Fix traffic policy links

Author: maxvp

src/content/docs/1.1.1.1/infrastructure/network-operators.mdx

@@ -18,36 +18,30 @@ The 1.1.1.1 resolver was designed with a privacy-first approach. Refer to our [d
 
 There are multiple ways to use 1.1.1.1 as an operator:
 
-* Including a [DNS over HTTPS](/1.1.1.1/encryption/dns-over-https/) or [DNS over TLS](/1.1.1.1/encryption/dns-over-tls/) proxy on end-user routers or devices (best for privacy).
-* Pushing 1.1.1.1 to devices via DHCP/PPP within an operator network (recommended; most practical).
-* Having a DNS proxy on a edge router make requests to 1.1.1.1 on behalf of all connected devices.
+- Including a [DNS over HTTPS](/1.1.1.1/encryption/dns-over-https/) or [DNS over TLS](/1.1.1.1/encryption/dns-over-tls/) proxy on end-user routers or devices (best for privacy).
+- Pushing 1.1.1.1 to devices via DHCP/PPP within an operator network (recommended; most practical).
+- Having a DNS proxy on a edge router make requests to 1.1.1.1 on behalf of all connected devices.
 
 Where possible, we recommend using encrypted transports (DNS over HTTPS or TLS) for queries, as this provides the highest degree of privacy for users over last-mile networks.
 
 ## Available Endpoints
 
 :::note
 
-
-[Cloudflare Zero Trust](https://www.cloudflare.com/products/zero-trust/) supports customizable [DNS policies](/cloudflare-one/traffic-policies/gateway/dns-policies/), analytics, additional built-in filtering categories, and custom rate limiting capabilities.
+[Cloudflare Zero Trust](https://www.cloudflare.com/products/zero-trust/) supports customizable [DNS policies](/cloudflare-one/traffic-policies/dns-policies/), analytics, additional built-in filtering categories, and custom rate limiting capabilities.
 
 If you require additional controls over our public 1.1.1.1 resolver, [contact us](https://www.cloudflare.com/products/zero-trust/).
 
-
 :::
 
 The publicly available endpoints for 1.1.1.1 are detailed in the following table:
 
-
-
 | Resolver                                 | IPv4 address               | IPv6 <br /> address                                  | DNS over <br /> HTTPS endpoint                  | DNS over <br /> TLS endpoint  |
 | ---------------------------------------- | -------------------------- | ---------------------------------------------------- | ----------------------------------------------- | ----------------------------- |
 | 1.1.1.1 <br />(unfiltered)               | `1.1.1.1` <br /> `1.0.0.1` | `2606:4700:4700::1111` <br /> `2606:4700:4700::1001` | `https://cloudflare-dns.com/dns-query`          | `cloudflare-dns.com`          |
 | Families <br />(Malware)                 | `1.1.1.2` <br /> `1.0.0.2` | `2606:4700:4700::1112` <br /> `2606:4700:4700::1002` | `https://security.cloudflare-dns.com/dns-query` | `security.cloudflare-dns.com` |
 | Families <br />(Adult Content + Malware) | `1.1.1.3` <br /> `1.0.0.3` | `2606:4700:4700::1113` <br /> `2606:4700:4700::1003` | `https://family.cloudflare-dns.com/dns-query`   | `family.cloudflare-dns.com`   |
 
-
-
 You may wish to provide end users with options to change from the default 1.1.1.1 resolver to one of the [1.1.1.1 for Families](/1.1.1.1/setup/#1111-for-families) endpoints.
 
 ## Rate Limiting
@@ -56,8 +50,8 @@ Operators using 1.1.1.1 for typical Internet-facing applications and/or users sh
 
 Best practices include:
 
-* Avoiding tunneling or proxying all queries from a single IP address at high rates. Distributing queries across multiple public IPs will improve this without impacting cache hit rates (caches are regional).
-* A high rate of "uncacheable" responses (such as `SERVFAIL`) against the same domain may be rate limited to protect upstream, authoritative nameservers. Many authoritative nameservers enforce their own rate limits, and we strive to avoid overloading third party infrastructure where possible.
+- Avoiding tunneling or proxying all queries from a single IP address at high rates. Distributing queries across multiple public IPs will improve this without impacting cache hit rates (caches are regional).
+- A high rate of "uncacheable" responses (such as `SERVFAIL`) against the same domain may be rate limited to protect upstream, authoritative nameservers. Many authoritative nameservers enforce their own rate limits, and we strive to avoid overloading third party infrastructure where possible.
 
 ## Help
 

src/content/docs/1.1.1.1/infrastructure/sla-and-support.mdx

@@ -11,6 +11,6 @@ As you use 1.1.1.1 in your infrastructure or service, note that dedicated techni
 
 You are subject to the [Cloudflare Website and Online Services Terms of Use](https://www.cloudflare.com/website-terms/) and no service level agreements (SLAs) are provided.
 
-If you need SLAs and dedicated support, consider using [Cloudflare Gateway](/cloudflare-one/traffic-policies/gateway/) instead.
+If you need SLAs and dedicated support, consider using [Cloudflare Gateway](/cloudflare-one/traffic-policies/) instead.
 
-Gateway includes other advanced options such as domain categories, customized filtering, and scheduling capabilities. For example, if you are a device manufacturer or network operator, you can use a multi-tenant environment to allow your customers to configure their own individual filters.
+Gateway includes other advanced options such as domain categories, customized filtering, and scheduling capabilities. For example, if you are a device manufacturer or network operator, you can use a multi-tenant environment to allow your customers to configure their own individual filters.

src/content/docs/1.1.1.1/setup/google-cloud.mdx

@@ -7,18 +7,15 @@ head:
   - tag: title
     content: Set up 1.1.1.1 on Google Cloud
 slug: 1.1.1.1/setup/google-cloud
-
 ---
 
-import { Render } from "~/components"
+import { Render } from "~/components";
 
 Google Cloud supports configuring [outbound server policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-out) within Cloud DNS. Policies are applied per Virtual Private Cloud (VPC) network, and will affect all resources within that VPC network, including any existing virtual machines.
 
 :::note
 
-
-If you are using [Cloudflare Zero Trust](/cloudflare-one/), you can choose assigned [locations](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) to apply custom [DNS policies](/cloudflare-one/traffic-policies/gateway/dns-policies/) via Gateway.
-
+If you are using [Cloudflare Zero Trust](/cloudflare-one/), you can choose assigned [locations](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) to apply custom [DNS policies](/cloudflare-one/traffic-policies/dns-policies/) via Gateway.
 
 :::
 

src/content/docs/browser-rendering/rest-api/json-endpoint.mdx

@@ -210,7 +210,7 @@ curl --request POST 'https://api.cloudflare.com/client/v4/accounts/CF_ACCOUNT_ID
 			},
 			{
 				"name": "Gateway",
-				"link": "https://developers.cloudflare.com/cloudflare-one/traffic-policies/gateway/"
+				"link": "https://developers.cloudflare.com/cloudflare-one/traffic-policies/"
 			},
 			{
 				"name": "Browser Isolation",
@@ -233,40 +233,37 @@ Below is an example using the TypeScript SDK:
 import Cloudflare from "cloudflare";
 
 const client = new Cloudflare({
-  apiToken: process.env["CLOUDFLARE_API_TOKEN"], // This is the default and can be omitted
+	apiToken: process.env["CLOUDFLARE_API_TOKEN"], // This is the default and can be omitted
 });
 
 const json = await client.browserRendering.json.create({
-  account_id: process.env["CLOUDFLARE_ACCOUNT_ID"],
-  url: "https://developers.cloudflare.com/",
-  prompt: "Get me the list of AI products",
-  response_format: {
-    type: "json_schema",
-    schema: {
-        type: "object",
-        properties: {
-          products: {
-            type: "array",
-            items: {
-              type: "object",
-              properties: {
-                name: {
-                  type: "string"
-                },
-                link: {
-                  type: "string"
-                }
-              },
-              required: [
-                "name"
-              ]
-            }
-          }
-        }
-      }
-    }
-  }
-);
+	account_id: process.env["CLOUDFLARE_ACCOUNT_ID"],
+	url: "https://developers.cloudflare.com/",
+	prompt: "Get me the list of AI products",
+	response_format: {
+		type: "json_schema",
+		schema: {
+			type: "object",
+			properties: {
+				products: {
+					type: "array",
+					items: {
+						type: "object",
+						properties: {
+							name: {
+								type: "string",
+							},
+							link: {
+								type: "string",
+							},
+						},
+						required: ["name"],
+					},
+				},
+			},
+		},
+	},
+});
 console.log(json);
 ```
 
@@ -354,12 +351,6 @@ In this example, Browser Rendering first calls Anthropic's Claude Sonnet 4 model
 ]
 ```
 
-<Render
-  file="setting-custom-user-agent"
-  product="browser-rendering"
-/>
+<Render file="setting-custom-user-agent" product="browser-rendering" />
 
