diff --git a/src/content/docs/page-shield/how-it-works/index.mdx b/src/content/docs/page-shield/how-it-works/index.mdx
index c170aad8bc79b4..db472942975511 100644
--- a/src/content/docs/page-shield/how-it-works/index.mdx
+++ b/src/content/docs/page-shield/how-it-works/index.mdx
@@ -12,7 +12,7 @@ description: Page Shield tracks resources (such as scripts) loaded by your
import { GlossaryTooltip } from "~/components";
-Page Shield helps manage resources loaded by your website visitors, including scripts, their connections, and cookies. It can trigger alert notifications when resources change or are considered malicious.
+Page Shield helps manage resources loaded by your website visitors, including scripts, their connections, and [cookies](https://www.cloudflare.com/learning/privacy/what-are-cookies/). It can trigger alert notifications when resources change or are considered malicious.
Enabling Page Shield adds a Content Security Policy (CSP) deployed with a [report-only directive](/page-shield/reference/csp-header/) to collect information from the browser. This allows Cloudflare to provide you with a list of all scripts running on your application and the connections they make to third-party endpoints. Page Shield also monitors ingress and egress traffic for cookies, either set by origin servers or by the visitor's browser.
diff --git a/src/content/docs/ruleset-engine/reference/phases-list.mdx b/src/content/docs/ruleset-engine/reference/phases-list.mdx
index 000c5af17b2ec8..8b11f8f9aa3d0d 100644
--- a/src/content/docs/ruleset-engine/reference/phases-list.mdx
+++ b/src/content/docs/ruleset-engine/reference/phases-list.mdx
@@ -3,18 +3,15 @@ title: Phases list
pcx_content_type: reference
sidebar:
order: 1
-
---
-import { Render } from "~/components"
+import { Render } from "~/components";
The following tables list the [phases](/ruleset-engine/about/phases/) of Cloudflare products powered by the Ruleset Engine, in the order those phases are executed. Some products such as the Cloudflare Web Application Firewall have more than one associated phase.
## Network layer
-Network-layer phases apply to packets received on the Cloudflare global network.
-
-
+[Network-layer](https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/) phases apply to packets received on the Cloudflare global network.
| Phase name | Used in product/feature |
| ---------------- | ------------------------------------------------------------------------------------------------ |
@@ -23,43 +20,38 @@ Network-layer phases apply to packets received on the Cloudflare global network.
| `mt_managed` | [Magic Firewall managed rulesets](/magic-firewall/how-to/enable-managed-rulesets/) |
| `mt_ids_managed` | [Magic Firewall Intrusion Detection System (IDS)](/magic-firewall/about/ids/) |
-
-
## Application layer
-Application-layer phases apply to requests received on the Cloudflare global network.
+[Application-layer](https://www.cloudflare.com/learning/ddos/what-is-layer-7/) phases apply to requests received on the Cloudflare global network.
### Request phases
The phases execute in the order they appear in the table.
-
-
-| Phase name | Used in product/feature |
-| ----------------------------------- | ------------------------------------------------------------------------------------------------------ |
-| `http_request_sanitize` | [URL normalization](/rules/normalization/) |
-| `http_request_dynamic_redirect` | [Single Redirects](/rules/url-forwarding/single-redirects/) |
-| `http_request_transform` | [Rewrite URL Rules](/rules/transform/url-rewrite/) |
-| *N/A* (internal phase) | [Waiting Room Rules](/waiting-room/additional-options/waiting-room-rules/) |
-| `http_config_settings` | [Configuration Rules](/rules/configuration-rules/) |
-| `http_request_origin` | [Origin Rules](/rules/origin-rules/) |
-| `ddos_l7`\* | [HTTP DDoS Attack Protection](/ddos-protection/managed-rulesets/http/) |
-| `http_request_api_gateway` | [API Gateway](/api-shield/api-gateway/) |
-| `http_request_firewall_custom` | [Custom rules (Web Application Firewall)](/waf/custom-rules/) |
-| `http_ratelimit` | [Rate limiting rules (WAF)](/waf/rate-limiting-rules/) |
-| *N/A* (internal phase) | [API Shield](/api-shield/) |
-| `http_request_firewall_managed` | [WAF Managed Rules](/waf/managed-rules/) |
-| `http_request_sbfm` | [Super Bot Fight Mode](/bots/get-started/pro/) |
-| *N/A* (internal phase) | [Cloudflare Access](/cloudflare-one/policies/access/) |
-| `http_request_redirect` | [Bulk Redirects](/rules/url-forwarding/bulk-redirects/) |
-| *N/A* (internal phase) | [Managed Transforms](/rules/transform/managed-transforms/) |
-| `http_request_late_transform` | [HTTP Request Header Modification Rules](/rules/transform/request-header-modification/) |
