability).
:::
## AI bots
diff --git a/src/content/docs/bots/index.mdx b/src/content/docs/bots/index.mdx
index 5fb23d398db..b4344a59725 100644
--- a/src/content/docs/bots/index.mdx
+++ b/src/content/docs/bots/index.mdx
@@ -15,7 +15,7 @@ import { CardGrid, Description, Feature, LinkTitleCard, Plan, RelatedProduct, Re
-Identify and mitigate automated traffic to protect your domain from bad bots.
+Identify and mitigate automated traffic to protect your domain from bad bots.
@@ -37,37 +37,37 @@ To see the differences in features and functionality, visit [Plans](/bots/plans/
## Features
-Challenge detected bot traffic across your entire domain with a single toggle.
+Challenge detected bot traffic across your entire domain with a single toggle.
-Identify traffic matching patterns of known bots, challenge or block bots, protect static resources, and view analytics to help you understand bot traffic using Super Bot Fight Mode.
+Identify traffic matching patterns of known bots, challenge or block bots, protect static resources, and view analytics to help you understand bot traffic using Super Bot Fight Mode.
-Use Bot Analytics to dynamically examine bot traffic.
+Use Bot Analytics to dynamically examine bot traffic.
-Access several new variables within the Firewall expression builder.
+Access several new variables within the Firewall expression builder.
## Related products
-Identify and address API vulnerabilities using API Shield.
+Identify and address API vulnerabilities using API Shield.
-Detect and mitigate Distributed Denial of Service (DDoS) attacks using Cloudflare's Autonomous Edge.
+Detect and mitigate Distributed Denial of Service (DDoS) attacks using Cloudflare's Autonomous Edge.
-Use Cloudflare's smart CAPTCHA alternative to run less intrusive challenges.
+Use Cloudflare's smart CAPTCHA alternative to run less intrusive challenges.
-Get automatic protection from vulnerabilities and the flexibility to create custom rules.
+Get automatic protection from vulnerabilities and the flexibility to create custom rules.
## More resources
diff --git a/src/content/docs/bots/plans/biz-and-ent.mdx b/src/content/docs/bots/plans/biz-and-ent.mdx
index b45e44d4dea..9814b17bce1 100644
--- a/src/content/docs/bots/plans/biz-and-ent.mdx
+++ b/src/content/docs/bots/plans/biz-and-ent.mdx
@@ -78,7 +78,7 @@ import { Render } from "~/components";
Verified bots,
Static resource protection,
Optimize for WordPress,
- JavaScript Detections
+ JavaScript Detections
diff --git a/src/content/docs/bots/plans/bm-subscription.mdx b/src/content/docs/bots/plans/bm-subscription.mdx
index 3d5517526b9..41c2ce73dd4 100644
--- a/src/content/docs/bots/plans/bm-subscription.mdx
+++ b/src/content/docs/bots/plans/bm-subscription.mdx
@@ -90,7 +90,7 @@ import { Render } from "~/components";
Verified bots,
Static resource protection,
Optimize for WordPress,
- JavaScript Detections
+ JavaScript Detections
diff --git a/src/content/docs/bots/plans/pro.mdx b/src/content/docs/bots/plans/pro.mdx
index b7a1dd799e7..93b66aa068c 100644
--- a/src/content/docs/bots/plans/pro.mdx
+++ b/src/content/docs/bots/plans/pro.mdx
@@ -76,7 +76,7 @@ import { Render } from "~/components";
Verified bots,
Static resource protection,
Optimize for WordPress,
- JavaScript Detections
+ JavaScript Detections
diff --git a/src/content/docs/bots/reference/alerts.mdx b/src/content/docs/bots/reference/alerts.mdx
index 76c74e5d486..3ee628dec33 100644
--- a/src/content/docs/bots/reference/alerts.mdx
+++ b/src/content/docs/bots/reference/alerts.mdx
@@ -17,7 +17,7 @@ Bot alerts inform you when Cloudflare detects spikes in your traffic with any of
- An increase in traffic on available dimensions in [Set up a bot detection alert](#set-up-a-bot-detection-alert).
