PCX review

pedrosousa · pedrosousa · commit e321e7cb93a0 · 2025-08-08T14:56:41.000+01:00
diff --git a/src/content/docs/rules/transform/managed-transforms/reference.mdx b/src/content/docs/rules/transform/managed-transforms/reference.mdx
@@ -14,11 +14,12 @@ This page lists the available Managed Transforms. They can modify HTTP request h
 	file="snippets-alternative"
 	params={{ suffix: "and customized header modifications" }}
 />
-<br />
 
-:::caution
-The names of HTTP headers are case-insensitive. Cloudflare may use a capitalization different from the one presented in this page. Make sure that your origin server can handle HTTP request headers regardless of the exact capitalization of their names.
-:::
+## Important remarks
+
+- Enabling a Managed Transform may cause issues in your website. You should test any changes in a staging environment. If you detect any undesired or unexpected behavior, consider disabling the Managed Transform and creating a partial implementation using your own transform rule.
+
+- The names of HTTP headers are case-insensitive. Cloudflare may use a capitalization different from the one presented in this page. Make sure that your origin server can handle HTTP request headers regardless of the exact capitalization of their names.
 
 ## HTTP request headers
 
@@ -72,7 +73,7 @@ Adds HTTP headers with location information for the visitor's IP address to the
 - `cf-postal-code`: The visitor's postal code (value from the [`ip.src.postal_code`](/ruleset-engine/rules-language/fields/reference/ip.src.postal_code/) field).
 - `cf-timezone`: The name of the visitor's timezone (value from the [`ip.src.timezone.name`](/ruleset-engine/rules-language/fields/reference/ip.src.timezone.name/) field).
 
-:::caution
+:::note
 Turning on [IP geolocation](/network/ip-geolocation/) will send a `cf-ipcountry` HTTP header to your origin server even when **Add visitor location headers** is turned off.
 :::
 
@@ -154,7 +155,7 @@ Removes the `X-Powered-By` HTTP response header that provides information about
 ### Add security headers
 
 :::note
-The security headers improve protection but may inadvertently block resources (e.g., due to MIME type mismatches), disrupt legacy scripts, prevent external content embeds, omit cross-origin referrer headers, or trigger certificate errors. Before enabling, ensure thorough testing in staging and a clear understanding of each header’s functionality. If issues arise, consider disabling the managed transform rule to isolate the cause. Proceed cautiously to balance security and compatibility.
+Adding the following security headers may have an impact on your website, such as blocking resources or triggering certificate errors. If you find any issues, try disabling the Managed Transform to isolate the possible cause.
 :::
 
 Adds several security-related HTTP response headers. The added response headers and values are the following:
