move JSD from Bots to Challenges

Author: patriciasantaana

public/__redirects

@@ -232,6 +232,7 @@
 /bots/get-started/free/ /bots/get-started/bot-fight-mode/ 301
 /bots/get-started/bm-subscription/ /bots/get-started/bot-management/ 301
 /bots/get-started/pro/ /bots/get-started/super-bot-fight-mode/ 301
+/bots/additional-configurations/javascript-detections/ /cloudflare-challenges/challenge-types/javascript-detections/ 301
 
 #browser-rendering
 /browser-rendering/get-started/browser-rendering-with-do/ /browser-rendering/workers-binding-api/browser-rendering-with-do/ 301

src/content/docs/bots/additional-configurations/javascript-detections.mdx

@@ -1,46 +1,7 @@
 ---
-type: overview
-pcx_content_type: reference
+pcx_content_type: concept
 title: JavaScript detections
+external_link: /cloudflare-challenges/challenge-types/javascript-detections/
 sidebar:
-  order: 6
----
-
-import { Render } from "~/components"
-
-<Render file="javascript-detections-definition" params={{ one: " " }} />
-
-## Enable JavaScript detections
-
-For Free customers (Bot Fight Mode), JavaScript detections are automatically enabled and cannot be disabled.
-
-For all other customers (Super Bot Fight Mode and Bot Management for Enterprise), JavaScript detections are optional.
-
-<Render file="javascript-detections-enable" />
-
-For more details on how to set up bot protection, see [Get started](/bots/get-started/).
-
-## Enforcing execution of JavaScript detections
-
-<Render file="javascript-detections-implementation" />
-
-<Render file="cf-clearance-cookie" />
-
-## Limitations
-
-### If you enabled Bot Management before June 2020
-
-Customers who enabled Enterprise Bot Management before June 2020 do not have JavaScript detections enabled by default (unless specifically requested). These customers can still enable the feature in the Cloudflare dashboard.
-
-### If you have a Content Security Policy (CSP)
-
-<Render file="javascript-detections-csp" />
-
-:::caution[Warning]
-
-JavaScript detections are not supported with `nonce` set via `<meta>` tags. 
-:::
-
-### If you have ETags
-
-Enabling JavaScript Detections (JSD) will strip [ETags](/cache/reference/etag-headers/) from HTML responses where JSD is injected.
+  order: 2
+---

src/content/docs/cloudflare-challenges/challenge-types/javascript-detections.mdx

@@ -1,7 +1,47 @@
+
 ---
-pcx_content_type: concept
+type: overview
+pcx_content_type: reference
 title: JavaScript detections
-external_link: /bots/additional-configurations/javascript-detections/
 sidebar:
-  order: 2
----
+  order: 6
+---
+
+import { Render } from "~/components"
+
+<Render file="javascript-detections-definition" />
+
+## Enable JavaScript detections
+
+For Bot Fight Mode customers, JavaScript detections are automatically enabled and cannot be disabled.
+
+For Super Bot Fight Mode and Bot Management for Enterprise customers, JavaScript detections are optional.
+
+<Render file="javascript-detections-enable" />
+
+For more details on how to set up bot protection, refer to the [Bots documentation](/bots/get-started/).
+
+## Enforcing execution of JavaScript detections
+
+<Render file="javascript-detections-implementation" />
+
+<Render file="cf-clearance-cookie" />
+
+## Limitations
+
+### If you enabled Bot Management before June 2020
+
+Customers who enabled Enterprise Bot Management before June 2020 do not have JavaScript detections enabled by default (unless specifically requested). These customers can still enable the feature in the Cloudflare dashboard.
+
+### If you have a Content Security Policy (CSP)
+
+<Render file="javascript-detections-csp" />
+
+:::caution[Warning]
+
+JavaScript detections are not supported with `nonce` set via `<meta>` tags. 
+:::
+
+### If you have ETags
+
+Enabling JavaScript Detections (JSD) will strip [ETags](/cache/reference/etag-headers/) from HTML responses where JSD is injected.

src/content/partials/bots/cf-clearance-cookie.mdx renamed to src/content/partials/cloudflare-challenges/cf-clearance-cookie.mdx

@@ -1,16 +1,11 @@
 ---
-inputParameters: param1
-
+{}
 ---
 
 import { Markdown } from "~/components"
 
 JavaScript detections are another method that help Cloudflare identify bot requests.
 
-{props.one}
-
-## What are JavaScript detections?
-
 These detections are implemented via a lightweight, invisible JavaScript code snippet that follows Cloudflare’s [privacy standards](https://www.cloudflare.com/privacypolicy/). JavaScript is injected only in response to requests for HTML pages or page views, excluding AJAX calls. API and mobile app traffic is unaffected. JavaScript detections have a lifespan of 15 minutes. However, the code is injected again before the session expires. After page load, the script is deferred and utilizes a separate thread (where available) to ensure that performance impact is minimal.
 
 The snippets of JavaScript will contain a source pointing to the challenge platform, with paths that start with `/cdn-cgi/challenge-platform/...`

src/content/partials/bots/javascript-detections-csp.mdx renamed to src/content/partials/cloudflare-challenges/javascript-detections-csp.mdx

@@ -3,7 +3,7 @@
 
 ---
 
-Once you enable JavaScript detections, you can use the `cf.bot_management.js_detection.passed` field in WAF custom rules (or the `request.cf.botManagement.jsDetection.passed` variable in Workers).
+Once you enable JavaScript detections, you can use the `cf.bot_management.js_detection.passed` field in [WAF custom rules](/waf/custom-rules/) (or the `request.cf.botManagement.jsDetection.passed` variable in [Workers](/workers/)).
 
 When adding this field to WAF custom rules, use it:
 
@@ -14,7 +14,7 @@ When adding this field to WAF custom rules, use it:
 ### Prerequisites
 
 * You must have JavaScript detections enabled on your zone.
-* You must have [updated your Content Security Policy headers](/bots/additional-configurations/javascript-detections/#if-you-have-a-content-security-policy-csp) for JavaScript detections.
+* You must have [updated your Content Security Policy headers](/cloudflare-challenges/challenge-types/javascript-detections/#if-you-have-a-content-security-policy-csp) for JavaScript detections.
 * You must not run this field on websocket endpoints.
 * You must use the field in a custom rules expression that expects only browser traffic.
 * The action should always be a managed challenge in case a legitimate user has not received the challenge for network or browser reasons.