- Filters of your choosing in [Set up a bot detection alert](#set-up-a-bot-detection-alert).
----
+---
## Alert types
@@ -29,7 +29,7 @@ To receive Bot alerts, you must [configure a notification](/notifications/get-st
1. In the Cloudflare dashboard, go to the **Notifications** page.
-
+
3. Select **Add**.
4. Select **Bot Management** from the Product list.
@@ -73,5 +73,5 @@ You can also choose to group by the following dimensions so that they can be ale
- Bot Detection IDs
:::note
-Bot Detection Alerts exclude [verified bots](/bots/concepts/bot/verified-bots/).
+Bot Detection Alerts exclude [verified bots](/bots/concepts/bot/verified-bots/).
:::
\ No newline at end of file
diff --git a/src/content/docs/bots/reference/bot-management-variables.mdx b/src/content/docs/bots/reference/bot-management-variables.mdx
index 8b78f19b39b..1ed4727bb47 100644
--- a/src/content/docs/bots/reference/bot-management-variables.mdx
+++ b/src/content/docs/bots/reference/bot-management-variables.mdx
@@ -16,10 +16,10 @@ import { Render } from "~/components"
Bot Management provides access to several [new variables](/ruleset-engine/rules-language/fields/reference/?field-category=Bots) within the expression builder of Ruleset Engine-based products such as [WAF custom rules](/waf/custom-rules/).
- **Bot Score** (`cf.bot_management.score`): An integer between 1-99 that indicates [Cloudflare's level of certainty](/bots/concepts/bot-score/) that a request comes from a bot.
-- **Verified Bot** (`cf.bot_management.verified_bot`): A boolean value that indicates whether a request originates from a Cloudflare allowed bot.
-
- Cloudflare maintains a large allowlist of good, automated bots (such as Google Search Engine and Pingdom) that perform beneficial tasks. Cloudflare identifies and verifies these bots primarily through reverse DNS validation, ensuring the source IP matches the requesting service.
-
+- **Verified Bot** (`cf.bot_management.verified_bot`): A boolean value that indicates whether a request originates from a Cloudflare allowed bot.
+
+ Cloudflare maintains a large allowlist of good, automated bots (such as Google Search Engine and Pingdom) that perform beneficial tasks. Cloudflare identifies and verifies these bots primarily through reverse DNS validation, ensuring the source IP matches the requesting service.
+
We also use additional validation methods, including checking ASN blocks and public lists. If these methods are unavailable, Cloudflare utilizes internal data and machine learning to identify and verify legitimate IP addresses from good bots. Most customers choose to [allow this traffic](/ruleset-engine/rules-language/fields/reference/cf.bot_management.verified_bot/).
- **Serves Static Resource** (`cf.bot_management.static_resource`): An identifier that matches [file extensions](/bots/additional-configurations/static-resources/) for many types of static resources. Use this variable if you send emails that retrieve static images.
- **ja3Hash** (`cf.bot_management.ja3_hash`) and **ja4** (`cf.bot_management.ja4`): A [**JA3/JA4 fingerprint**](/bots/additional-configurations/ja3-ja4-fingerprint/) helps you profile specific SSL/TLS clients across different destination IPs, Ports, and X509 certificates.
diff --git a/src/content/docs/bots/reference/bot-verification/web-bot-auth.mdx b/src/content/docs/bots/reference/bot-verification/web-bot-auth.mdx
index 45bb2435679..c076198e878 100644
--- a/src/content/docs/bots/reference/bot-verification/web-bot-auth.mdx
+++ b/src/content/docs/bots/reference/bot-verification/web-bot-auth.mdx
@@ -25,7 +25,7 @@ You need to generate a signing key which will be used to authenticate your bot's
1. Generate a unique [Ed25519](https://ed25519.cr.yp.to/) private key to sign your requests. This example uses the [OpenSSL](https://openssl-library.org/) `genpkey` command:
- :::note
+ :::note
Cloudflare supports Ed25519 key algorithm.
