Adds info about subrequests (#23185)

angelampcosta · web-flow · commit 929a0e4d250a · 2025-06-24T11:17:11.000+01:00
diff --git a/src/content/docs/automatic-platform-optimization/troubleshooting/faq.mdx b/src/content/docs/automatic-platform-optimization/troubleshooting/faq.mdx
@@ -52,3 +52,7 @@ APO will skip URL font transformation when the `content-security-policy` respons
 To fix the problem, the `content-security-policy` header value must allow for `unsafe-inline` on either the `style-src` or `default-src` directive. For example, `Content-Security-Policy: style-src unsafe-inline;`.
 
 The header must allow for `self` on either the `font-src` or `default-src` directive. For example, `Content-Security-Policy: font-src self;`.
+
+## Why do I see Worker subrequests in my zone logs when using APO?
+
+APO uses Cloudflare Workers internally to optimize content delivery, which results in Worker subrequests. These subrequests may appear in your zone logs (for example, via Logpush).
diff --git a/src/content/docs/security/analytics.mdx b/src/content/docs/security/analytics.mdx
@@ -12,6 +12,8 @@ Security analytics shows information about all incoming HTTP requests or only ab
 
 Use Security analytics as your starting point to understand and analyze traffic patterns, and to create security rules based on the filters you applied.
 
+By default, Security Analytics queries filter on `requestSource = 'eyeball'`, which represents requests from end users. Note that requests from Cloudflare Workers (subrequests) are not visible in Security Analytics.
+
 Security analytics is available in **Security** > **Analytics**.
 
 ## Traffic
diff --git a/src/content/docs/waf/analytics/security-analytics.mdx b/src/content/docs/waf/analytics/security-analytics.mdx
@@ -9,6 +9,8 @@ import { FeatureTable, GlossaryTooltip, Badge } from "~/components";
 
 Security Analytics displays information about all incoming HTTP requests for your domain, including requests not handled by Cloudflare security products.
 
+By default, Security Analytics queries filter on `requestSource = 'eyeball'`, which represents requests from end users. Note that requests from Cloudflare Workers (subrequests) are not visible in Security Analytics.
+
 Use the Security Analytics dashboard to:
 
 - View the traffic distribution for your domain.
