Update even more broken links

Author: maxvp

src/content/changelog/workers/2025-10-03-one-click-access-for-workers.mdx

@@ -12,7 +12,7 @@ You can now enable [Cloudflare Access](/cloudflare-one/access-controls/policies/
 
 ![Screenshot of the Enable/Disable Cloudflare Access button on the workers.dev route settings page](~/assets/images/workers/changelog/workers-access.png)
 
-Access allows you to limit access to your Workers to specific users or groups. You can limit access to yourself, your teammates, your organization, or anyone else you specify in your [Access policy](/cloudflare-one/traffic-policies/access).
+Access allows you to limit access to your Workers to specific users or groups. You can limit access to yourself, your teammates, your organization, or anyone else you specify in your [Access policy](/cloudflare-one/access-controls/policies/access/).
 
 To enable Cloudflare Access:
 
@@ -36,9 +36,9 @@ export default {
 	async fetch(request, env, ctx) {
 		// Verify the POLICY_AUD environment variable is set
 		if (!env.POLICY_AUD) {
-			return new Response('Missing required audience', {
+			return new Response("Missing required audience", {
 				status: 403,
-				headers: { 'Content-Type': 'text/plain' }
+				headers: { "Content-Type": "text/plain" },
 			});
 		}
 
@@ -89,4 +89,4 @@ Add these [environment variables](/workers/configuration/environment-variables/)
 
 Both of these appear in the modal that appears when you enable Cloudflare Access.
 
-You can set these variables by adding them to your Worker's [Wrangler configuration file](/workers/wrangler/configuration/), or via the Cloudflare dashboard under **Workers & Pages** > **your-worker** > **Settings** > **Environment Variables**.
+You can set these variables by adding them to your Worker's [Wrangler configuration file](/workers/wrangler/configuration/), or via the Cloudflare dashboard under **Workers & Pages** > **your-worker** > **Settings** > **Environment Variables**.

src/content/docs/ai-gateway/features/dlp/index.mdx

@@ -9,13 +9,11 @@ sidebar:
 
 import { Feature } from "~/components";
 
-
 Data Loss Prevention (DLP) for AI Gateway helps protect your organization from inadvertent exposure of sensitive data through AI interactions. By integrating with Cloudflare's proven DLP technology, AI Gateway can scan both incoming prompts and outgoing AI responses for sensitive information, ensuring your AI applications maintain security and compliance standards.
 
 ## How it works
 
-AI Gateway DLP leverages the same powerful detection engines used in [Cloudflare's Data Loss Prevention](/cloudflare-one/traffic-policies/data-loss-prevention/) solution to scan AI traffic in real-time. The system analyzes both user prompts sent to AI models and responses received from AI providers, identifying sensitive data patterns and taking appropriate protective actions.
-
+AI Gateway DLP leverages the same powerful detection engines used in [Cloudflare's Data Loss Prevention](/cloudflare-one/data-loss-prevention/) solution to scan AI traffic in real-time. The system analyzes both user prompts sent to AI models and responses received from AI providers, identifying sensitive data patterns and taking appropriate protective actions.
 
 ## Key benefits
 
@@ -43,7 +41,7 @@ AI Gateway DLP uses the same detection profiles and policies as Cloudflare's ent
 - **Centralized reporting** - All DLP events appear in the same dashboard and logs
 - **Shared profiles** - Reuse existing DLP detection profiles for AI traffic
 
-For more information about Cloudflare's DLP capabilities, refer to the [Data Loss Prevention documentation](/cloudflare-one/traffic-policies/data-loss-prevention/).
+For more information about Cloudflare's DLP capabilities, refer to the [Data Loss Prevention documentation](/cloudflare-one/data-loss-prevention/).
 
 ## Getting started
 
@@ -56,6 +54,6 @@ To enable DLP for your AI Gateway:
 ## Related resources
 
 - [Set up DLP for AI Gateway](/ai-gateway/features/dlp/set-up-dlp/)
-- [Cloudflare Data Loss Prevention](/cloudflare-one/traffic-policies/data-loss-prevention/)
+- [Cloudflare Data Loss Prevention](/cloudflare-one/data-loss-prevention/)
 - [AI Gateway Security Features](/ai-gateway/features/guardrails/)
-- [DLP Detection Profiles](/cloudflare-one/traffic-policies/data-loss-prevention/dlp-profiles/)
+- [DLP Detection Profiles](/cloudflare-one/data-loss-prevention/dlp-profiles/)

