feedback

patriciasantaana · patriciasantaana · commit c95996ee5cb9 · 2025-07-10T14:43:41.000-07:00
diff --git a/src/content/docs/cloudflare-challenges/challenge-types/javascript-detections.mdx b/src/content/docs/cloudflare-challenges/challenge-types/javascript-detections.mdx
@@ -33,7 +33,9 @@ Refer to the [WAF documentation](/waf/custom-rules/create-dashboard/) for more i
 
 ## API
 
-Use JavaScript Detections API for more granular control over when and where JavaScript Detections are injected on your website, as well as an option for callback handling (for logging or other additional actions).
+If you enable JavaScript Detections via the dashboard, Cloudflare will insert a script tag in all HTML pages served on your website. If you would prefer to limit where JavaScript Detections are served, you can do so with the JavaScript Detections API script.
+
+The JavaScript Detections API allows you more granular control over when and where JavaScript Detections are injected on your website, as well as an option for callback handling (for logging or other additional actions). 
 
 You can explicitly add a script reference to `jsd/api.js` and your own code calling `window.cloudflare.jsd.executeOnce` on specific HTML pages of your website.
 
@@ -60,9 +62,10 @@ function jsdOnload(){
 
 ## Considerations
 
-- While JavaScript Detections further refine the [bot score](/bots/concepts/bot-score/), it is not a very significant effect. 
-- If the JavaScript Detections injection or execution fails and `cf.bot_management.js_detection.passed` = `false`, a separate Bot Management heuristic can still yield a 1 or higher bot score, independent of JavaScript Detections.
-- Even if JavaScript Detections pass, the final bot score may still be 1 due to other detection heuristics (for example, known malicious IP, signature detection, and more), resulting in `js_detection.passed` = `true`, but `score` = 1.
+JavaScript Detections do not guarantee a specific bot score.
+
+- If the JavaScript Detections injection or execution fails and `cf.bot_management.js_detection.passed` = `false`, a separate Bot Management heuristic can still yield a 1 or higher bot score, independent of JavaScript Detections. 
+- If the JavaScript Detections pass, the final bot score may still be 1 due to other detection heuristics (for example, known malicious IP, signature detection, and more), resulting in `js_detection.passed` = `true`, but `score` = 1. 
 
 ## Limitations
 
diff --git a/src/content/partials/cloudflare-challenges/javascript-detections-implementation.mdx b/src/content/partials/cloudflare-challenges/javascript-detections-implementation.mdx
@@ -3,6 +3,8 @@
 
 ---
 
+import { Tabs, TabItem } from "~/components";
+
 Once you enable JavaScript detections, you must use the `cf.bot_management.js_detection.passed` field to create [WAF custom rules](/waf/custom-rules/) (or the `request.cf.botManagement.jsDetection.passed` variable in [Workers](/workers/)).
 
 When adding this field to WAF custom rules, it is used on endpoints expecting browser traffic (avoiding native mobile applications or websocket endpoints), after a user's first request to your application (Cloudflare needs at least one HTML request before injecting JavaScript detection), and with the Managed Challenge action, because there are legitimate reasons a user might not have passed a JavaScript Detection challenge (network issues, ad blockers, disabled JavaScript in browser, native mobile applications).
@@ -18,10 +20,20 @@ When adding this field to WAF custom rules, it is used on endpoints expecting br
 
 The `cf.bot_management.js_detection.passed` field should never be used in a WAF custom rule that matches a visitor's first request to a site. It is necessary to have at least one HTML request before Cloudflare can inject JavaScript detection.
 
-```js title="Example"
-"botManagement": {
-  "jsDetection": {
-    "passed": false
-  }
-}
-```
+<Tabs>
+    <TabItem label="WAF rule example">
+        ```txt wrap
+        (http.request.uri.path eq "/api/v4/user/create" and http.request.method eq "POST" and not cf.bot_management.verified_bot) 
+        and (cf.bot_management.score lt 30 or !cf.bot_management.js_detection.passed)
+        ```
+    </TabItem>
+    <TabItem label="Workers example">
+        ```js
+        "botManagement": {
+        "jsDetection": {
+            "passed": false
+        }
+        }
+        ```
+    </TabItem>
+</Tabs>