:::
diff --git a/src/content/docs/bots/reference/sample-terms.mdx b/src/content/docs/bots/reference/sample-terms.mdx
index 3c05cc2e80d..fe0617a209d 100644
--- a/src/content/docs/bots/reference/sample-terms.mdx
+++ b/src/content/docs/bots/reference/sample-terms.mdx
@@ -19,8 +19,8 @@ Cloudflare recommends that customers consider updating their Terms of Service to
:::caution[Disclaimer]
-This language is provided for informational purposes only. It does not constitute legal advice, nor does it guarantee any specific outcome.
+This language is provided for informational purposes only. It does not constitute legal advice, nor does it guarantee any specific outcome.
-This is an illustrative example of language that can be included in a website's terms to put AI providers on notice that they are not authorized to use automated means to scrape content from your website for purposes of training or otherwise contributing to their AI models or systems, unless you have expressly permitted them to do so in your `robots.txt` file.
+This is an illustrative example of language that can be included in a website's terms to put AI providers on notice that they are not authorized to use automated means to scrape content from your website for purposes of training or otherwise contributing to their AI models or systems, unless you have expressly permitted them to do so in your `robots.txt` file.
:::
diff --git a/src/content/docs/browser-run/how-to/deploy-worker.mdx b/src/content/docs/browser-run/how-to/deploy-worker.mdx
index 808b712441c..d15deee8a1e 100644
--- a/src/content/docs/browser-run/how-to/deploy-worker.mdx
+++ b/src/content/docs/browser-run/how-to/deploy-worker.mdx
@@ -6,7 +6,7 @@ sidebar:
order: 1
products:
- browser-run
- - workers
+ - workers
---
import {
diff --git a/src/content/docs/cache/concepts/index.mdx b/src/content/docs/cache/concepts/index.mdx
index 9d7aa540158..187b34a1c91 100644
--- a/src/content/docs/cache/concepts/index.mdx
+++ b/src/content/docs/cache/concepts/index.mdx
@@ -8,7 +8,7 @@ sidebar:
order: 5
group:
hideIndex: true
-
+
---
import { DirectoryListing } from "~/components"
diff --git a/src/content/docs/cache/how-to/edge-browser-cache-ttl/index.mdx b/src/content/docs/cache/how-to/edge-browser-cache-ttl/index.mdx
index 9bd8eb61f1e..807f65abbd3 100644
--- a/src/content/docs/cache/how-to/edge-browser-cache-ttl/index.mdx
+++ b/src/content/docs/cache/how-to/edge-browser-cache-ttl/index.mdx
@@ -31,7 +31,7 @@ Unless specifically set in a cache rule, Cloudflare does not override or insert
* Setting high Browser Cache TTL values means that the assets will be cached for a long time by users’ browsers.
* If you modify cached assets, the new assets may not be displayed to repeat visitors before the Browser Cache TTL expires.
-* Purging Cloudflare’s cache does not affect assets stored by a visitor’s browser.
+* Purging Cloudflare’s cache does not affect assets stored by a visitor’s browser.
:::
diff --git a/src/content/docs/cache/how-to/purge-cache/purge-zone-versions.mdx b/src/content/docs/cache/how-to/purge-cache/purge-zone-versions.mdx
index 06f0af7f6b9..b6d47dfb368 100644
--- a/src/content/docs/cache/how-to/purge-cache/purge-zone-versions.mdx
+++ b/src/content/docs/cache/how-to/purge-cache/purge-zone-versions.mdx
@@ -76,7 +76,7 @@ https://api.cloudflare.com/client/v4/zones//purge_cache/
To purge non-production environments, you must use a new `purge_cache` endpoint and specify the environment you would like to purge.
