Fix images

Author: maxvp

src/content/docs/cloudflare-one/access-controls/policies/access/require-purpose-justification.mdx

@@ -25,4 +25,4 @@ Configuring a purpose justification screen is done as part of configuring an Acc
 
 Users who match this policy will see the following screen:
 
-![Finalized purpose justification screen displaying custom message.](~/assets/images/cloudflare-one/traffic-policies/purpose-justification.png)
+![Finalized purpose justification screen displaying custom message.](~/assets/images/cloudflare-one/policies/purpose-justification.png)

src/content/docs/cloudflare-one/access-controls/policies/access/temporary-auth.mdx

@@ -26,8 +26,8 @@ Temporary authentication is now enabled for users who match this policy. You can
 ## Temporary authentication requests
 
 When a user accesses the application, they will be prompted to enter a purpose justification and submit an access request. The request is automatically emailed to approvers. Alternatively, the user can manually present the approval link to approvers.
-![Temporary authentication request page shown to users](~/assets/images/cloudflare-one/traffic-policies/temp-auth-request.png)
+![Temporary authentication request page shown to users](~/assets/images/cloudflare-one/policies/temp-auth-request.png)
 
 Approvers will receive a request similar to the example below. The approver can then grant access for a set amount of time, up to a maximum of 24 hours.
 
-![Temporary authentication approval page shown to administrators](~/assets/images/cloudflare-one/traffic-policies/temp-auth-approval.png)
+![Temporary authentication approval page shown to administrators](~/assets/images/cloudflare-one/policies/temp-auth-approval.png)

src/content/docs/cloudflare-one/identity/authorization-cookie/cors.mdx

@@ -84,7 +84,7 @@ To configure how Cloudflare responds to preflight requests:
    ```
 
    then go to `api.mysite.com` in Access and configure **Access-Control-Allow-Origin**, **Access-Control-Allow-Credentials**, **Access-Control-Allow-Methods**, and **Access-Control-Allow-Headers**.
-   ![Example CORS settings configuration in Zero Trust](~/assets/images/cloudflare-one/traffic-policies/CORS-settings.png)
+   ![Example CORS settings configuration in Zero Trust](~/assets/images/cloudflare-one/policies/CORS-settings.png)
 
 5. Select **Save application**.
 

src/content/docs/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation.mdx

@@ -37,7 +37,7 @@ To open links using Browser Isolation:
 
 ## Filter DNS queries
 
-Gateway filters and resolves DNS queries for isolated sessions via [DNS policies](/cloudflare-one/traffic-policies/dns-policies/). Enterprise users can resolve domains available only through private resolvers by creating [resolver policies](/cloudflare-one/traffic-policies/resolver-policies/).
+Gateway filters and resolves DNS queries for isolated sessions via [DNS policies](/cloudflare-one/policies/dns-policies/). Enterprise users can resolve domains available only through private resolvers by creating [resolver policies](/cloudflare-one/policies/resolver-policies/).
 
 Gateway DNS and resolver policies will always apply to Clientless Web Isolation traffic, regardless of device configuration.
 
@@ -57,7 +57,7 @@ If `<url>` is not provided, users are presented with a Cloudflare Zero Trust lan
 
 ### Allow or block websites
 
-When users visit a website through the [Clientless Web Isolation URL](#use-the-remote-browser), the traffic passes through Cloudflare Gateway. This allows you to [apply HTTP policies](/cloudflare-one/traffic-policies/http-policies/) to control what websites the remote browser can connect to, even if the user's device does not have WARP installed.
+When users visit a website through the [Clientless Web Isolation URL](#use-the-remote-browser), the traffic passes through Cloudflare Gateway. This allows you to [apply HTTP policies](/cloudflare-one/policies/http-policies/) to control what websites the remote browser can connect to, even if the user's device does not have WARP installed.
 
 For example, if you use a third-party Secure Web Gateway to block `example.com`, users can still access the page in the remote browser by visiting `https://<your-team-name>.cloudflareaccess.com/browser/https://www.example.com/`. To block `https://<your-team-name>.cloudflareaccess.com/browser/https://www.example.com/`, create a Cloudflare Gateway HTTP policy to block `example.com`:
 
@@ -67,15 +67,15 @@ For example, if you use a third-party Secure Web Gateway to block `example.com`,
 
 ### Bypass TLS decryption
 
-If [TLS decryption](/cloudflare-one/traffic-policies/http-policies/tls-decryption/) is turned on, Gateway will decrypt all sites accessed through the Clientless Web Isolation URL. To connect to sites that are incompatible with TLS decryption, you will need to add a Do Not Inspect HTTP policy for the application or domain.
+If [TLS decryption](/cloudflare-one/policies/http-policies/tls-decryption/) is turned on, Gateway will decrypt all sites accessed through the Clientless Web Isolation URL. To connect to sites that are incompatible with TLS decryption, you will need to add a Do Not Inspect HTTP policy for the application or domain.
 
