[API Shield] Risk labels (#18876)

patriciasantaana · ranbel · web-flow · commit 172f7e715ca6 · 2024-12-20T09:26:17.000-08:00
* risk labels

* Apply suggestions from code review

Co-authored-by: ranbel &lt;101146722+ranbel@users.noreply.github.com&gt;

---------

Co-authored-by: ranbel &lt;101146722+ranbel@users.noreply.github.com&gt;
diff --git a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx
@@ -38,6 +38,23 @@ You can filter your endpoints based on the labels.
 
 `cf-account-update`: Add this label to endpoints that participate in user account or profile updates.
 
+`cf-rss-feed`: Add this label to endpoints that expect traffic from RSS clients.
+
+`cf-risk-missing-auth`: Automatically added when all successful requests lack a session identifier. Refer to the table below for more information.
+
+`cf-risk-mixed-auth`: Automatically added when some successful requests contain a session identifier and some successful requests lack a session identifier. Refer to the table below for more information. 
+
+`cf-risk-sensitive`: Cloudflare will automatically add this label to endpoints when HTTP responses match the WAF's [Sensitive Data Detection](/api-shield/management-and-monitoring/#sensitive-data-detection) ruleset.
+
+:::note
+Cloudflare will only add authentication labels to endpoints with successful response codes. Refer to the below table for more details.
+:::
+
+| Description | 2xx response codes | 4xx, 5xx response codes |
+| --- | --- | --- | 
+| If all requests are missing authentication, Cloudflare will apply the label: | `cf-missing-auth` | Without successful responses, no label will be added. |
+| If only some requests are missing authentication, Cloudflare will apply the label: | `cf-mixed-auth` | Without successful responses, no label will be added. |
+
 ## Create a label
 
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain. 