-| `http_request_cache_settings` | [Cache Rules](/cache/how-to/cache-rules/) |
-| `http_request_snippets` | [Snippets](/rules/snippets/) |
-| `http_request_cloud_connector` | [Cloud Connector](/rules/cloud-connector/) |
-
-
-\* *This phase is for configuration purposes only — the corresponding rules will not be executed at this stage in the request handling process.*
+| Phase name | Used in product/feature |
+| ------------------------------- | --------------------------------------------------------------------------------------- |
+| `http_request_sanitize` | [URL normalization](/rules/normalization/) |
+| `http_request_dynamic_redirect` | [Single Redirects](/rules/url-forwarding/single-redirects/) |
+| `http_request_transform` | [Rewrite URL Rules](/rules/transform/url-rewrite/) |
+| _N/A_ (internal phase) | [Waiting Room Rules](/waiting-room/additional-options/waiting-room-rules/) |
+| `http_config_settings` | [Configuration Rules](/rules/configuration-rules/) |
+| `http_request_origin` | [Origin Rules](/rules/origin-rules/) |
+| `ddos_l7`\* | [HTTP DDoS Attack Protection](/ddos-protection/managed-rulesets/http/) |
+| `http_request_api_gateway` | [API Gateway](/api-shield/api-gateway/) |
+| `http_request_firewall_custom` | [Custom rules (Web Application Firewall)](/waf/custom-rules/) |
+| `http_ratelimit` | [Rate limiting rules (WAF)](/waf/rate-limiting-rules/) |
+| _N/A_ (internal phase) | [API Shield](/api-shield/) |
+| `http_request_firewall_managed` | [WAF Managed Rules](/waf/managed-rules/) |
+| `http_request_sbfm` | [Super Bot Fight Mode](/bots/get-started/pro/) |
+| _N/A_ (internal phase) | [Cloudflare Access](/cloudflare-one/policies/access/) |
+| `http_request_redirect` | [Bulk Redirects](/rules/url-forwarding/bulk-redirects/) |
+| _N/A_ (internal phase) | [Managed Transforms](/rules/transform/managed-transforms/) |
+| `http_request_late_transform` | [HTTP Request Header Modification Rules](/rules/transform/request-header-modification/) |
+| `http_request_cache_settings` | [Cache Rules](/cache/how-to/cache-rules/) |
+| `http_request_snippets` | [Snippets](/rules/snippets/) |
+| `http_request_cloud_connector` | [Cloud Connector](/rules/cloud-connector/) |
+
+\* _This phase is for configuration purposes only — the corresponding rules will not be executed at this stage in the request handling process._
@@ -67,14 +59,12 @@ The phases execute in the order they appear in the table.
The phases execute in the order they appear in the table.
-
-
-| Phase name | Used in product/feature |
-| --------------------------------- | ---------------------------------------------------------------------------------------------------- |
-| `http_custom_errors` | [Custom Error Responses](/rules/custom-error-responses/) |
-| *N/A* (internal phase) | [Managed Transforms](/rules/transform/managed-transforms/) |
-| `http_response_headers_transform` | [HTTP Response Header Modification Rules](/rules/transform/response-header-modification/) |
-| `http_ratelimit` | [Rate limiting rules](/waf/rate-limiting-rules/) (when they use response information) |
-| `http_response_compression` | [Compression Rules](/rules/compression-rules/) |
-| `http_response_firewall_managed` | [Cloudflare Sensitive Data Detection](/waf/managed-rules/) (Data Loss Prevention) |
-| `http_log_custom_fields` | [Logpush custom fields](/logs/reference/custom-fields/) |
\ No newline at end of file
+| Phase name | Used in product/feature |
+| --------------------------------- | ----------------------------------------------------------------------------------------- |
+| `http_custom_errors` | [Custom Error Responses](/rules/custom-error-responses/) |
+| _N/A_ (internal phase) | [Managed Transforms](/rules/transform/managed-transforms/) |
+| `http_response_headers_transform` | [HTTP Response Header Modification Rules](/rules/transform/response-header-modification/) |
+| `http_ratelimit` | [Rate limiting rules](/waf/rate-limiting-rules/) (when they use response information) |
+| `http_response_compression` | [Compression Rules](/rules/compression-rules/) |
+| `http_response_firewall_managed` | [Cloudflare Sensitive Data Detection](/waf/managed-rules/) (Data Loss Prevention) |
+| `http_log_custom_fields` | [Logpush custom fields](/logs/reference/custom-fields/) |
diff --git a/src/content/docs/waf/analytics/security-analytics.mdx b/src/content/docs/waf/analytics/security-analytics.mdx
index 40317832e71023..06c0018c14bf1c 100644
--- a/src/content/docs/waf/analytics/security-analytics.mdx
+++ b/src/content/docs/waf/analytics/security-analytics.mdx
@@ -12,7 +12,7 @@ Security Analytics displays information about all incoming HTTP requests for you
Use the Security Analytics dashboard to:
- View the traffic distribution for your domain.