 | Selector | Operator | Value        | Action         |
 | -------- | -------- | ------------ | -------------- |
 | Domain   | is       | `mysite.com` | Do Not Inspect |
 
 :::note
 
-Clientless Web Isolation can function without TLS decryption enabled. However, TLS decryption is required to apply [HTTP policies](/cloudflare-one/traffic-policies/http-policies/) to Clientless Web Isolation traffic.
+Clientless Web Isolation can function without TLS decryption enabled. However, TLS decryption is required to apply [HTTP policies](/cloudflare-one/policies/http-policies/) to Clientless Web Isolation traffic.
 
 :::
 
@@ -92,7 +92,7 @@ All users with access to your remote browser can access your Cloudflare Tunnel a
 
 ### Disable remote browser controls
 
-You can configure [remote browser controls](/cloudflare-one/remote-browser-isolation/isolation-policies/#policy-settings) such as disabling copy/paste, printing, or keyboard input. These settings display in the Gateway [HTTP policy builder](/cloudflare-one/traffic-policies/http-policies/) when you select the Isolate action.
+You can configure [remote browser controls](/cloudflare-one/remote-browser-isolation/isolation-policies/#policy-settings) such as disabling copy/paste, printing, or keyboard input. These settings display in the Gateway [HTTP policy builder](/cloudflare-one/policies/http-policies/) when you select the Isolate action.
 
 ### Sync cookies between local and remote browser
 
@@ -112,15 +112,15 @@ The clientless address bar has three views: hostname notch, full address bar and
 
 By default the isolated domain name appears in the notch positioned at the top and center of an isolated page.
 
-![Viewing hostname of an isolated page in the clientless remote browser](~/assets/images/cloudflare-one/traffic-policies/rbi-address-bar-notch.png)
+![Viewing hostname of an isolated page in the clientless remote browser](~/assets/images/cloudflare-one/policies/rbi-address-bar-notch.png)
 
 Selecting **Expand** or the hostname text will expand the notch to the full address bar view. If isolated page content is obscured by the notch, expanding to the full address bar view will make the content accessible.
 
 ### Full address bar view
 
 The full address bar allows users to search and go to isolated websites. Users can jump to the address bar at any time by pressing `CTRL + L` on the keyboard.
 
-![Viewing full address of an isolated page in the clientless remote browser](~/assets/images/cloudflare-one/traffic-policies/rbi-address-bar-full.png)
+![Viewing full address of an isolated page in the clientless remote browser](~/assets/images/cloudflare-one/policies/rbi-address-bar-full.png)
 
 ### Hidden view
 

src/content/docs/cloudflare-one/traffic-policies/egress-policies/host-selectors.mdx

@@ -24,9 +24,9 @@ import { Tabs, TabItem, Details, APIRequest } from "~/components";
 
 </Details>
 
-When Gateway receives a DNS query for hostname covered by the [Application](/cloudflare-one/traffic-policies/egress-policies/#application), [Content Categories](/cloudflare-one/traffic-policies/egress-policies/#content-categories), [Domain](/cloudflare-one/traffic-policies/egress-policies/#domain), and [Host](/cloudflare-one/traffic-policies/egress-policies/#host) selectors in an Egress policy, Gateway initially resolves DNS to an IP in the `100.80.0.0/16` or `2606:4700:0cf1:4000::/64` range. This process allows Gateway to map a destination IP with a hostname at [layer 4](https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/) (where Gateway evaluates Egress policies). The destination IP for a hostname is not usually known at layer 4. Prior to evaluating Egress policies, the initially resolved IP is overwritten with the correct destination IP.
+When Gateway receives a DNS query for hostname covered by the [Application](/cloudflare-one/policies/egress-policies/#application), [Content Categories](/cloudflare-one/policies/egress-policies/#content-categories), [Domain](/cloudflare-one/policies/egress-policies/#domain), and [Host](/cloudflare-one/policies/egress-policies/#host) selectors in an Egress policy, Gateway initially resolves DNS to an IP in the `100.80.0.0/16` or `2606:4700:0cf1:4000::/64` range. This process allows Gateway to map a destination IP with a hostname at [layer 4](https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/) (where Gateway evaluates Egress policies). The destination IP for a hostname is not usually known at layer 4. Prior to evaluating Egress policies, the initially resolved IP is overwritten with the correct destination IP.
 
-![Example egress policy flow](~/assets/images/cloudflare-one/traffic-policies/host-selector-diagram.png)
+![Example egress policy flow](~/assets/images/cloudflare-one/policies/host-selector-diagram.png)
 
 Additional configuration is required when using policies with these selectors.