pcx feedback

Author: patriciasantaana

src/content/docs/cloudflare-challenges/challenge-types/javascript-detections.mdx

@@ -17,9 +17,9 @@ Refer to the steps below to enable and enforce JavaScript Detections.
 
 ## 1. Enable JavaScript Detections
 
-For Bot Fight Mode customers, JavaScript Detections are automatically enabled and cannot be disabled.
+For Bot Fight Mode customers, JavaScript Detections is automatically enabled and cannot be disabled.
 
-For Super Bot Fight Mode and Bot Management for Enterprise customers, JavaScript Detections are optional.
+For Super Bot Fight Mode and Bot Management for Enterprise customers, JavaScript Detections is optional.
 
 <Render file="javascript-detections-enable" />
 
@@ -33,9 +33,9 @@ Refer to the [WAF documentation](/waf/custom-rules/create-dashboard/) for more i
 
 ## API
 
-If you enable JavaScript Detections via the dashboard, Cloudflare will insert a script tag in all HTML pages served on your website. If you would prefer to limit where JavaScript Detections are served, you can do so with the JavaScript Detections API script.
+If you enable JavaScript Detections via the dashboard, Cloudflare will insert a script tag in all HTML pages served on your website. If you would prefer to limit where JavaScript Detections is served, you can do so with the JavaScript Detections API script.
 
-The JavaScript Detections API allows you more granular control over when and where JavaScript Detections are injected on your website, as well as an option for callback handling (for logging or other additional actions). 
+The JavaScript Detections API allows you more granular control over when and where JavaScript Detections is injected on your website, as well as an option for callback handling (for logging or other additional actions). 
 
 You can explicitly add a script reference to `/cdn-cgi/challenge-platform/scripts/jsd/api.js` and your own code calling `window.cloudflare.jsd.executeOnce` on specific HTML pages of your website.
 
@@ -66,10 +66,10 @@ function jsdOnload(){
 
 ## Considerations
 
-JavaScript Detections do not guarantee a specific bot score.
+JavaScript Detections does not guarantee a specific bot score.
 
-- If the JavaScript Detections injection or execution fails and `cf.bot_management.js_detection.passed` = `false`, a separate Bot Management heuristic can still yield a 1 or higher bot score, independent of JavaScript Detections. 
-- If the JavaScript Detections pass, the final bot score may still be 1 due to other detection heuristics (for example, known malicious IP, signature detection, and more), resulting in `js_detection.passed` = `true`, but `score` = 1. 
+- If the JavaScript Detections injection or execution fails and `cf.bot_management.js_detection.passed` = `false`, a separate Bot Management heuristic can still yield a `1` or higher bot score, independent of JavaScript Detections. 
+- If the JavaScript Detections passes, the final bot score may still be `1` due to other detection heuristics (for example, known malicious IP, signature detection, and more), resulting in `js_detection.passed` = `true`, but `score` = `1`. 
 
 ## Limitations
 
@@ -89,7 +89,7 @@ Subsequent requests can include a `cf_clearance` cookie if JavaScript ran succes
 
 :::caution[Warning]
 
-JavaScript Detections are not supported with `nonce` set via `<meta>` tags. 
+JavaScript Detections is not supported with `nonce` set via `<meta>` tags. 
 :::
 
 ### If you have ETags

src/content/docs/cloudflare-challenges/concepts/how-challenges-work.mdx

@@ -11,15 +11,15 @@ Challenges can be issued in three primary ways depending on which Cloudflare pro
 | Product | Challenge type(s) |
 | --- | --- |
 | [WAF](/waf/) ([custom rules](/waf/custom-rules/), [rate limiting rules](/waf/rate-limiting-rules/), [IP access rules](/waf/tools/ip-access-rules/)) | [Interstitial Challenge Page](/cloudflare-challenges/challenge-types/challenge-pages/) |
-| [Bot Management](/bots/get-started/bot-management/) | [JavaScript Detection](/bots/additional-configurations/javascript-detections/) |
+| [Bot Management](/bots/get-started/bot-management/) | [JavaScript Detections](/bots/additional-configurations/javascript-detections/) |
 | [Bot Fight Mode](/bots/get-started/bot-fight-mode/), [Super Bot Fight Mode](/bots/get-started/super-bot-fight-mode/) | [Interstitial Challenge Page](/cloudflare-challenges/challenge-types/challenge-pages/) |
 | [Turnstile](/turnstile/) | Embedded widget |
 | [HTTP DDoS attack protection](/ddos-protection/managed-rulesets/http/) | Any Challenge |
 | [Under Attack Mode](/fundamentals/reference/under-attack-mode/) | [Managed Challenge](/cloudflare-challenges/challenge-types/challenge-pages/#managed-challenge-recommended) |
 
 Challenge Pages and Turnstile rely on the same underlying mechanism to issue Challenges to your website or application's visitors.
 
-JavaScript Detections support Cloudflare's Enterprise Bot Management. While it still relies on client-side detections, JavaScript Detections function using a more performant challenge logic than Challenge Pages or Turnstile.
+JavaScript Detections supports Cloudflare's Enterprise Bot Management. While it still relies on client-side detections, JavaScript Detections function using a more performant challenge logic than Challenge Pages or Turnstile.
 
