[Docs] Threat score follow up changes (#20953)

Maddy-Cloudflare · pedrosousa · RebeccaTamachiro · commit c21058e4721a · 2025-04-21T11:06:51.000+01:00
* [Docs] Threat score follow up changes

* adding always protected

* Apply suggestions from code review

Co-authored-by: Pedro Sousa &lt;680496+pedrosousa@users.noreply.github.com&gt;

* Updating yaml file

* Apply suggestions from code review

Co-authored-by: Pedro Sousa &lt;680496+pedrosousa@users.noreply.github.com&gt;

---------

Co-authored-by: Pedro Sousa &lt;680496+pedrosousa@users.noreply.github.com&gt;
diff --git a/src/content/docs/waf/tools/security-level.mdx b/src/content/docs/waf/tools/security-level.mdx
@@ -6,12 +6,10 @@ title: Security Level
 
 import { Render } from "~/components";
 
-<Render file="security-level-description" product="waf" />
-
----
+<Render file="security-level-scores" product="waf" />
 
 <Render file="threat-score-definition" product="waf" />
 
-<Render file="security-level-scores" product="waf" />
+
 
 ---
diff --git a/src/content/fields/index.yaml b/src/content/fields/index.yaml
@@ -602,9 +602,9 @@ entries:
     data_type: Number
     categories: [Request]
     keywords: [request, cloudflare, score, client, visitor]
-    summary: Represents a Cloudflare threat score from 0–100, where 0 indicates low risk.
+    summary: Represents a Cloudflare threat score.
     description: |-
-      Values above 10 may represent spammers or bots, and values above 40 identify bad actors on the Internet. It is rare to see values above 60. A common recommendation is to challenge requests with a score above 10 and to block those above 50.
+      Previously, a threat score represented a Cloudflare threat score from 0–100, where 0 indicated low risk. Now, the threat score is always `0` (zero).
 
   - name: cf.tls_cipher
     data_type: String
diff --git a/src/content/partials/waf/security-level-scores.mdx b/src/content/partials/waf/security-level-scores.mdx
@@ -2,9 +2,9 @@
 {}
 ---
 
-## Security level
+In the Cloudflare dashboard, security level has the value _Always protected_ and you cannot change this setting. To turn Under Attack mode on or off, use the separate toggle.
 
-Cloudflare provides _I'm Under Attack!_ as a security level.
+In the API and in Terraform, use security level to turn Under Attack mode on or off.
 
 Cloudflare's Under Attack mode performs additional security checks to help mitigate layer 7 DDoS attacks.
 
diff --git a/src/content/partials/waf/threat-score-definition.mdx b/src/content/partials/waf/threat-score-definition.mdx
@@ -4,9 +4,7 @@
 
 ## Threat score
 
-The threat score measures IP reputation across Cloudflare services. This score is calculated based on [Project Honeypot](https://www.projecthoneypot.org/), external public IP information, as well as internal threat intelligence from our [WAF managed rules](/waf/reference/legacy/old-waf-managed-rules/) and [DDoS](/ddos-protection/about/).
-
-The threat score of a request has a value from 0 to 100, where 0 indicates low risk. Values above 10 may represent spammers or bots, and values above 40 identify bad actors on the Internet.
+Previously, a threat score represented a Cloudflare threat score from 0–100, where 0 indicates low risk. Now, the threat score is always `0` (zero).
 
 :::note[Recommendation]
 Currently we do not recommend creating rules based on the threat score, since this score is no longer being populated.