-<Render
-  file="faq"
-  product="browser-rendering"
-/>
+<Render file="faq" product="browser-rendering" />

src/content/docs/browser-rendering/rest-api/links-endpoint.mdx

@@ -57,7 +57,7 @@ curl -X POST 'https://api.cloudflare.com/client/v4/accounts/<accountId>/browser-
 		"https://developers.cloudflare.com/products/?product-group=AI",
 		"https://developers.cloudflare.com/cloudflare-one/access-controls/policies/access/",
 		"https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/",
-		"https://developers.cloudflare.com/cloudflare-one/traffic-policies/gateway/",
+		"https://developers.cloudflare.com/cloudflare-one/traffic-policies/",
 		"https://developers.cloudflare.com/cloudflare-one/traffic-policies/browser-isolation/",
 		"https://developers.cloudflare.com/learning-paths/replace-vpn/concepts/",
 		"https://developers.cloudflare.com/products/?product-group=Cloudflare+One",
@@ -173,7 +173,7 @@ curl -X POST 'https://api.cloudflare.com/client/v4/accounts/<accountId>/browser-
 		"https://developers.cloudflare.com/products/?product-group=AI",
 		"https://developers.cloudflare.com/cloudflare-one/access-controls/policies/access/",
 		"https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/",
-		"https://developers.cloudflare.com/cloudflare-one/traffic-policies/gateway/",
+		"https://developers.cloudflare.com/cloudflare-one/traffic-policies/",
 		"https://developers.cloudflare.com/cloudflare-one/traffic-policies/browser-isolation/",
 		"https://developers.cloudflare.com/learning-paths/replace-vpn/concepts/",
 		"https://developers.cloudflare.com/products/?product-group=Cloudflare+One",
@@ -233,12 +233,6 @@ curl -X POST 'https://api.cloudflare.com/client/v4/accounts/<accountId>/browser-
   }'
 ```
 
-<Render
-  file="setting-custom-user-agent"
-  product="browser-rendering"
-/>
+<Render file="setting-custom-user-agent" product="browser-rendering" />
 
-<Render
-  file="faq"
-  product="browser-rendering"
-/>
+<Render file="faq" product="browser-rendering" />

src/content/docs/byoip/index.mdx

@@ -9,17 +9,23 @@ head:
     content: Bringing Your Own IPs to Cloudflare
 ---
 
-import { Plan, Description, Feature, CardGrid, LinkTitleCard } from "~/components";
+import {
+	Plan,
+	Description,
+	Feature,
+	CardGrid,
+	LinkTitleCard,
+} from "~/components";
 
 <Description>
-Get Cloudflare's security and performance while using your own IPs.
+	Get Cloudflare's security and performance while using your own IPs.
 </Description>
 
 <Plan type="enterprise" />
 
 Considering [how Cloudflare works as a reverse proxy](/fundamentals/concepts/how-cloudflare-works/), for some customers it may be important to maintain this functionality while also keeping their website or application associated with their own public IP space (instead of Cloudflare's[^1]).
 
-With Bring Your Own IP (BYOIP), Cloudflare announces your IPs in all our locations. Use your IPs with [Magic Transit](/magic-transit/), [Spectrum](/spectrum/), [CDN services](/cache/), or Gateway [DNS locations](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) and [dedicated egress IPs](/cloudflare-one/traffic-policies/gateway/egress-policies/dedicated-egress-ips/).
+With Bring Your Own IP (BYOIP), Cloudflare announces your IPs in all our locations. Use your IPs with [Magic Transit](/magic-transit/), [Spectrum](/spectrum/), [CDN services](/cache/), or Gateway [DNS locations](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) and [dedicated egress IPs](/cloudflare-one/traffic-policies/egress-policies/dedicated-egress-ips/).
 
 Learn how to [get started](/byoip/get-started/).
 
@@ -28,11 +34,13 @@ Learn how to [get started](/byoip/get-started/).
 ## Features
 
 <Feature header="Service bindings" href="/byoip/service-bindings/">
-Control whether traffic destined for a given IP address is routed to Magic Transit, CDN, or Spectrum.
+	Control whether traffic destined for a given IP address is routed to Magic
+	Transit, CDN, or Spectrum.
 </Feature>
 
 <Feature header="Address maps" href="/byoip/address-maps/">
-Specify which IP addresses should be mapped to DNS records when they are proxied through Cloudflare.
+	Specify which IP addresses should be mapped to DNS records when they are
+	proxied through Cloudflare.
 </Feature>
 
 ---
@@ -41,14 +49,23 @@ Specify which IP addresses should be mapped to DNS records when they are proxied
 
 <CardGrid>
 
-<LinkTitleCard title="RPKI blog post" href="https://blog.cloudflare.com/rpki/" icon="open-book">
-An overview of BGP, RPKI, and other important aspects of Internet routing.
+<LinkTitleCard
+	title="RPKI blog post"
+	href="https://blog.cloudflare.com/rpki/"
+	icon="open-book"
+>
+	An overview of BGP, RPKI, and other important aspects of Internet routing.
 </LinkTitleCard>
 
-<LinkTitleCard title="Reference Architectures" href="/reference-architecture/" icon="document">
-Explore how you can leverage Cloudflare's platform to create solutions based on your business needs.
+<LinkTitleCard
+	title="Reference Architectures"
+	href="/reference-architecture/"
+	icon="document"
+>