-- Understand which traffic is being mitigated by Cloudflare security products, and where non-mitigated traffic is being served from (Cloudflare global network or origin server).
+- Understand which traffic is being mitigated by Cloudflare security products, and where non-mitigated traffic is being served from (Cloudflare global network or [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server/)).
- Analyze suspicious traffic and create tailored WAF custom rules based on applied filters.
- Learn more about Cloudflare's security scores (attack score, [bot score](/bots/concepts/bot-score/), [malicious uploads](/waf/detections/malicious-uploads/), and [leaked credentials](/waf/detections/leaked-credentials/) results) with real data.
- [Find an appropriate rate limit](/waf/rate-limiting-rules/find-rate-limit/) for incoming traffic.
diff --git a/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-verified-bots.mdx b/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-verified-bots.mdx
index 1af3b3320fb6c9..bedb069cc927f2 100644
--- a/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-verified-bots.mdx
+++ b/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-verified-bots.mdx
@@ -17,5 +17,5 @@ The rule expression uses the [`cf.client.bot`](/ruleset-engine/rules-language/fi
- [Use case: Challenge bad bots](/waf/custom-rules/use-cases/challenge-bad-bots/)
- [Cloudflare bot solutions](/bots/)
-- [Troubleshooting: Bing’s Site Scan blocked by a WAF managed rule](/waf/troubleshooting/blocked-bing-site-scans/)
+- [Troubleshooting: Bing's Site Scan blocked by a WAF managed rule](/waf/troubleshooting/blocked-bing-site-scans/)
- [Learning Center: What is a web crawler?](https://www.cloudflare.com/learning/bots/what-is-a-web-crawler/)
diff --git a/src/content/docs/waf/custom-rules/use-cases/challenge-bad-bots.mdx b/src/content/docs/waf/custom-rules/use-cases/challenge-bad-bots.mdx
index 46b102962745a6..d547d4436a61bb 100644
--- a/src/content/docs/waf/custom-rules/use-cases/challenge-bad-bots.mdx
+++ b/src/content/docs/waf/custom-rules/use-cases/challenge-bad-bots.mdx
@@ -57,7 +57,7 @@ When a request is definitely automated (score of 1) or likely automated (scores
#### Exempt API traffic
-Since Bot Management detects automated users, you need to explicitly allow your **good** automated traffic — this includes your APIs and partner APIs.
+Since Bot Management detects automated users, you need to explicitly allow your **good** automated traffic — this includes your [APIs](https://www.cloudflare.com/learning/security/api/what-is-an-api/) and partner APIs.
This example offers the same protection as the browser-only rule, but allows automated traffic to your API.
diff --git a/src/content/docs/waf/detections/attack-score.mdx b/src/content/docs/waf/detections/attack-score.mdx
index b6fdb0e8dd2045..7cc7e847b1be5a 100644
--- a/src/content/docs/waf/detections/attack-score.mdx
+++ b/src/content/docs/waf/detections/attack-score.mdx
@@ -24,13 +24,17 @@ This feature is available to Enterprise customers. Business plans have access to
The Cloudflare WAF provides the following attack score fields:
-| Score | Data type | Minimum plan required | Attack vector | Field |
-| ---------------------- | --------- | --------------------- | --------------------------- | --------------------------------------------------------------------------------------------- |
-| WAF Attack Score | Number | Enterprise | N/A (global score) | [`cf.waf.score`](/ruleset-engine/rules-language/fields/reference/cf.waf.score/) |
-| WAF SQLi Attack Score | Number | Enterprise | SQL injection (SQLi) | [`cf.waf.score.sqli`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.sqli/) |
-| WAF XSS Attack Score | Number | Enterprise | Cross-site scripting (XSS) | [`cf.waf.score.xss`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.xss/) |
-| WAF RCE Attack Score | Number | Enterprise | Remote Code Execution (RCE) | [`cf.waf.score.rce`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.rce/) |
-| WAF Attack Score Class | String | Business | N/A (global classification) | [`cf.waf.score.class`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.class/) |
+| Score | Data type | Minimum plan required | Attack vector | Field |
+| ---------------------- | --------- | --------------------- | -------------------------------- | ------------------------------------------------------------------------------------------- |
+| WAF Attack Score | Number | Enterprise | N/A (global score) | [`cf.waf.score`](/ruleset-engine/rules-language/fields/reference/cf.waf.score/) |
+| WAF SQLi Attack Score | Number | Enterprise | [SQL injection][1] (SQLi) | [`cf.waf.score.sqli`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.sqli/) |
+| WAF XSS Attack Score | Number | Enterprise | [Cross-site scripting][2] (XSS) | [`cf.waf.score.xss`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.xss/) |
+| WAF RCE Attack Score | Number | Enterprise | [Remote code execution][3] (RCE) | [`cf.waf.score.rce`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.rce/) |
+| WAF Attack Score Class | String | Business | N/A (global classification) | [`cf.waf.score.class`](/ruleset-engine/rules-language/fields/reference/cf.waf.score.class/) |
+
+[1]: https://www.cloudflare.com/learning/security/threats/sql-injection/
+[2]: https://www.cloudflare.com/learning/security/threats/cross-site-scripting/
+[3]: https://www.cloudflare.com/learning/security/what-is-remote-code-execution/
You can use these fields in expressions of [custom rules](/waf/custom-rules/) and [rate limiting rules](/waf/rate-limiting-rules/). Attack score fields of data type `Number` vary between `1` and `99` with the following meaning:
diff --git a/src/content/docs/waf/detections/leaked-credentials/get-started.mdx b/src/content/docs/waf/detections/leaked-credentials/get-started.mdx
index e7c8d9927745f9..f30c3dd57aee7b 100644
--- a/src/content/docs/waf/detections/leaked-credentials/get-started.mdx
+++ b/src/content/docs/waf/detections/leaked-credentials/get-started.mdx
@@ -76,7 +76,7 @@ For additional examples, refer to [Mitigation examples](/waf/detections/leaked-c
### Handle detected leaked credentials at the origin server
-Additionally, you may want to handle leaked credentials detected by Cloudflare at your origin server.
+Additionally, you may want to handle leaked credentials detected by Cloudflare at your [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server/).
1. Turn on the [**Add Leaked Credentials Checks Header** managed transform](/rules/transform/managed-transforms/reference/#add-leaked-credentials-checks-header).
diff --git a/src/content/docs/waf/detections/leaked-credentials/index.mdx b/src/content/docs/waf/detections/leaked-credentials/index.mdx
index d948e30330d824..db34cd3e2fbbbb 100644
--- a/src/content/docs/waf/detections/leaked-credentials/index.mdx
+++ b/src/content/docs/waf/detections/leaked-credentials/index.mdx
@@ -7,7 +7,7 @@ sidebar:
label: Leaked credentials
---
-The leaked credentials [traffic detection](/waf/detections/) scans incoming requests for previously leaked credentials (usernames and passwords) previously leaked from data breaches.
+The leaked credentials [traffic detection](/waf/detections/) scans incoming requests for previously leaked credentials (usernames and passwords) previously leaked from [data breaches](https://www.cloudflare.com/learning/security/what-is-a-data-breach/).
:::note
If you are currently using [Exposed Credentials Check](/waf/managed-rules/check-for-exposed-credentials/) (a previous implementation) and want to upgrade to leaked credentials detection, refer to our [upgrade guide](/waf/managed-rules/check-for-exposed-credentials/upgrade-to-leaked-credentials-detection/).
@@ -26,7 +26,7 @@ In addition, leaked credentials detection provides a [managed transform](/rules/
One common approach used in web applications when detecting the use of stolen credentials is to warn end users about the situation and ask them to update their password. You can do this based on the managed header received at your origin server.
:::note
-Cloudflare may detect leaked credentials either because an attacker is performing a credential stuffing attack or because a legitimate end user is reusing a previously leaked password.
+Cloudflare may detect leaked credentials either because an attacker is performing a [credential stuffing](https://www.cloudflare.com/learning/bots/what-is-credential-stuffing/) attack or because a legitimate end user is reusing a previously leaked password.
:::
## Availability
diff --git a/src/content/docs/waf/get-started.mdx b/src/content/docs/waf/get-started.mdx
index 55c4e2fb5937fb..6f07346a91c96f 100644
--- a/src/content/docs/waf/get-started.mdx
+++ b/src/content/docs/waf/get-started.mdx
@@ -52,7 +52,7 @@ For more information on configuring the Cloudflare Managed Ruleset in the dashbo
WAF attack score is only available to Business customers (limited access to a single field) and Enterprise customers (full access).
:::
-[WAF attack score](/waf/detections/attack-score/) is a machine-learning layer that complements Cloudflare's managed rulesets, providing additional protection against SQL injection (SQLi), Cross-site scripting (XSS), and many remote code execution (RCE) attacks. It helps identify rule bypasses and potentially new, undiscovered attacks.
+[WAF attack score](/waf/detections/attack-score/) is a machine-learning layer that complements Cloudflare's managed rulesets, providing additional protection against [SQL injection](https://www.cloudflare.com/learning/security/threats/sql-injection/) (SQLi), [cross-site scripting](https://www.cloudflare.com/learning/security/threats/cross-site-scripting/) (XSS), and many [remote code execution](https://www.cloudflare.com/learning/security/what-is-remote-code-execution/) (RCE) attacks. It helps identify rule bypasses and potentially new, undiscovered attacks.
If you are an Enterprise customer, do the following:
@@ -79,7 +79,7 @@ If you are on a Business plan, create a custom rule as mentioned above but use t
Bot score is only available to Enterprise customers with [Bot Management](/bots/get-started/bm-subscription/). Customers on Pro and Business plans may enable [Super Bot Fight mode](/bots/get-started/pro/) instead.
:::
-Customers with access to [Bot Management](/bots/get-started/bm-subscription/) can block automated traffic (for example, from bots scraping online content) using a custom rule with bot score, preventing this traffic from hitting your application.
+Customers with access to [Bot Management](/bots/get-started/bm-subscription/) can block automated traffic (for example, from [bots scraping online content](https://www.cloudflare.com/learning/bots/what-is-content-scraping/)) using a custom rule with bot score, preventing this traffic from hitting your application.
1. Go to your domain > **Security** > **WAF** and select the **Custom rules** tab.
@@ -158,7 +158,7 @@ Create a rate limiting rule to [apply rate limiting on a login endpoint](/waf/ra
### Prevent credential stuffing attacks
-Use [leaked credential checks](/waf/managed-rules/check-for-exposed-credentials/) to prevent credential stuffing attacks on your applications.
+Use [leaked credential checks](/waf/managed-rules/check-for-exposed-credentials/) to prevent credential stuffing attacks on your applications.
### Prevent users from uploading malware into your applications
diff --git a/src/content/docs/waf/managed-rules/check-for-exposed-credentials/index.mdx b/src/content/docs/waf/managed-rules/check-for-exposed-credentials/index.mdx
index 3fa33d6d51fdd0..45b82cc8dea3ff 100644
--- a/src/content/docs/waf/managed-rules/check-for-exposed-credentials/index.mdx
+++ b/src/content/docs/waf/managed-rules/check-for-exposed-credentials/index.mdx
@@ -7,7 +7,7 @@ sidebar:
import { GlossaryTooltip, Render } from "~/components";
-Many web applications have suffered credential stuffing attacks in the recent past. In these attacks there is a massive number of login attempts using username/password pairs from databases of exposed credentials.
+Many web applications have suffered credential stuffing attacks in the recent past. In these attacks there is a massive number of login attempts using username/password pairs from databases of exposed credentials.
Cloudflare offers you automated checks for exposed credentials using Cloudflare Web Application Firewall (WAF).
diff --git a/src/content/docs/waf/managed-rules/reference/sensitive-data-detection.mdx b/src/content/docs/waf/managed-rules/reference/sensitive-data-detection.mdx
index ddfd760dd857b8..4dd807083454e8 100644
--- a/src/content/docs/waf/managed-rules/reference/sensitive-data-detection.mdx
+++ b/src/content/docs/waf/managed-rules/reference/sensitive-data-detection.mdx
@@ -13,9 +13,9 @@ This feature requires an Enterprise plan with a paid add-on.
The Cloudflare Sensitive Data Detection managed ruleset helps identify data leaks generated by your origin servers. Its rules run on the body of the response looking for patterns of common sensitive data, including:
-- Personal identifiable information (PII) — for example, passport numbers
-- Financial information — for example, credit card numbers
-- Secrets — for example, API keys
+- [Personally identifiable information](https://www.cloudflare.com/learning/privacy/what-is-pii/) (PII) — For example, passport numbers.
+- Financial information — For example, credit card numbers.
+- Secrets — For example, API keys.
Turning on Cloudflare Sensitive Data Detection will not introduce additional latency, since the detection occurs outside the response path. For this reason, rules are always deployed with the _Log_ action (you cannot block a response that was already sent), providing you with visibility on the sensitive data leaving your origin servers.
diff --git a/src/content/docs/waf/rate-limiting-rules/best-practices.mdx b/src/content/docs/waf/rate-limiting-rules/best-practices.mdx
index c53bb3622be290..2db4ddfd067570 100644
--- a/src/content/docs/waf/rate-limiting-rules/best-practices.mdx
+++ b/src/content/docs/waf/rate-limiting-rules/best-practices.mdx
@@ -78,7 +78,7 @@ _This example rule requires Advanced Rate Limiting._
## Protecting against credential stuffing
-A typical use case of rate limiting is to protect a login endpoint. The following example contains three different rate limiting rules with increasing penalties to manage clients making too many requests.
+A typical use case of rate limiting is to protect a login endpoint against attacks such as [credential stuffing](https://www.cloudflare.com/learning/bots/what-is-credential-stuffing/). The following example contains three different rate limiting rules with increasing penalties to manage clients making too many requests.
**Rule #1**
@@ -134,7 +134,7 @@ Login endpoints are also commonly protected against the [use of exposed credenti
## Limiting the number of operations
-You can use rate limiting to limit the number of operations performed by a client. The exact rule providing this protection will depend on your application. The following examples address content scraping via query string parameters or JSON body.
+You can use rate limiting to limit the number of operations performed by a client. The exact rule providing this protection will depend on your application. The following examples address [content scraping](https://www.cloudflare.com/learning/bots/what-is-content-scraping/) via query string parameters or JSON body.
### Prevent content scraping (via query string)
diff --git a/src/content/docs/waf/rate-limiting-rules/index.mdx b/src/content/docs/waf/rate-limiting-rules/index.mdx
index 5bc5bd1b06a2b0..95457b4b7efb14 100644
--- a/src/content/docs/waf/rate-limiting-rules/index.mdx
+++ b/src/content/docs/waf/rate-limiting-rules/index.mdx
@@ -50,3 +50,5 @@ Refer to the following resources:
- [Rate limiting rulesets](/waf/account/rate-limiting-rulesets/): Some Enterprise customers can create rate limiting rulesets at the account level that they can deploy to multiple Enterprise zones.
- [Cloudflare Rate Limiting (previous version, now deprecated)](/waf/reference/legacy/old-rate-limiting/): Documentation for the previous version of rate limiting rules (billed based on usage).
+
+- [Learning Center: What is rate limiting?](https://www.cloudflare.com/learning/bots/what-is-rate-limiting/)
diff --git a/src/content/docs/waf/tools/scrape-shield/hotlink-protection.mdx b/src/content/docs/waf/tools/scrape-shield/hotlink-protection.mdx
index a9d72369bbf9df..e2ab511ef3808d 100644
--- a/src/content/docs/waf/tools/scrape-shield/hotlink-protection.mdx
+++ b/src/content/docs/waf/tools/scrape-shield/hotlink-protection.mdx
@@ -8,7 +8,7 @@ sidebar:
import { Render, TabItem, Tabs } from "~/components";
-Hotlink Protection prevents your images from being used by other sites, which can reduce the bandwidth consumed by your origin server.
+Hotlink Protection prevents your images from being used by other sites, which can reduce the bandwidth consumed by your [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server/).
:::note
diff --git a/src/content/partials/waf/bic-description.mdx b/src/content/partials/waf/bic-description.mdx
index 9fb128b0a0a557..ced26dbfa912bc 100644
--- a/src/content/partials/waf/bic-description.mdx
+++ b/src/content/partials/waf/bic-description.mdx
@@ -1,8 +1,7 @@
---
{}
-
---
-Cloudflare's **Browser Integrity Check (BIC)** looks for common HTTP headers abused most commonly by spammers and denies access to your page.
+Cloudflare's **Browser Integrity Check (BIC)** looks for common HTTP headers abused most commonly by spammers and denies access to your page.
It also challenges visitors without a user agent or with a non-standard user agent such as commonly used by abusive bots, crawlers, or visitors.