-To purge the Staging environment from the example above, send a request to the following endpoint:
+To purge the Staging environment from the example above, send a request to the following endpoint:
```bash
https://api.cloudflare.com/client/v4/zones//environments/5d41402abc4b2a76b9719d911017c/purge_cache/
diff --git a/src/content/docs/cache/interaction-cloudflare-products/index.mdx b/src/content/docs/cache/interaction-cloudflare-products/index.mdx
index 449a56ed4e7..47075a86a51 100644
--- a/src/content/docs/cache/interaction-cloudflare-products/index.mdx
+++ b/src/content/docs/cache/interaction-cloudflare-products/index.mdx
@@ -8,7 +8,7 @@ sidebar:
order: 11
group:
hideIndex: true
-
+
---
import { DirectoryListing } from "~/components"
diff --git a/src/content/docs/cache/reference/development-mode.mdx b/src/content/docs/cache/reference/development-mode.mdx
index c6f9d879d1f..32af23f1979 100644
--- a/src/content/docs/cache/reference/development-mode.mdx
+++ b/src/content/docs/cache/reference/development-mode.mdx
@@ -13,7 +13,7 @@ Development Mode temporarily suspends Cloudflare's edge caching and [Polish](/im
:::note
-To bypass cache for longer than three hours, use bypass cache in [Cache Rules](/cache/how-to/cache-rules/settings/#bypass-cache).
+To bypass cache for longer than three hours, use bypass cache in [Cache Rules](/cache/how-to/cache-rules/settings/#bypass-cache).
:::
## Enable Development Mode
diff --git a/src/content/docs/cache/reference/etag-headers.mdx b/src/content/docs/cache/reference/etag-headers.mdx
index 58cd219e3b1..e4041493cf7 100644
--- a/src/content/docs/cache/reference/etag-headers.mdx
+++ b/src/content/docs/cache/reference/etag-headers.mdx
@@ -47,8 +47,8 @@ The Cloudflare network will take the following actions, depending on the visitor
| `br` | GZIP | Decompress GZIP and return uncompressed response to visitor with weak ETag header: `etag: W/"foobar"`. |
| `gzip` | Brotli | Decompress Brotli and return uncompressed response to visitor with weak ETag header: `etag: W/"foobar"`. |
| `gzip` | (none) | Return uncompressed response to visitor with strong ETag header: `etag: "foobar"`. |
-| `gzip, br, zstd` | Zstandard | Return zstd-compressed response to visitor with strong ETag header: `etag: "foobar"`.
-| `gzip, br` | Zstandard | Decompress zstd and return br response to visitor with weak ETag header: `etag: W/"foobar"`.
+| `gzip, br, zstd` | Zstandard | Return zstd-compressed response to visitor with strong ETag header: `etag: "foobar"`.
+| `gzip, br` | Zstandard | Decompress zstd and return br response to visitor with weak ETag header: `etag: W/"foobar"`.
| `zstd` | Brotli/GZIP | Decompress zstd and return zstd response to visitor with weak ETag header: `etag: W/"foobar"`. |
@@ -90,7 +90,7 @@ Refer to [Content compression](/speed/optimization/content/compression/) for mor
## Important remarks
-* You must set the value in a strong ETag header using double quotes (for example, `etag: "foobar"`). If you use an incorrect format, Cloudflare will remove the ETag header instead of converting it to a weak ETag.
+* You must set the value in a strong ETag header using double quotes (for example, `etag: "foobar"`). If you use an incorrect format, Cloudflare will remove the ETag header instead of converting it to a weak ETag.