src/content/docs/ai-gateway/features/dlp/set-up-dlp.mdx

@@ -28,13 +28,13 @@ After enabling DLP, you can create policies to define how sensitive data should
    - **Policy ID**: Enter a unique name for this policy (e.g., "Block-PII-Requests")
    - **DLP Profiles**: Select the DLP profiles to check against. AI requests/responses will be checked against each of the selected profiles. Available profiles include:
      - **Financial Information** - Credit cards, bank accounts, routing numbers
-     - **Personal Identifiable Information (PII)** - Names, addresses, phone numbers  
+     - **Personal Identifiable Information (PII)** - Names, addresses, phone numbers
      - **Government Identifiers** - SSNs, passport numbers, driver's licenses
      - **Healthcare Information** - Medical record numbers, patient data
      - **Custom Profiles** - Organization-specific data patterns
-     
+
      :::note
-     DLP profiles can be created and managed in the [Zero Trust DLP dashboard](/cloudflare-one/traffic-policies/data-loss-prevention/dlp-profiles/).
+     DLP profiles can be created and managed in the [Zero Trust DLP dashboard](/cloudflare-one/data-loss-prevention/dlp-profiles/).
      :::
 
    - **Action**: Choose the action to take when any of the selected profiles match:
@@ -89,7 +89,6 @@ To view only DLP-related requests:
    - **FLAG** - Show only requests where sensitive data was flagged
    - **BLOCK** - Show only requests that were blocked due to DLP policies
 
-
 ## Error handling
 
 When DLP policies are triggered, your application will receive additional information through response headers and error codes.
@@ -121,18 +120,21 @@ When a request matches DLP policies (whether flagged or blocked), an additional
 
 ```json
 {
-  "findings": [
-    {
-      "profile": {
-        "context": {},
-        "entry_ids": ["a1b2c3d4-e5f6-7890-abcd-ef1234567890", "f7e8d9c0-b1a2-3456-789a-bcdef0123456"],
-        "profile_id": "12345678-90ab-cdef-1234-567890abcdef"
-      },
-      "policy_ids": ["block_financial_data"],
-      "check": "REQUEST"
-    }
-  ],
-  "action": "BLOCK"
+	"findings": [
+		{
+			"profile": {
+				"context": {},
+				"entry_ids": [
+					"a1b2c3d4-e5f6-7890-abcd-ef1234567890",
+					"f7e8d9c0-b1a2-3456-789a-bcdef0123456"
+				],
+				"profile_id": "12345678-90ab-cdef-1234-567890abcdef"
+			},
+			"policy_ids": ["block_financial_data"],
+			"check": "REQUEST"
+		}
+	],
+	"action": "BLOCK"
 }
 ```
 
@@ -194,4 +196,4 @@ try {
 - Test with different sample data to understand detection patterns
 - Adjust profile selections if needed
 
-For additional support with DLP configuration, refer to the [Cloudflare Data Loss Prevention documentation](/cloudflare-one/traffic-policies/data-loss-prevention/) or contact your Cloudflare support team.
+For additional support with DLP configuration, refer to the [Cloudflare Data Loss Prevention documentation](/cloudflare-one/data-loss-prevention/) or contact your Cloudflare support team.

src/content/docs/cloudflare-one/traffic-policies/egress-policies/host-selectors.mdx

@@ -10,8 +10,8 @@ import { Tabs, TabItem, Details, APIRequest } from "~/components";
 <Details header="Feature availability">
 
 | [WARP modes](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
-| ----------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
-| Gateway with WARP                                                                         | Enterprise                                                    |
+| ---------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
+| Gateway with WARP                                                                        | Enterprise                                                    |
 
 | System   | Availability | Minimum WARP version |
 | -------- | ------------ | -------------------- |
@@ -24,7 +24,7 @@ import { Tabs, TabItem, Details, APIRequest } from "~/components";
 
 </Details>
 
-When Gateway receives a DNS query for hostname covered by the [Application](/cloudflare-one/policies/egress-policies/#application), [Content Categories](/cloudflare-one/policies/egress-policies/#content-categories), [Domain](/cloudflare-one/policies/egress-policies/#domain), and [Host](/cloudflare-one/policies/egress-policies/#host) selectors in an Egress policy, Gateway initially resolves DNS to an IP in the `100.80.0.0/16` or `2606:4700:0cf1:4000::/64` range. This process allows Gateway to map a destination IP with a hostname at [layer 4](https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/) (where Gateway evaluates Egress policies). The destination IP for a hostname is not usually known at layer 4. Prior to evaluating Egress policies, the initially resolved IP is overwritten with the correct destination IP.
+When Gateway receives a DNS query for hostname covered by the [Application](/cloudflare-one/traffic-policies/egress-policies/#application), [Content Categories](/cloudflare-one/traffic-policies/egress-policies/#content-categories), [Domain](/cloudflare-one/traffic-policies/egress-policies/#domain), and [Host](/cloudflare-one/traffic-policies/egress-policies/#host) selectors in an Egress policy, Gateway initially resolves DNS to an IP in the `100.80.0.0/16` or `2606:4700:0cf1:4000::/64` range. This process allows Gateway to map a destination IP with a hostname at [layer 4](https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/) (where Gateway evaluates Egress policies). The destination IP for a hostname is not usually known at layer 4. Prior to evaluating Egress policies, the initially resolved IP is overwritten with the correct destination IP.
 
