diff --git a/src/content/docs/logs/reference/log-fields/account/gateway_http.md b/src/content/docs/logs/reference/log-fields/account/gateway_http.md
index 54d6b4b6d2d746b..150bbed2e5bd1fd 100644
--- a/src/content/docs/logs/reference/log-fields/account/gateway_http.md
+++ b/src/content/docs/logs/reference/log-fields/account/gateway_http.md
@@ -53,7 +53,7 @@ Reason file was blocked in the response, if any.
 
 ## BlockedFileSize
 
-Type: `string`
+Type: `int`
 
 File size(bytes) blocked in the response, if any.
 
@@ -101,7 +101,7 @@ Country code of the destination IP of the HTTP request (for example, 'US').
 
 ## DestinationPort
 
-Type: `string`
+Type: `int`
 
 Destination port of the request.
 
@@ -257,7 +257,7 @@ Local LAN IP of the device. Only available when connected via a GRE/IPsec tunnel
 
 ## SourcePort
 
-Type: `string`
+Type: `int`
 
 Source port of the request.
 
diff --git a/src/content/docs/logs/reference/log-fields/zone/firewall_events.md b/src/content/docs/logs/reference/log-fields/zone/firewall_events.md
index db0ed8f23a3ce8a..e8b369840b48ea5 100644
--- a/src/content/docs/logs/reference/log-fields/zone/firewall_events.md
+++ b/src/content/docs/logs/reference/log-fields/zone/firewall_events.md
@@ -163,7 +163,7 @@ The kind of event, currently only possible values are: <em>firewall</em>.
 
 Type: `string`
 
-Result of the check for leaked credentials.
+Result of the check for [leaked credentials](/waf/detections/leaked-credentials/). <br />Possible results are: <em>password_leaked</em> \| <em>username_and_password_leaked</em> \| <em>username_password_similar</em> \| <em>username_leaked</em> \| <em>clean</em>.
 
 ## MatchIndex
 
diff --git a/src/content/docs/logs/reference/log-fields/zone/http_requests.md b/src/content/docs/logs/reference/log-fields/zone/http_requests.md
index 98da6b035c70a7d..c147957bbb8321a 100644
--- a/src/content/docs/logs/reference/log-fields/zone/http_requests.md
+++ b/src/content/docs/logs/reference/log-fields/zone/http_requests.md
@@ -367,7 +367,7 @@ Inter-request statistics computed for this JA4 fingerprint. JA4Signals field is
 
 Type: `string`
 
-Result of the check for leaked credentials.
+Result of the check for [leaked credentials](/waf/detections/leaked-credentials/). <br />Possible results are: <em>password_leaked</em> \| <em>username_and_password_leaked</em> \| <em>username_password_similar</em> \| <em>username_leaked</em> \| <em>clean</em>.
 
 ## OriginDNSResponseTimeMs
 
diff --git a/src/content/docs/logs/reference/log-fields/zone/page_shield_events.md b/src/content/docs/logs/reference/log-fields/zone/page_shield_events.md
index 126d776efcac47e..79a70e52895d9cb 100644
--- a/src/content/docs/logs/reference/log-fields/zone/page_shield_events.md
+++ b/src/content/docs/logs/reference/log-fields/zone/page_shield_events.md
@@ -15,6 +15,12 @@ Type: `string`
 
 The action which was taken against the violation. <br />Possible values are <em>log</em> \| <em>allow</em>.
 
+## CSPDirective
+
+Type: `string`
+
+The violated directive in the report.
+
 ## Host
 
 Type: `string`
@@ -33,6 +39,12 @@ Type: `string`
 
 The ID of the policy which was violated.
 
+## ResourceType
+
+Type: `string`
+
+The resource type of the violated directive. Possible values are 'script', 'connection' or 'other' for unmonitored resource types
+
 ## Timestamp
 
 Type: `int or string`
@@ -45,7 +57,7 @@ Type: `string`
 
 The resource URL.
 
-## URLContainsCDNCGIPath
+## URLContainsCDNCGIPath (deprecated)
 
 Type: `bool`