* If a resource is cacheable and there is a cache miss, Cloudflare does not send ETag headers to the origin server. This is because Cloudflare requires the full response body to fill its cache.
diff --git a/src/content/docs/cloudflare-challenges/challenge-types/index.mdx b/src/content/docs/cloudflare-challenges/challenge-types/index.mdx
index 5ccae5620b1..7fd7573f93e 100644
--- a/src/content/docs/cloudflare-challenges/challenge-types/index.mdx
+++ b/src/content/docs/cloudflare-challenges/challenge-types/index.mdx
@@ -6,7 +6,7 @@ products:
- cloudflare-challenges
sidebar:
order: 3
- group:
+ group:
hideIndex: true
---
diff --git a/src/content/docs/cloudflare-challenges/challenge-types/turnstile.mdx b/src/content/docs/cloudflare-challenges/challenge-types/turnstile.mdx
index 3a4bd64156f..63d81c72add 100644
--- a/src/content/docs/cloudflare-challenges/challenge-types/turnstile.mdx
+++ b/src/content/docs/cloudflare-challenges/challenge-types/turnstile.mdx
@@ -16,7 +16,7 @@ Turnstile differs from Challenges Pages in that the challenge does not pause the
In most cases, nothing further is required from the visitor. However, if necessary, Turnstile may display a simple checkbox that the visitor must click to proceed.
-After the challenge passes, Turnstile issues a clearance token to the visitor that must be validated via the [Siteverify API](/turnstile/get-started/server-side-validation/) before completing a sensitive action like login, sign up, or other form submissions.
+After the challenge passes, Turnstile issues a clearance token to the visitor that must be validated via the [Siteverify API](/turnstile/get-started/server-side-validation/) before completing a sensitive action like login, sign up, or other form submissions.
@@ -26,7 +26,7 @@ While there are three types of widgets that you can choose to implement on your
- **Managed (recommended)**: Functions similar to a Managed Challenge Page. It selects a challenge based on the signals gathered from the visitor's browser and presents an interaction only if it detects potentially automated traffic.
-- **Non-Interactive**: The widget is displayed, but the visitor does not need to interact with it to verify their identity.
+- **Non-Interactive**: The widget is displayed, but the visitor does not need to interact with it to verify their identity.
- **Invisible**: The widget is completely invisible to the visitor, but the challenge still runs in the background.
@@ -39,7 +39,7 @@ While there are three types of widgets that you can choose to implement on your
## Implementation
-When you create a widget for your website or application via the Cloudflare dashboard, you will receive a sitekey.
+When you create a widget for your website or application via the Cloudflare dashboard, you will receive a sitekey.
The sitekey is used with [client-side rendering](/turnstile/get-started/client-side-rendering/#implicitly-render-the-turnstile-widget) by adding it to the `` container placeholder. You will then place that `
` code snippet where you want to add the widget to your site page or form.
diff --git a/src/content/docs/cloudflare-challenges/concepts/clearance.mdx b/src/content/docs/cloudflare-challenges/concepts/clearance.mdx
index 352ffe0dba9..47b65c4ecc1 100644
--- a/src/content/docs/cloudflare-challenges/concepts/clearance.mdx
+++ b/src/content/docs/cloudflare-challenges/concepts/clearance.mdx
@@ -98,11 +98,11 @@ For more details on managing hostnames, refer to the [Hostname Management docume
1. In the Cloudflare dashboard, go to the **Turnstile** page.
-
+
- 2. Select **Add widget**.
- 3. Under **Would you like to opt for pre-clearance for this site?** select **Yes**.
- 4. Choose the pre-clearance level from the select box.
+ 2. Select **Add widget**.
+ 3. Under **Would you like to opt for pre-clearance for this site?** select **Yes**.
+ 4. Choose the pre-clearance level from the select box.
5. Select **Create**.
@@ -110,10 +110,10 @@ For more details on managing hostnames, refer to the [Hostname Management docume
1. In the Cloudflare dashboard, go to the **Turnstile** page.
-
+
- 2. Go to the existing widget or site and select **Settings**.
- 3. Under **Would you like to opt for pre-clearance for this site?** select **Yes**.
- 4. Choose the pre-clearance level from the select box.
+ 2. Go to the existing widget or site and select **Settings**.
+ 3. Under **Would you like to opt for pre-clearance for this site?** select **Yes**.
+ 4. Choose the pre-clearance level from the select box.
5. Select **Update**.
diff --git a/src/content/docs/cloudflare-challenges/concepts/index.mdx b/src/content/docs/cloudflare-challenges/concepts/index.mdx
index 8587e3ba1d8..29522f27b00 100644
--- a/src/content/docs/cloudflare-challenges/concepts/index.mdx
+++ b/src/content/docs/cloudflare-challenges/concepts/index.mdx
@@ -7,7 +7,7 @@ products:
sidebar:
order: 2
label: About
- group:
+ group:
hideIndex: true
---
diff --git a/src/content/docs/cloudflare-challenges/reference/index.mdx b/src/content/docs/cloudflare-challenges/reference/index.mdx
index 3c0a6f05993..e06294cd7be 100644
--- a/src/content/docs/cloudflare-challenges/reference/index.mdx
+++ b/src/content/docs/cloudflare-challenges/reference/index.mdx
@@ -6,7 +6,7 @@ products:
- cloudflare-challenges
sidebar:
order: 3
- group:
+ group:
hideIndex: true
---
diff --git a/src/content/docs/cloudflare-challenges/reference/supported-browsers.mdx b/src/content/docs/cloudflare-challenges/reference/supported-browsers.mdx
index a8b394b4c4b..2a7d8486282 100644
--- a/src/content/docs/cloudflare-challenges/reference/supported-browsers.mdx
+++ b/src/content/docs/cloudflare-challenges/reference/supported-browsers.mdx
@@ -10,13 +10,13 @@ sidebar:
import { Details } from "~/components"
-Cloudflare can challenge your visitors in various ways. They can be challenged by [Challenge Pages](/cloudflare-challenges/challenge-types/challenge-pages/), [Turnstile](/turnstile/), or by [JavaScript Detections (JSD) in Bot Management](/cloudflare-challenges/challenge-types/javascript-detections/). This document lays out the supported browsers across all of these challenge methods. When your website or application presents a challenge, your visitors receive either a Non-interactive or an Interactive Challenge.
+Cloudflare can challenge your visitors in various ways. They can be challenged by [Challenge Pages](/cloudflare-challenges/challenge-types/challenge-pages/), [Turnstile](/turnstile/), or by [JavaScript Detections (JSD) in Bot Management](/cloudflare-challenges/challenge-types/javascript-detections/). This document lays out the supported browsers across all of these challenge methods. When your website or application presents a challenge, your visitors receive either a Non-interactive or an Interactive Challenge.
-Cloudflare is committed to ensuring our challenges work with as many browsers as possible, but there are limitations that you should be aware of.
+Cloudflare is committed to ensuring our challenges work with as many browsers as possible, but there are limitations that you should be aware of.
## Overview
-Cloudflare Challenges are designed to be compatible with any desktop and mobile browser. If your visitors are using an up-to-date version of a browser listed below, they will receive and be able to solve challenges without any issues. The following is a non-exclusive list of browsers supported by Cloudflare Challenges. Browsers not listed on this list are supported on a best-effort basis.
+Cloudflare Challenges are designed to be compatible with any desktop and mobile browser. If your visitors are using an up-to-date version of a browser listed below, they will receive and be able to solve challenges without any issues. The following is a non-exclusive list of browsers supported by Cloudflare Challenges. Browsers not listed on this list are supported on a best-effort basis.
### Supported browsers
@@ -25,7 +25,7 @@ The following browsers are officially supported and tested.
- Current version and two previous major versions
- Chromium-based browsers and Chromium-based browsers that track the current Chrome stable version
-
+
:::caution
Beta, Dev, Canary, Nightly, or other unreleased builds are not officially supported.
:::
@@ -81,19 +81,19 @@ Browser extensions can interfere with challenges in several ways.
- Browser automation tools are often detected as potential bots and may cause challenge failures.
:::note
-If challenges consistently fail, try temporarily disabling extensions and reload the page.
+If challenges consistently fail, try temporarily disabling extensions and reload the page.
:::
### Device emulation and developer tools
Challenges are designed to distinguish between real human users and automated traffic. When device emulation is enabled (such as through browser developer tools), it can trigger bot detection mechanisms.
