Patricia Santa Ana

This commit performs a **documentation update** to the **API Shield's vulnerability scanner documentation**. It specifically corrects the capitalization of 'Authorization' within a `curl` example and reformats a JSON output example in the `src/content/docs/api-shield/security/vulnerability-scanner.mdx` file. This **maintenance** task ensures consistency and improves the clarity of the **developer documentation**, making it easier for users to correctly implement API Shield features. The changes enhance the readability and accuracy of code examples provided to users.

fallthrough field update (#29489)

This commit delivers substantial **documentation improvements** for **Cloudflare Turnstile**, aiming to simplify and clarify its features and implementation. It involves extensive rephrasing, restructuring, and formatting adjustments across numerous sections, including `ephemeral-id.mdx`, `widget.mdx`, `client-side-rendering/index.mdx`, and `server-side-validation.mdx`. This **clarification and maintenance effort** enhances the readability and accessibility of the official documentation, making it easier for users to understand and integrate Turnstile. The changes improve the overall user experience for developers and users interacting with the **Turnstile documentation**, reducing potential confusion and streamlining adoption.

This commit **refactors** the shared `delete-override.mdx` documentation partial within the **DDoS Protection documentation** to accept more granular parameters for dashboard navigation and page names. This **documentation refactoring** improves the partial's reusability and specificity. Consequently, the **HTTP and Network managed rulesets documentation** for configuring overrides has been updated to pass these new, more specific parameters, ensuring more accurate and flexible instructions for users deleting overrides in the dashboard.

This commit delivers crucial **documentation updates** to clarify the distinct scopes of **DDoS Protection** and **Email Security**. It explicitly states that DDoS Protection does not cover email-based attacks, directing users to Email Security for such threats within `attack-coverage.mdx` and `frequently-asked-questions.mdx`. Conversely, the Email Security documentation in `detect-phish.mdx` now includes a 'Scope' section to clarify its focus on email inspection, pointing users to DDoS Protection for network infrastructure protection. This **clarification** helps users understand product boundaries and choose the appropriate service for specific threat vectors.

update API permissions table (#29397)

This commit **updates the documentation** for the **API Shield** feature, specifically concerning **Schema Validation**. It introduces a new paragraph in `src/content/docs/api-shield/security/schema-validation/index.mdx` to clearly state the **128 KB request body size limitation** for requests undergoing schema validation. This **documentation update** provides crucial information to users, helping them understand and adhere to operational constraints when configuring and utilizing API Shield's security features.

This commit **enhances the documentation** for **Cloudflare Challenges** by introducing a new section dedicated to **custom challenge page templates**. It provides comprehensive guidance on how to create these personalized pages, detailing their operational mechanics, outlining necessary placeholder tokens, and offering practical HTML template examples. This **documentation enhancement** empowers users to understand and implement custom challenge pages, thereby improving the flexibility and branding options for their Cloudflare security configurations. The update specifically targets the `additional-configuration.mdx` file, making it easier for users to configure advanced challenge page settings.

This commit **updates the documentation** for the **Account Abuse Protection** feature, clarifying the access procedure for users. A new sentence has been added to `src/content/docs/bots/account-abuse-protection.mdx`, instructing users to contact their Cloudflare account team to gain access to this capability. This **documentation enhancement** provides essential guidance, ensuring users understand the necessary steps to utilize this critical **bot management** service. The change improves user experience by making the access process explicit within the official documentation.

description update (#29063)

This commit **improves the documentation** for **API Shield's security schema validation** by adding a helpful note. Specifically, it updates the `src/content/docs/api-shield/security/schema-validation/index.mdx` file to include a direct link to the 'Export a schema' documentation section. This **documentation enhancement** ensures users can more easily find related information, streamlining their experience when working with API Shield schemas.

This commit significantly **enhances the documentation for bot management and WAF custom rules**, primarily by clarifying the distinction and interaction between **bot settings and custom rules**. It introduces new content and diagrams across various plan types (Pro, Business, Enterprise, and Bot Management subscriptions) to explain their respective use cases and the **execution order of bot rules**. This comprehensive **documentation update** aims to improve user understanding of how to effectively configure bot protection, ensuring users leverage the correct tools for their specific bot mitigation strategies.

This commit implements a significant **documentation update** to announce the **deprecation of the Exposed Credential Check (ECC)** feature within the **WAF managed rules**. It involves adding clear deprecation notices across various documentation pages related to `check-for-exposed-credentials`, removing previous recommendations for its use, and marking relevant sidebar entries as deprecated. A new documentation partial, `exposed-credential-check-deprecation.mdx`, was introduced to standardize the deprecation message, and the `plans/index.json` file was updated to reflect the feature's deprecated status. This **maintenance** work ensures users are accurately informed about the end-of-life status of the ECC feature, guiding them away from its use.

This commit **updates the project documentation** by adding a new changelog entry. Specifically, it announces the **Open Beta** launch of the **Web and API Vulnerability Scanner**, a significant new security feature integrated into the **API Shield** product. This **documentation update** serves to inform users about the availability of this new capability, allowing them to leverage enhanced security scanning for their web and API assets.

This commit **updates the API Shield security documentation** by integrating information about the **Vulnerability Scanner**. It specifically adds 'Vulnerability Scanner' to the security features table within `src/content/docs/api-shield/security/index.mdx`. Furthermore, this **documentation update** clarifies its role by listing it as a solution for 'Broken Object Level Authorization' in the OWASP issue table, enhancing the understanding of how API Shield addresses common security concerns. This **maintenance** task improves the comprehensiveness of the **API Shield security overview** for users.

This commit primarily **introduces comprehensive documentation** for **Account Abuse Protection**, detailing its concepts, prerequisites, detection methods, mitigation strategies, and analytics within the `bots` section. Concurrently, it performs a significant **reorganization of the Bots documentation sidebar**, adjusting the display order for various sections like `AI Labyrinth`, `Block AI Bots`, and `JavaScript detections` to improve navigation. A new reusable partial, `endpoint-label-warning.mdx`, is also added to standardize caution notes about login endpoints across the documentation. This work provides users with essential information on a new security feature and enhances the overall user experience of the **Bots documentation**.

This commit **introduces new documentation** for the **API Shield Vulnerability Scanner**, enhancing the project's user guidance. The **documentation update** adds a comprehensive guide to `src/content/docs/api-shield/security/vulnerability-scanner.mdx`, detailing the process, prerequisites, limitations, and availability of this critical security feature. This work improves user understanding and facilitates the configuration and effective utilization of the **API Shield Vulnerability Scanner**.

This commit **updates the Turnstile documentation** to explicitly address the **Cloudflare Turnstile Privacy Policy**. It adds notes within `challenge-types/turnstile.mdx` and `concepts/widget.mdx`, and introduces a new section in `additional-configuration/offlabel.mdx` detailing the requirement to link to the policy, particularly for the `offlabel` feature. A new partial, `privacy-policy.mdx`, is also created to centralize disclosures for Turnstile's invisible mode. This **documentation update** enhances user understanding and compliance for **Turnstile users** regarding privacy disclosures.

This commit **updates the accessibility compliance standard** for the **Turnstile** product, elevating it from WCAG 2.1 AA to the more stringent WCAG 2.2 AAA. This **documentation update** affects the general Turnstile overview, its `offlabel` configuration, and internal `plans/index.json` data. The change ensures that all published and internal references accurately reflect the improved accessibility commitment for Turnstile. This **maintenance task** provides clarity on the product's adherence to higher accessibility guidelines.

This commit provides a **documentation correction** for the **Cloudflare Challenges** section, specifically for the `JavaScript Detections` challenge type. It updates the description in `src/content/docs/cloudflare-challenges/challenge-types/javascript-detections.mdx` to accurately state that this detection mechanism relies on **client-side signals**. This **maintenance update** clarifies a key technical detail, ensuring users understand that the system operates based on client-side rather than network-side signals. The change improves the accuracy and clarity of the public-facing documentation.