+	Explore how you can leverage Cloudflare's platform to create solutions based
+	on your business needs.
 </LinkTitleCard>
 
 </CardGrid>
 
-[^1]: Without BYOIP, when your domain's records are `proxied`, Cloudflare responds with a Cloudflare-owned [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/).
+[^1]: Without BYOIP, when your domain's records are `proxied`, Cloudflare responds with a Cloudflare-owned [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/).

src/content/docs/data-localization/compatibility.mdx

@@ -43,7 +43,7 @@ The table below provides a summary of the Data Localization Suite product's beha
 | Advanced Certificate Manager | ⚫️             | ⚫️               | ⚫️                        |
 | Advanced DDoS Protection     | ✅              | ✅                | 🚧 [^3]                    |
 | API Shield                   | ✅              | ✅                | 🚧 [^4]                    |
-| Bot Management               | ✅              | ✅                | ✅                    |
+| Bot Management               | ✅              | ✅                | ✅                         |
 | DNS Firewall                 | ⚫️             | ⚫️               | 🚧 [^22]                   |
 | Page Shield                  | ✅              | ✅                | ✅                         |
 | Rate Limiting                | ✅              | ✅                | ✅ [^37]                   |
@@ -84,7 +84,7 @@ The table below provides a summary of the Data Localization Suite product's beha
 | Static IP/BYOIP          | ⚫️             | ✅ [^26]          | ⚫️                        |
 | Magic Firewall           | ⚫️             | ⚫️               | ✅                         |
 | Magic Network Monitoring | ⚫️             | ⚫️               | 🚧 [^1]                    |
-| Magic Transit            | ⚫️             | ⚫️               | ✅                    |
+| Magic Transit            | ⚫️             | ⚫️               | ✅                         |
 | Magic WAN                | ⚫️             | ⚫️               | ✅                         |
 | Spectrum                 | ✅              | ✅ [^42]          | ✅                         |
 
@@ -116,9 +116,9 @@ The table below provides a summary of the Data Localization Suite product's beha
 
 [^2]: Regular and Custom Tiered Cache works; Smart Tiered Caching not available with Regional Services.
 
-[^3]: [Adaptive DDoS Protection](/ddos-protection/managed-rulesets/adaptive-protection/) is only supported for CMB = US. All other features are available to all CMB regions. 
+[^3]: [Adaptive DDoS Protection](/ddos-protection/managed-rulesets/adaptive-protection/) is only supported for CMB = US. All other features are available to all CMB regions.
 
-[^4]: API Discovery, Volumetric Abuse Detection and [Sequence Analytics and Mitigation](/api-shield/security/sequence-analytics/) will not work with CMB = EU. All other features are available to all CMB regions. 
+[^4]: API Discovery, Volumetric Abuse Detection and [Sequence Analytics and Mitigation](/api-shield/security/sequence-analytics/) will not work with CMB = EU. All other features are available to all CMB regions.
 
 [^6]: Only when using a Custom Domain set to a region, either through Workers or [Transform Rules](/images/transform-images/serve-images-custom-paths/) within the same zone.
 
@@ -143,12 +143,14 @@ The table below provides a summary of the Data Localization Suite product's beha
 [^16]: Customer Metadata Boundary can be used to limit data transfer outside region, but Access User Logs will not be available outside US region. EU customers must use Logpush to retain logs.
 
 [^17]: Currently may only be used with US FedRAMP region.
+
 [^18]: When Cloudflare Tunnel connects to Cloudflare, the connectivity options available are the Global Region (default) and [US FedRAMP Moderate Domestic region](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/#region). For incoming requests to the Cloudflare Edge, Regional Services only applies when using [published applications](/cloudflare-one/networks/connectors/cloudflare-tunnel/routing-to-tunnel/). In this case, the region associated with the DNS record will apply.
+
 [^19]: Uses Gateway HTTP and CASB.
 
 [^20]: You can [bring your own certificate](https://blog.cloudflare.com/bring-your-certificates-cloudflare-gateway/) to Gateway but these cannot yet be restricted to a specific region.
 
-[^21]: Gateway HTTP supports Regional Services. Gateway DNS does not yet support regionalization. <br/> ICMP proxy and WARP-to-WARP proxy are not available to Regional Services users. [File Sandboxing](/cloudflare-one/traffic-policies/gateway/http-policies/file-sandboxing/) (add-on) is incompatible with DLS.
+[^21]: Gateway HTTP supports Regional Services. Gateway DNS does not yet support regionalization. <br/> ICMP proxy and WARP-to-WARP proxy are not available to Regional Services users. [File Sandboxing](/cloudflare-one/traffic-policies/http-policies/file-sandboxing/) (add-on) is incompatible with DLS.
 
 [^22]: Dashboard Analytics and Logs are empty when using CMB outside the US region. Use Logpush instead.