-- Mobile device emulation in desktop browsers often uses distinctive characteristics that differ from real mobile devices.
+- Mobile device emulation in desktop browsers often uses distinctive characteristics that differ from real mobile devices.
- Developer tools may modify browser behavior or expose debugging information that changes how challenges operate.
- Automation frameworks like Selenium, Puppeteer, or Playwright are specifically detected as non-human traffic.
:::note
-For developers testing applications, we recommend using real devices rather than emulated environments when possible.
+For developers testing applications, we recommend using real devices rather than emulated environments when possible.
If you must use emulation, be aware that challenges may be more difficult to pass, and do not reflect the real experience on mobile devices.
:::
diff --git a/src/content/docs/cloudflare-challenges/reference/supported-languages.mdx b/src/content/docs/cloudflare-challenges/reference/supported-languages.mdx
index 3b3282d4adc..ac46934b1fc 100644
--- a/src/content/docs/cloudflare-challenges/reference/supported-languages.mdx
+++ b/src/content/docs/cloudflare-challenges/reference/supported-languages.mdx
@@ -12,9 +12,9 @@ sidebar:
## Multi-language support
-Cloudflare Challenges can detect multiple languages and display the localized challenge experience, which is determined by `navigator.language` value. The [Navigator.language read-only property](https://developer.mozilla.org/en-US/docs/Web/API/Navigator/language) returns a string representing the preferred language of the user, usually the language of the browser user interface.
+Cloudflare Challenges can detect multiple languages and display the localized challenge experience, which is determined by `navigator.language` value. The [Navigator.language read-only property](https://developer.mozilla.org/en-US/docs/Web/API/Navigator/language) returns a string representing the preferred language of the user, usually the language of the browser user interface.
-For language support specific to Challenge Pages, refer to the table below.
+For language support specific to Challenge Pages, refer to the table below.
| Language | Language code
(4 letters) | Language code
(2 letters) |
| -------------------------------- | ----------------------------- | ----------------------------- |
diff --git a/src/content/docs/cloudflare-challenges/troubleshooting/index.mdx b/src/content/docs/cloudflare-challenges/troubleshooting/index.mdx
index dfb33285e01..82c966d32a5 100644
--- a/src/content/docs/cloudflare-challenges/troubleshooting/index.mdx
+++ b/src/content/docs/cloudflare-challenges/troubleshooting/index.mdx
@@ -27,13 +27,13 @@ Challenges are not supported by Microsoft Internet Explorer. If you are currentl
### Referer header
-Your visitor's HTTP request contains a referer header set to the website that they came from. When they encounter and solve a Challenge Page, the request with the referer is sent to the origin, and the response to the request is served to the user. The JavaScript on the response page may read the value of `document.referer`, but it will not be accurate.
+Your visitor's HTTP request contains a referer header set to the website that they came from. When they encounter and solve a Challenge Page, the request with the referer is sent to the origin, and the response to the request is served to the user. The JavaScript on the response page may read the value of `document.referer`, but it will not be accurate.
-For example, a visitor coming from a given website is challenged by a [WAF rule](/waf/custom-rules/) via an interstitial Challenge Page served by your domain. Once the visitor loads the website's home page, the `document.referer` value is your domain, not the origin website.
+For example, a visitor coming from a given website is challenged by a [WAF rule](/waf/custom-rules/) via an interstitial Challenge Page served by your domain. Once the visitor loads the website's home page, the `document.referer` value is your domain, not the origin website.
This affects tools like Google Analytics, which reads the referer from JavaScript, since it replaces the previous website that visitors came from.
-You can add tracking scripts, such as the Google Tag Manager Javascript, within an existing [Challenge Page](/rules/custom-errors/) to capture the correct referer header on the initial request.
+You can add tracking scripts, such as the Google Tag Manager Javascript, within an existing [Challenge Page](/rules/custom-errors/) to capture the correct referer header on the initial request.
```js title="Example JavaScript"
-
+