 ![Example egress policy flow](~/assets/images/cloudflare-one/policies/host-selector-diagram.png)
 
@@ -61,13 +61,13 @@ Use the [Patch Zero Trust account configuration](/api/resources/zero_trust/subre
 
 Traffic must be on-ramped to Gateway with the following methods:
 
-| On-ramp method                                                                             | Compatibility |
-| ------------------------------------------------------------------------------------------ | ------------- |
-| [WARP](/cloudflare-one/team-and-resources/devices/warp/)                                  | ✅            |
-| [PAC files](/cloudflare-one/team-and-resources/devices/agentless/pac-files/)              | ✅            |
-| [Browser Isolation](/cloudflare-one/remote-browser-isolation/)                           | ✅            |
+| On-ramp method                                                                                      | Compatibility |
+| --------------------------------------------------------------------------------------------------- | ------------- |
+| [WARP](/cloudflare-one/team-and-resources/devices/warp/)                                            | ✅            |
+| [PAC files](/cloudflare-one/team-and-resources/devices/agentless/pac-files/)                        | ✅            |
+| [Browser Isolation](/cloudflare-one/remote-browser-isolation/)                                      | ✅            |
 | [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/) | ❌            |
-| [Magic WAN](/magic-wan/zero-trust/cloudflare-gateway/)                                     | ❌            |
+| [Magic WAN](/magic-wan/zero-trust/cloudflare-gateway/)                                              | ❌            |
 
 Unsupported traffic will be resolved with your default Gateway settings. If you use DNS locations to send a DNS query to Gateway with IPv4, IPv6, DoT, or DoH, Gateway will not return the initial resolved IP for supported traffic nor resolve unsupported traffic.
 

src/content/docs/data-localization/compatibility.mdx

@@ -166,7 +166,7 @@ The table below provides a summary of the Data Localization Suite product's beha
 
 [^30]: Regular/Generic and Custom Tiered Cache works; Smart Tiered Caching does not work with Customer Metadata Boundary (CMB). <br/> With CMB set to EU, the Zone Dashboard **Caching** > **Tiered Cache** > **Smart Tiered Caching** option will not populate the Dashboard Analytics.
 
-[^31]: DLP is part of Gateway HTTP, however, [DLP detection entries](/cloudflare-one/traffic-policies/data-loss-prevention/detection-entries/) are not available outside US region when using Customer Metadata Boundary.
+[^31]: DLP is part of Gateway HTTP, however, [DLP detection entries](/cloudflare-one/data-loss-prevention/detection-entries/) are not available outside US region when using Customer Metadata Boundary.
 
 [^32]: Dashboard Analytics are empty when using CMB outside the US region. Use Logpush instead.
 

src/content/docs/data-localization/faq.mdx

@@ -4,21 +4,18 @@ title: FAQs
 structured_data: true
 sidebar:
   order: 9
-
 ---
 
 ## Are DLP and DLS the same?
 
-No, they are not. DLP stands for [Data Loss Prevention](/cloudflare-one/traffic-policies/data-loss-prevention/), and it is part of Cloudflare’s Zero Trust offering (requiring Gateway). It allows customers to scan web traffic and SaaS apps for sensitive data like secret keys, financial information (credit card numbers), and other keywords.
+No, they are not. DLP stands for [Data Loss Prevention](/cloudflare-one/data-loss-prevention/), and it is part of Cloudflare’s Zero Trust offering (requiring Gateway). It allows customers to scan web traffic and SaaS apps for sensitive data like secret keys, financial information (credit card numbers), and other keywords.
 
 [Data Localization Suite](/data-localization/) (DLS) is a suite of features that can provide localization and data residency features.
 
-
 ## Are Cloudflare’s services GDPR compliant?
 
 Yes, even without DLS, Cloudflare services are designed to satisfy the GDPR’s requirements. Cloudflare services are also verified compliant with the EU Cloud CoC, Verification-ID: 2023LVL02SCOPE4316. For further information, visit EU Cloud CoC [public register](https://eucoc.cloud/en/public-register).
 
