cf_clearance

patriciasantaana · patriciasantaana · commit ae0799685ce5 · 2025-07-11T09:13:54.000-07:00
diff --git a/src/content/docs/cloudflare-challenges/challenge-types/javascript-detections.mdx b/src/content/docs/cloudflare-challenges/challenge-types/javascript-detections.mdx
@@ -75,9 +75,9 @@ Customers who enabled Enterprise Bot Management before June 2020 do not have Jav
 
 ### If it is the first request to your website
 
-The first request from a new client to your website or application will generally not have JavaScript Detections data (`cf.bot_management.js_detection.passed` = `false`). This is because Cloudflare needs at least one HTML request before injecting JavaScript Detection and issuing the `cf-clearance` cookie. 
+The first request from a new client to your website or application will generally not have JavaScript Detections data (`cf.bot_management.js_detection.passed` = `false`). This is because Cloudflare needs at least one HTML request before injecting JavaScript Detection and issuing the `cf_clearance` cookie. 
 
-Subsequent requests can include a `cf-clearance` cookie if JavaScript ran successfully.
+Subsequent requests can include a `cf_clearance` cookie if JavaScript ran successfully.
 
 ### If you have a Content Security Policy (CSP)
 
diff --git a/src/content/partials/cloudflare-challenges/javascript-detections-process.mdx b/src/content/partials/cloudflare-challenges/javascript-detections-process.mdx
@@ -12,13 +12,13 @@ JavaScript is injected only in response to requests for HTML pages or page views
 
 JavaScript Detections have a lifespan of 15 minutes. However, the code is injected again before the session expires. After page load, the script is deferred and utilizes a separate thread (where available) to ensure that performance impact is minimal. The snippets of JavaScript will contain a source pointing to the Challenge Platform, with paths that start with `/cdn-cgi/challenge-platform/…`
 
-Once the JavaScript Detection is injected on the HTML page, the visitor's browser will run the JavaScript code snippet and a `cf-clearance` cookie is issued to the visitor. The information in JavaScript Detections is stored in the `cf-clearance` cookie and is used to populate `js_detection.passed`.
+Once the JavaScript Detection is injected on the HTML page, the visitor's browser will run the JavaScript code snippet and a `cf_clearance` cookie is issued to the visitor. The information in JavaScript Detections is stored in the `cf_clearance` cookie and is used to populate `js_detection.passed`.
 
-- If the visitor is verified and a cf-clearance cookie is issued, it will contain the outcome: `cf.bot_management.js.detection.passed` = `true`
+- If the visitor is verified and a `cf_clearance` cookie is issued, it will contain the outcome: `cf.bot_management.js.detection.passed` = `true`
 - If the verification fails, the cookie will contain the outcome: `cf.bot_management.js.detection.passed` = `false` 
 
 :::note
-The `cf-clearance` cookie cannot exceed the maximum size of 4096 bytes.
+The `cf_clearance` cookie cannot exceed the maximum size of 4096 bytes.
 :::
 
 :::caution
@@ -27,4 +27,4 @@ Enforcement against bots do **not** occur even if the cookie is flagged false.
 You must enable JavaScript Detections and then create a custom WAF rule using the `cf.bot_management.js.detection.passed` field to block or challenge a failed request.
 :::
 
-When the visitor encounters a WAF custom rule on your website, the rule will check the outcome of the `cf-clearance` cookie. The outcome of the `cf-clearance` cookie determines whether the request passes, or is blocked or challenged.
+When the visitor encounters a WAF custom rule on your website, the rule will check the outcome of the `cf_clearance` cookie. The outcome of the `cf_clearance` cookie determines whether the request passes, or is blocked or challenged.