 ---
 

src/content/partials/cloudflare-challenges/javascript-detections-csp.mdx

@@ -12,4 +12,4 @@ If you have a <GlossaryTooltip term="content security policy (CSP)">Content Secu
 
     - If your CSP uses a `nonce` for script tags, Cloudflare will add these nonces to the scripts it injects by parsing your CSP response header.
 
-    - If your CSP does not use `nonce` for script tags and **JavaScript Detections** are enabled, you may see a console error such as `Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-b123b8a70+4jEj+d6gWI9U6IilUJIrlnRJbRR/uQl2Jc='), or a nonce ('nonce-...') is required to enable inline execution.` We highly discourage the use of `unsafe-inline` and instead recommend the use CSP `nonces` in script tags which we parse and support in our CDN.
+    - If your CSP does not use `nonce` for script tags and **JavaScript Detections** is enabled, you may see a console error such as `Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-b123b8a70+4jEj+d6gWI9U6IilUJIrlnRJbRR/uQl2Jc='), or a nonce ('nonce-...') is required to enable inline execution.` We highly discourage the use of `unsafe-inline` and instead recommend the use CSP `nonces` in script tags which we parse and support in our CDN.

src/content/partials/cloudflare-challenges/javascript-detections-definition.mdx

@@ -4,6 +4,6 @@
 
 import { Markdown } from "~/components"
 
-JavaScript Detections is a type of Challenge separate from Cloudflare’s Challenge Pages or Turnstile. Javascript Detections help Cloudflare’s [bot solutions](/bots/) identify automated requests. 
+JavaScript Detections is a type of Challenge separate from Cloudflare’s Challenge Pages or Turnstile. Javascript Detections helps Cloudflare's [bot solutions](/bots/) identify automated requests. 
 
-While Challenge Pages and Turnstile rely on client-side signals to determine the authenticity of a request, Bot Management’s JavaScript Detections rely on network-side signals and run on every single request made to your website. 
+While Challenge Pages and Turnstile rely on client-side signals to determine the authenticity of a request, Bot Management’s JavaScript Detections relies on network-side signals and run on every single request made to your website. 

src/content/partials/cloudflare-challenges/javascript-detections-implementation.mdx

@@ -11,7 +11,7 @@ When adding this field to WAF custom rules, it is used on endpoints expecting br
 
 ### Prerequisites
 
-- You must have JavaScript detections enabled on your zone.
+- You must have JavaScript Detections enabled on your zone.
 - You must have [updated your Content Security Policy headers](/cloudflare-challenges/challenge-types/javascript-detections/#if-you-have-a-content-security-policy-csp) for JavaScript detections.
 - You must not run this field on websocket endpoints.
 - You must use the field in a custom rules expression that expects only browser traffic.

src/content/partials/cloudflare-challenges/javascript-detections-process.mdx

@@ -6,13 +6,13 @@ import { Markdown } from "~/components";
 
 ## Process 
 
-JavaScript Detections are implemented on your website via a lightweight, invisible JavaScript code snippet that follows Cloudflare's [privacy standards](https://www.cloudflare.com/privacypolicy/). 
+JavaScript Detections is implemented on your website via a lightweight, invisible JavaScript code snippet that follows Cloudflare's [privacy standards](https://www.cloudflare.com/privacypolicy/). 
 
 JavaScript is injected only in response to requests for HTML pages or page views, excluding AJAX calls. API and mobile application traffic is unaffected. 
 
-JavaScript Detections have a lifespan of 15 minutes. However, the code is injected again before the session expires. After page load, the script is deferred and utilizes a separate thread (where available) to ensure that performance impact is minimal. The snippets of JavaScript will contain a source pointing to the Challenge Platform, with paths that start with `/cdn-cgi/challenge-platform/…`
+JavaScript Detections has a lifespan of 15 minutes. However, the code is injected again before the session expires. After page load, the script is deferred and utilizes a separate thread (where available) to ensure that performance impact is minimal. The snippets of JavaScript will contain a source pointing to the Challenge Platform, with paths that start with `/cdn-cgi/challenge-platform/…`
 
-Once the JavaScript Detection is injected on the HTML page, the visitor's browser will run the JavaScript code snippet and a `cf_clearance` cookie is issued to the visitor. The information in JavaScript Detections is stored in the `cf_clearance` cookie and is used to populate `js_detection.passed`.
+Once JavaScript Detections is injected on the HTML page, the visitor's browser will run the JavaScript code snippet and a `cf_clearance` cookie is issued to the visitor. The information in JavaScript Detections is stored in the `cf_clearance` cookie and is used to populate `js_detection.passed`.
 
 - If the visitor is verified and a `cf_clearance` cookie is issued, it will contain the outcome: `cf.bot_management.js.detection.passed` = `true`
 - If the verification fails, the cookie will contain the outcome: `cf.bot_management.js.detection.passed` = `false` 
@@ -22,7 +22,7 @@ The `cf_clearance` cookie cannot exceed the maximum size of 4096 bytes.
 :::
 
 :::caution
-Enforcement against bots do **not** occur even if the cookie is flagged false. 
+Enforcement against bots does **not** occur even if the cookie is flagged false. 
 
 You must enable JavaScript Detections and then create a custom WAF rule using the `cf.bot_management.js.detection.passed` field to block or challenge a failed request.
 :::