-
 ## How can I use DLS?
 
 Once you have purchased DLS, the post-sales team will entitle DLS for you, and you will be able to configure all features by yourself via dashboard or API. You can find more specific information under the [Configuration guides](/data-localization/how-to/) section.
@@ -27,19 +24,16 @@ Once you have purchased DLS, the post-sales team will entitle DLS for you, and y
 
 Not yet.
 
-
 ## Are there other options if I prefer not to have Cloudflare handle TLS termination (decryption)?
 
 Yes, you have these options available:
 
-* [Spectrum TCP/UDP Apps](/spectrum/) (without TLS Termination)
-* [Magic Transit](/magic-transit/)
-* [Privacy Gateway](/privacy-gateway/)
+- [Spectrum TCP/UDP Apps](/spectrum/) (without TLS Termination)
+- [Magic Transit](/magic-transit/)
+- [Privacy Gateway](/privacy-gateway/)
 
 These options only offer L3/L4 DDoS protection and using them imply that no application / L7 security or performance services can be applied.
 
 ## I have configured [Customer Metadata Boundary](/data-localization/metadata-boundary/) for EU region, I'm accessing the Cloudflare Dashboard from Europe, why am I getting an error `Data not available due to your account's Customer Metadata Boundary configuration`?
 
 Based on Internet conditions that vary over time, users may be dynamically steered to a data center that is physically further away. This can be based on a variety of factors, including latency and network congestion. [Out of region access](/data-localization/metadata-boundary/out-of-region-access/) allows requests arriving in the United States to pull Customer Logs from the European Union and vice-versa. The analytics are still exclusively stored in the CMB configured region.
-
-

src/content/docs/data-localization/how-to/zero-trust.mdx

@@ -27,9 +27,9 @@ As part of Regional Services, Cloudflare Gateway will only perform [TLS decrypti
 
 #### Data Loss Prevention (DLP)
 
-You are able to [log the payload of matched DLP rules](/cloudflare-one/traffic-policies/data-loss-prevention/dlp-policies/logging-options/#log-the-payload-of-matched-rules) and encrypt them with your public key so that only you can examine them later.
+You are able to [log the payload of matched DLP rules](/cloudflare-one/data-loss-prevention/dlp-policies/logging-options/#log-the-payload-of-matched-rules) and encrypt them with your public key so that only you can examine them later.
 
-[Cloudflare cannot decrypt encrypted payloads](/cloudflare-one/traffic-policies/data-loss-prevention/dlp-policies/logging-options/#data-privacy).
+[Cloudflare cannot decrypt encrypted payloads](/cloudflare-one/data-loss-prevention/dlp-policies/logging-options/#data-privacy).
 
 ### Network policies
 

src/content/docs/workers/configuration/previews.mdx

@@ -94,7 +94,7 @@ The resulting alias would be associated with this version, and immediately avail
 
 ## Manage access to Preview URLs
 
-When enabled, all preview URLs are available publicly. You can use [Cloudflare Access](/cloudflare-one/access-controls/policies/access/) to require visitors to authenticate before accessing preview URLs. You can limit access to yourself, your teammates, your organization, or anyone else you specify in your [access policy](/cloudflare-one/traffic-policies/access).
+When enabled, all preview URLs are available publicly. You can use [Cloudflare Access](/cloudflare-one/access-controls/policies/access/) to require visitors to authenticate before accessing preview URLs. You can limit access to yourself, your teammates, your organization, or anyone else you specify in your [access policy](/cloudflare-one/access-controls/policies/access/).
 
 To limit your preview URLs to authorized emails only:
 

src/content/docs/workers/configuration/routing/workers-dev.mdx

@@ -23,7 +23,7 @@ All Workers are assigned a `workers.dev` route when they are created or renamed
 
 ## Manage access to `workers.dev`
 
-When enabled, your `workers.dev` URL is available publicly. You can use [Cloudflare Access](/cloudflare-one/access-controls/policies/access/) to require visitors to authenticate before accessing preview URLs. You can limit access to yourself, your teammates, your organization, or anyone else you specify in your [access policy](/cloudflare-one/traffic-policies/access).
+When enabled, your `workers.dev` URL is available publicly. You can use [Cloudflare Access](/cloudflare-one/access-controls/policies/access/) to require visitors to authenticate before accessing preview URLs. You can limit access to yourself, your teammates, your organization, or anyone else you specify in your [access policy](/cloudflare-one/access-controls/policies/access/).
 
 To limit your `workers.dev` URL to authorized emails only: