Merge branch 'production' into faq-audit-blurry-screenshots

kathayl · web-flow · commit d3453dfafedc · 2025-11-03T11:08:55.000-08:00
diff --git a/src/content/changelog/security-center/2025-10-31-brand-protection-logo-dashboard-report-abuse.mdx b/src/content/changelog/security-center/2025-10-31-brand-protection-logo-dashboard-report-abuse.mdx
@@ -0,0 +1,9 @@
+---
+title: Report logo misuse to Cloudflare directly from the Brand Protection dashboard
+description: You can now use the Brand Protection logo dashboard to report abuse on the Cloudflare network 
+date: 2025-10-31
+---
+
+The Brand Protection logo query dashboard now allows you to use the **Report to Cloudflare** button to submit an Abuse report directly from the Brand Protection logo queries dashboard. While you could previously report new domains that were impersonating your brand before, now you can do the same for websites found to be using your logo wihtout your permission. The abuse reports wiull be prefilled and you will only need to validate a few fields before you can click the submit button, after which our team process your request.
+
+Ready to start? Check out the [Brand Protection docs](/security-center/brand-protection/). 
diff --git a/src/content/changelog/workers/2025-10-31-increased-websocket-message-size-limit.mdx b/src/content/changelog/workers/2025-10-31-increased-websocket-message-size-limit.mdx
@@ -0,0 +1,15 @@
+---
+title: Workers WebSocket message size limit increased from 1 MiB to 32 MiB
+description: The maximum WebSocket message size limit for all Workers has been increased from 1 MiB to 32 MiB.
+products:
+  - workers
+  - durable-objects
+  - browser-rendering
+date: 2025-10-31
+---
+
+Workers, including those using [Durable Objects](/durable-objects/) and [Browser Rendering](/browser-rendering/workers-bindings/), may now process WebSocket messages up to 32 MiB in size. Previously, this limit was 1 MiB.
+
+This change allows Workers to handle use cases requiring large message sizes, such as processing Chrome Devtools Protocol messages.
+
+For more information, please see the [Durable Objects startup limits](/durable-objects/platform/limits/#SQLite-backed-Durable-Objects-general-limits).
diff --git a/src/content/docs/ai-gateway/usage/providers/deepgram.mdx b/src/content/docs/ai-gateway/usage/providers/deepgram.mdx
@@ -0,0 +1,61 @@
+---
+title: Deepgram
+pcx_content_type: get-started
+---
+
+[Deepgram](https://developers.deepgram.com/home) provides Voice AI APIs for speech-to-text, text-to-speech, and voice agents.
+
+:::note
+
+Deepgram is also available through Workers AI, see [Deepgram Workers AI](/ai-gateway/usage/websockets-api/realtime-api/#deepgram-workers-ai).
+
+:::
+
+## Endpoint
+
+```txt
+https://gateway.ai.cloudflare.com/v1/{account_id}/{gateway_id}/deepgram
+```
+
+## URL Structure
+
+When making requests to Deepgram, replace `https://api.deepgram.com/` in the URL you are currently using with `https://gateway.ai.cloudflare.com/v1/{account_id}/{gateway_id}/deepgram/`.
+
+## Prerequisites
+
+When making requests to Deepgram, ensure you have the following:
+
+- Your AI Gateway Account ID.
+- Your AI Gateway gateway name.
+- An active Deepgram API token.
+
+## Example
+
+### SDK
+
+```ts title="TS"
+import { createClient, LiveTranscriptionEvents } from "@deepgram/sdk";
+
+
+const deepgram = createClient("{deepgram_api_key}", {
+    global: {
+      websocket: {
+        options: {
+          url: "wss://gateway.ai.cloudflare.com/v1/{account_id}/{gateway_id}/deepgram/",
+          _nodeOnlyHeaders: {
+            "cf-aig-authorization": "Bearer {CF_AIG_TOKEN}"
+          }
+        }
+      }
+    }
+});
+
+
+const connection = deepgram.listen.live({
+    model: "nova-3",
+    language: "en-US",
+    smart_format: true,
+});
+
+connection.send(...);
+```
diff --git a/src/content/docs/browser-rendering/index.mdx b/src/content/docs/browser-rendering/index.mdx
@@ -19,13 +19,33 @@ import {
 
 <Description>
 
-Browser automation for [Cloudflare Workers](/workers/) and [quick browser actions](/browser-rendering/rest-api/).
+Run headless Chrome on [Cloudflare's global network](/workers/) for browser automation, web scraping, testing, and content generation.
 
 </Description>
 
 <Plan type="workers-all" />
 
-Browser Rendering enables developers to programmatically control and interact with headless browser instances running on Cloudflare’s global network. This facilitates tasks such as automating browser interactions, capturing screenshots, generating PDFs, and extracting data from web pages.
+Browser Rendering enables developers to programmatically control and interact with headless browser instances running on Cloudflare’s global network. 
+
+## Use Cases
+
+Browser Rendering supports a wide range of use cases, including:
+- Extract rendered HTML or convert webpages to Markdown using the [content endpoint](/browser-rendering/rest-api/content-endpoint/) and [markdown endpoint](/browser-rendering/rest-api/markdown-endpoint/)
+- Create website thumbnails and social previews using the [screenshot endpoint](/browser-rendering/rest-api/screenshot-endpoint/)
+- Generate PDFs from webpages and HTML content using the [pdf endpoint](/browser-rendering/rest-api/pdf-endpoint/)
+- Archive complete webpage states with the [snapshot endpoint](/browser-rendering/rest-api/snapshot/) that captures both HTML and screenshots
+- Build web scrapers that target specific elements or extract all links using the [scrape endpoint](/browser-rendering/rest-api/scrape-endpoint/) and [links endpoint](/browser-rendering/rest-api/links-endpoint/)
+- Parse and structure webpage data into JSON format using the [json endpoint](/browser-rendering/rest-api/json-endpoint/)
+
+Browser Rendering is also ideal for agentic workflows. Use [Puppeteer](/browser-rendering/platform/puppeteer/), [Playwright](/browser-rendering/platform/playwright/), [Playwright MCP](/browser-rendering/platform/playwright-mcp/), or [Stagehand](/browser-rendering/platform/stagehand/) to power AI agents that interact with web pages and extract data where APIs do not exist.
+
+## Key features
+
+- **Scale to thousands of browsers**: Instant access to a global pool of browsers with low cold-start time, ideal for high-volume screenshot generation, data extraction, or automation at scale
+- **Global by default**: Browser sessions run on Cloudflare's edge network, opening close to your users for better speed and availability worldwide
+- **Easy to integrate**: [REST APIs](/browser-rendering/rest-api/) for common actions, while [Puppeteer](/browser-rendering/platform/puppeteer/) and [Playwright](/browser-rendering/platform/playwright/) provide familiar automation libraries for complex workflows
+- **Session management**: [Reuse browser sessions](/browser-rendering/workers-bindings/reuse-sessions/) across requests to improve performance and reduce cold-start overhead
+- **Flexible pricing**: Pay only for browser time used with generous free tier ([view pricing](/browser-rendering/platform/pricing/))
 
 ## Integration Methods
 
@@ -36,19 +56,6 @@ You can integrate Browser Rendering into your applications using one of the foll
 
 Choose the method that best fits your use case. For example, use the [REST API endpoints](/browser-rendering/rest-api/) for straightforward tasks from external applications and use [Workers Bindings](/browser-rendering/workers-bindings/) for complex automation within the Cloudflare ecosystem.
 
-## Use Cases
-
-Browser Rendering can be utilized for various purposes, including:
-
-- Fetch HTML content of a page.
-- Capture screenshot of a webpage.
-- Convert a webpage into a PDF document.
-- Take a webpage snapshot.
-- Scrape specified HTML elements from a webpage.
-- Retrieve data in a structured format.
-- Extract Markdown content from a webpage.
-- Gather all hyperlinks found on a webpage.
-
 ## Related products
 
 <RelatedProduct header="Workers" href="/workers/" product="workers">
@@ -59,13 +66,13 @@ Build serverless applications and deploy instantly across the globe for exceptio
 
 <RelatedProduct header="Durable Objects" href="/durable-objects/" product="durable-objects">
 
-A globally distributed coordination API with strongly consistent storage.
+A globally distributed coordination API with strongly consistent storage. Using Durable Objects to [persist browser sessions](/browser-rendering/workers-bindings/browser-rendering-with-do/) improves performance by eliminating the time that it takes to spin up a new browser session.
 
 </RelatedProduct>
 
 <RelatedProduct header="Agents" href="/agents/" product="agents">
 
-Build and deploy AI-powered agents that can autonomously perform tasks.
+Build AI-powered agents that autonomously navigate websites and perform tasks using [Playwright MCP](/browser-rendering/platform/playwright-mcp/) or [Stagehand](/browser-rendering/platform/stagehand/).
 
 </RelatedProduct>
 
@@ -78,8 +85,7 @@ Build and deploy AI-powered agents that can autonomously perform tasks.
 	href="/browser-rendering/get-started/"
 	icon="open-book"
 >
-	Deploy your first Browser Rendering project using Wrangler and Cloudflare's
-	version of Puppeteer.
+	Choose between REST API and Workers Bindings, then deploy your first project.
 </LinkTitleCard>
 
 <LinkTitleCard
@@ -99,11 +105,11 @@ Build and deploy AI-powered agents that can autonomously perform tasks.
 </LinkTitleCard>
 
 <LinkTitleCard
-	title="Learning Path"
-	href="/learning-paths/workers/concepts/"
+	title="Playwright API"
+	href="/browser-rendering/platform/playwright/"
 	icon="pen"
 >
-	New to Workers? Get started with the Workers Learning Path.
+	Use Cloudflare's fork of Playwright for testing and automation.
 </LinkTitleCard>
 
 <LinkTitleCard
diff --git a/src/content/docs/browser-rendering/platform/puppeteer.mdx b/src/content/docs/browser-rendering/platform/puppeteer.mdx
@@ -68,7 +68,32 @@ await page.setUserAgent(
 ```
 
 :::note
-The `userAgent` parameter does not bypass bot protection. Requests from Browser Rendering will always be identified as a bot. 
+The `userAgent` parameter does not bypass bot protection. Requests from Browser Rendering will always be identified as a bot.
+:::
+
+## Element selection
+
+Puppeteer provides multiple methods for selecting elements on a page. While CSS selectors work as expected, XPath selectors are not supported due to security constraints in the Workers runtime.
+
+Instead of using Xpath selectors, you can use CSS selectors or `page.evaluate()` to run XPath queries in the browser context:
+
+```ts
+const innerHtml = await page.evaluate(() => {
+	return (
+		// @ts-ignore this runs on browser context
+		new XPathEvaluator()
+			.createExpression("/html/body/div/h1")
+			// @ts-ignore this runs on browser context
+			.evaluate(document, XPathResult.FIRST_ORDERED_NODE_TYPE).singleNodeValue
+			.innerHTML
+	);
+});
+```
+
+:::note
+
+`page.evaluate()` can only return primitive types like strings, numbers, and booleans. Returning complex objects like `HTMLElement` will not work.
+
 :::
 
 ## Session management
diff --git a/src/content/docs/cloudflare-one/faq/cloudflare-tunnels-faq.mdx b/src/content/docs/cloudflare-one/faq/cloudflare-tunnels-faq.mdx
@@ -81,6 +81,6 @@ Before contacting the Cloudflare support team:
 
 3. Gather any relevant error/access logs from your server.
 
-4. (Locally-managed tunnels only) Set [`--loglevel`](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/#loglevel) to `debug`, so the Cloudflare support team can get more info from the `cloudflared.log` file.
+4. If needed set [`--loglevel`](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/#loglevel) to `debug`, so the Cloudflare support team can get more info from the `cloudflared.log` file.
 
 5. Include your [Cloudflare Tunnel diagnostic logs](/cloudflare-one/networks/connectors/cloudflare-tunnel/troubleshoot-tunnels/diag-logs/) (`cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip`).
diff --git a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/create-local-tunnel.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/create-local-tunnel.mdx
@@ -55,7 +55,7 @@ Use the rpm package manager to install `cloudflared` on compatible machines.
 1. Add Cloudflare's repository:
 
 ```sh
-curl -fsSL https://pkg.cloudflare.com/cloudflared-ascii.repo | sudo tee /etc/yum.repos.d/cloudflared.repo
+curl -fsSl https://pkg.cloudflare.com/cloudflared.repo | sudo tee /etc/yum.repos.d/cloudflared.repo
 ```
 
 2. Update repositories and install cloudflared:
diff --git a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-to-warp.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-to-warp.mdx
@@ -34,8 +34,16 @@ This guide covers how to:
 3. Enable **Allow WARP to WARP connection**. This allows Cloudflare to route traffic to the <GlossaryTooltip term="CGNAT IP">CGNAT IP</GlossaryTooltip> space.
 4. In your [Split Tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/), ensure that traffic to `100.96.0.0/12` is going through WARP:
 
-- If using **Exclude** mode, delete `100.64.0.0/10` from the list and re-add `100.64.0.0/11` and `100.112.0.0/12`.
-- If using **Include** mode, add `100.96.0.0/12` to your list.
+- If using **Exclude** mode, delete `100.64.0.0/10` from the list and add the following IP addresses:
+  
+  - `100.64.0.0/12`
+  - `100.81.0.0/16`
+  - `100.82.0.0/15`
+  - `100.84.0.0/14`
+  - `100.88.0.0/13`
+  - `100.112.0.0/12`
+
+- If using **Include** mode, add `100.96.0.0/12` and `100.80.0.0/16` to your list.
 
 This will instruct WARP to begin proxying any traffic destined for a `100.96.0.0/12` IP address to Cloudflare for routing and policy enforcement.
 
diff --git a/src/content/docs/cloudflare-one/traffic-policies/egress-policies/host-selectors.mdx b/src/content/docs/cloudflare-one/traffic-policies/egress-policies/host-selectors.mdx
@@ -102,11 +102,13 @@ To configure your Zero Trust organization to use Host selectors with Egress poli
 			- `100.82.0.0/15`
 			- `100.84.0.0/14`
 			- `100.88.0.0/13`
-			- `100.96.0.0/11`
+			- `100.112.0.0/12`
+			
+			And remove `100.64.0.0/10` IP address.
 
     </TabItem> <TabItem label="Include IPs and domains">
 		1.  Add the required [Zero Trust domains](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#cloudflare-zero-trust-domains) or [IP addresses](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#cloudflare-zero-trust-ip-addresses) to your Split Tunnel include list.
-		2.  [Add a route](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route) to include the IP address `100.80.0.0/16`.
+		2.  [Add a route](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route) to include `100.80.0.0/16` and `100.96.0.0/12` IP addresses.
 
     </TabItem> </Tabs>
 
diff --git a/src/content/docs/cloudflare-one/traffic-policies/packet-filtering/best-practices/minimal-ruleset.mdx b/src/content/docs/cloudflare-one/traffic-policies/packet-filtering/best-practices/minimal-ruleset.mdx
@@ -29,6 +29,8 @@ This is a suggested list and not an exhaustive list. Review your environment and
 **Match**: `(ip.proto eq "hopopt") or (not ip.proto in {"esp" "tcp" "udp" "gre" "icmp"})` <br/>
 **Action**: Block <br/>
 
+The recommended rules are part of the managed rules.
+
 ## Traffic and port types
 
 The information below covers traffic type, how the port is used, and reasons for blocking the port.
diff --git a/src/content/docs/durable-objects/platform/limits.mdx b/src/content/docs/durable-objects/platform/limits.mdx
@@ -20,7 +20,7 @@ Durable Objects are a special kind of Worker, so [Workers Limits](/workers/platf
 | Storage per Durable Object     | 10 GB [^3]                                                                                                     |
 | Key size                       | Key and value combined cannot exceed 2 MB                                                                      |
 | Value size                     | Key and value combined cannot exceed 2 MB                                                                      |
-| WebSocket message size         | 1 MiB (only for received messages)                                                                             |
+| WebSocket message size         | 32 MiB (only for received messages)                                                                            |
 | CPU per request                | 30 seconds (default) / configurable to 5 minutes of [active CPU time](/workers/platform/limits/#cpu-time) [^4] |
 
 [^1]: Identical to the Workers [script limit](/workers/platform/limits/).
@@ -69,7 +69,7 @@ For Durable Object classes with [SQLite storage](/durable-objects/api/sqlite-sto
 | Storage per Durable Object     | Unlimited                                           |
 | Key size                       | 2 KiB (2048 bytes)                                  |
 | Value size                     | 128 KiB (131072 bytes)                              |
-| WebSocket message size         | 1 MiB (only for received messages)                  |
+| WebSocket message size         | 32 MiB (only for received messages)                 |
 | CPU per request                | 30s (including WebSocket messages) [^7]             |
 
 [^5]: Identical to the Workers [script limit](/workers/platform/limits/).
diff --git a/src/content/docs/fundamentals/manage-members/roles.mdx b/src/content/docs/fundamentals/manage-members/roles.mdx
@@ -27,7 +27,6 @@ Account-scoped roles apply across an entire Cloudflare account, and through all
 | Billing                                                      | Can edit the account's [billing profile](/billing/create-billing-profile/) and subscriptions                                                                                                                                                                                                                                                                                                                                      |
 | Cache Purge                                                  | Can purge the edge cache and allows the reading of zone settings.                                                                                                                                                                                                                                                                                                                                                                 |
 | Cloudflare Access                                            | Can edit [Cloudflare Access](/cloudflare-one/access-controls/policies/) and [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/).                                                                                                                                                                                                                                                                          |
-
 | Cloudflare CASB                                              | Can edit [Cloudflare CASB](/cloudflare-one/cloud-and-saas-findings/).                                                                                                                                                                                                                                                                                                                                                                   |
 | Cloudflare CASB Read                                         | Can read [Cloudflare CASB](/cloudflare-one/cloud-and-saas-findings/).                                                                                                                                                                                                                                                                                                                                                                   |
 | Cloudflare DEX                                               | Can edit [Cloudflare DEX](/cloudflare-one/insights/dex/).                                                                                                                                                                                                                                                                                                                                                                         |
diff --git a/src/content/docs/magic-firewall/best-practices/minimal-ruleset.mdx b/src/content/docs/magic-firewall/best-practices/minimal-ruleset.mdx
@@ -30,6 +30,8 @@ This is a suggested list and not an exhaustive list. Review your environment and
 **Match**: `(ip.proto eq "hopopt") or (not ip.proto in {"esp" "tcp" "udp" "gre" "icmp"})` <br/>
 **Action**: Block <br/>
 
+The recommended rules are part of the managed rules.
+
 ## Traffic and port types
 
 The information below covers traffic type, how the port is used, and reasons for blocking the port.
diff --git a/src/content/docs/network-interconnect/get-started.mdx b/src/content/docs/network-interconnect/get-started.mdx
@@ -59,7 +59,7 @@ The following are the maximum throughput rates supported by the CNI connection.
 
 Consider the following service levels when planning your deployment:
 - **No Formal SLA**:
-  - CNI is currently offered at no charge and without a formal Service Level Agreement (SLA).
+  - CNI is currently offered at no charge and without a formal [Service Level Agreement (SLA)](https://www.cloudflare.com/service-specific-terms-network-services/#cf-network-interconnect-terms).
   - Cloudflare will work to restore CNI service in the event of a Cloudflare issue. In some Cloudflare data centers the recovery time could be several days. Therefore we always recommend backup connectivity to a different device or via an Internet tunnel.
 - **Observability**: There is no visibility of the interconnect config/status within the Cloudflare dashboard.
 - **Availability**: While network-resilient locations are designed to maintain connectivity during maintenance, single-homed locations can experience full service disruption.
diff --git a/src/content/docs/rules/snippets/examples/override-set-cookies-value.mdx b/src/content/docs/rules/snippets/examples/override-set-cookies-value.mdx
diff --git a/src/content/docs/turnstile/get-started/client-side-rendering/index.mdx b/src/content/docs/turnstile/get-started/client-side-rendering/index.mdx
diff --git a/src/content/partials/cloudflare-one/tunnel/cloudflared-debian-install.mdx b/src/content/partials/cloudflare-one/tunnel/cloudflared-debian-install.mdx
diff --git a/src/content/partials/ssl/keyless-key-server-setup.mdx b/src/content/partials/ssl/keyless-key-server-setup.mdx
diff --git a/src/content/release-notes/durable-objects.yaml b/src/content/release-notes/durable-objects.yaml
diff --git a/src/content/release-notes/workers.yaml b/src/content/release-notes/workers.yaml
diff --git a/src/util/api.ts b/src/util/api.ts
