diff --git a/src/components/overrides/Header.astro b/src/components/overrides/Header.astro
index 158974662a2449..b85462554816fe 100644
--- a/src/components/overrides/Header.astro
+++ b/src/components/overrides/Header.astro
@@ -17,6 +17,7 @@ import HeaderDropdowns from "../HeaderDropdowns.tsx";
 		<div id="right-group" class="hidden h-10 flex-wrap gap-x-8 overflow-hidden">
 			<HeaderDropdowns client:idle />
 			<a
+				id="header-login-button"
 				href="https://dash.cloudflare.com/"
 				class="flex items-center justify-center rounded bg-cl1-brand-orange px-6 font-medium text-cl1-black no-underline"
 			>
@@ -64,3 +65,13 @@ import HeaderDropdowns from "../HeaderDropdowns.tsx";
 		}
 	}
 </style>
+
+<script>
+	import { track } from "~/util/zaraz";
+
+	document
+		.querySelector("#header-login-button")
+		?.addEventListener("click", () => {
+			track("clicked header login button");
+		});
+</script>
diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
index 516e22a8cc32eb..14fd22d4a71e90 100644
--- a/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
+++ b/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
@@ -3,6 +3,7 @@ title: Limitations
 pcx_content_type: reference
 sidebar:
   order: 5
+description: Review the limitations of Universal certificates, such as hostname coverage, certificate authority  choice, and compatibility with other products.
 head:
   - tag: title
     content: Limitations for Universal SSL
diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/troubleshooting.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/troubleshooting.mdx
index ac4ab00a19f98a..744cb25a80e170 100644
--- a/src/content/docs/ssl/edge-certificates/universal-ssl/troubleshooting.mdx
+++ b/src/content/docs/ssl/edge-certificates/universal-ssl/troubleshooting.mdx
@@ -6,11 +6,8 @@ sidebar:
 head:
   - tag: title
     content: Troubleshooting Universal SSL
-description: Review how to troubleshoot issues when using Cloudflare Universal
-  SSL certificate.
-
+description: Review how to troubleshoot issues such as certificate timeouts when using Cloudflare Universal SSL.
 ---
-
 ## Resolve a timed out state
 
 If a certificate issuance times out, Cloudflare tells you where in the chain of issuance the timeout occurred: Initializing, Validation, Issuance, Deployment, or Deletion.
diff --git a/src/content/docs/waf/detections/leaked-credentials/index.mdx b/src/content/docs/waf/detections/leaked-credentials/index.mdx
index 4d43d44c37e5d1..522c488b87ddc6 100644
--- a/src/content/docs/waf/detections/leaked-credentials/index.mdx
+++ b/src/content/docs/waf/detections/leaked-credentials/index.mdx
@@ -19,14 +19,14 @@ Once enabled, leaked credentials detection will scan incoming HTTP requests for
 
 If Cloudflare detects authentication credentials in the request, those credentials are checked against a list of known leaked credentials. This list of credentials consists of Cloudflare-collected credentials, in addition to the [Have I been Pwned (HIBP)](https://haveibeenpwned.com) matched passwords dataset.
 
-Cloudflare will populate the existing [leaked credentials fields](#leaked-credentials-fields) based on the scan results. You can check these results in the [Security Analytics](/waf/analytics/security-analytics/) dashboard, and use these fields in rule expressions ([custom rules](/waf/custom-rules/) or [rate limiting rules](/waf/rate-limiting-rules/)) to protect your application against the usage of compromised credentials by your end users, and also against leaked credential attacks.
+Cloudflare will populate the existing [leaked credentials fields](#leaked-credentials-fields) based on the scan results. You can check these results in the [Security Analytics](/waf/analytics/security-analytics/) dashboard, and use these fields in rule expressions ([custom rules](/waf/custom-rules/) or [rate limiting rules](/waf/rate-limiting-rules/)) to protect your application against the usage of compromised credentials by your end users, and also against leaked credential attacks. Cloudflare may detect leaked credentials either because an attacker is performing a [credential stuffing](https://www.cloudflare.com/learning/bots/what-is-credential-stuffing/) attack or because a legitimate end user is reusing a previously leaked password.
 
 In addition, leaked credentials detection provides a [managed transform](/rules/transform/managed-transforms/reference/#add-leaked-credentials-checks-header) that adds an `Exposed-Credential-Check` request header with a value indicating which field was leaked. For example, if both username and password were previously leaked, the header value will be `1`; if only the password was leaked, the value will be `4`.
 
 One common approach used in web applications when detecting the use of stolen credentials is to warn end users about the situation and ask them to update their password. You can do this based on the managed header received at your origin server.
 
 :::note
-Cloudflare may detect leaked credentials either because an attacker is performing a [credential stuffing](https://www.cloudflare.com/learning/bots/what-is-credential-stuffing/) attack or because a legitimate end user is reusing a previously leaked password.
+Cloudflare does not store, log, or retain plaintext end-user passwords when performing leaked credential checks. Passwords are hashed, converted into a cryptographic representation, and then compared against a database of leaked credentials.
 :::
 
 ## Availability
diff --git a/src/content/release-notes/ai-gateway.yaml b/src/content/release-notes/ai-gateway.yaml
index 6e51d8e0c7a95a..ced2940ca67ae1 100644
--- a/src/content/release-notes/ai-gateway.yaml
+++ b/src/content/release-notes/ai-gateway.yaml
@@ -5,6 +5,10 @@ productLink: "/ai-gateway/"
 productArea: Developer platform
 productAreaLink: /workers/platform/changelog/platform/
 entries:
+  - publish_date: "2025-03-18"
+    title: WebSockets
+    description: |-
+      Added [WebSockets API](/ai-gateway/configuration/websockets-api/) provide a persistent connection for AI interactions, eliminating repeated handshakes and reducing latency.
   - publish_date: "2025-02-26"
     title: Guardrails
     description: |-
diff --git a/src/util/container.ts b/src/util/container.ts
index f1ed02544ab3bb..bf22794f0a13d9 100644
--- a/src/util/container.ts
+++ b/src/util/container.ts
@@ -1,6 +1,6 @@
 import { experimental_AstroContainer } from "astro/container";
-import { getContainerRenderer } from "@astrojs/mdx";
-import { loadRenderers } from "astro:container";
+import reactRenderer from "@astrojs/react/server.js";
+import mdxRenderer from "@astrojs/mdx/server.js";
 import { render, type CollectionEntry } from "astro:content";
 import type { AstroComponentFactory } from "astro/runtime/server/index.js";
 
@@ -12,9 +12,14 @@ export async function entryToString(
 		return entry.rendered.html;
 	}
 
-	const renderers = await loadRenderers([getContainerRenderer()]);
-	const container = await experimental_AstroContainer.create({
-		renderers,
+	const container = await experimental_AstroContainer.create({});
+	container.addServerRenderer({
+		name: "astro:jsx",
+		renderer: mdxRenderer,
+	});
+	container.addServerRenderer({
+		name: "@astrojs/react",
+		renderer: reactRenderer,
 	});
 
 	const { Content } = await render(entry);
@@ -31,9 +36,14 @@ export async function componentToString(
 	component: AstroComponentFactory,
 	props: any,
 ) {
-	const renderers = await loadRenderers([getContainerRenderer()]);
-	const container = await experimental_AstroContainer.create({
-		renderers,
+	const container = await experimental_AstroContainer.create({});
+	container.addServerRenderer({
+		name: "astro:jsx",
+		renderer: mdxRenderer,
+	});
+	container.addServerRenderer({
+		name: "@astrojs/react",
+		renderer: reactRenderer,
 	});
 
 	const html = await container.renderToString(component, {