cloudflare · daisyfaithauma · Mar 18, 2025 · Mar 18, 2025 · Mar 18, 2025 · Mar 18, 2025
@@ -17,6 +17,7 @@ import HeaderDropdowns from "../HeaderDropdowns.tsx";
 		<div id="right-group" class="hidden h-10 flex-wrap gap-x-8 overflow-hidden">
 			<HeaderDropdowns client:idle />
 			<a
+				id="header-login-button"
 				href="https://dash.cloudflare.com/"
 				class="flex items-center justify-center rounded bg-cl1-brand-orange px-6 font-medium text-cl1-black no-underline"
 			>
@@ -64,3 +65,13 @@ import HeaderDropdowns from "../HeaderDropdowns.tsx";
 		}
 	}
 </style>
+
+<script>
+	import { track } from "~/util/zaraz";
+
+	document
+		.querySelector("#header-login-button")
+		?.addEventListener("click", () => {
+			track("clicked header login button");
+		});
+</script>
@@ -3,6 +3,7 @@ title: Limitations
 pcx_content_type: reference
 sidebar:
   order: 5
+description: Review the limitations of Universal certificates, such as hostname coverage, certificate authority  choice, and compatibility with other products.
 head:
   - tag: title
     content: Limitations for Universal SSL

@@ -6,11 +6,8 @@ sidebar:
 head:
   - tag: title
     content: Troubleshooting Universal SSL
-description: Review how to troubleshoot issues when using Cloudflare Universal
-  SSL certificate.
-
+description: Review how to troubleshoot issues such as certificate timeouts when using Cloudflare Universal SSL.
 ---
-
 ## Resolve a timed out state
 
 If a certificate issuance times out, Cloudflare tells you where in the chain of issuance the timeout occurred: Initializing, Validation, Issuance, Deployment, or Deletion.

@@ -19,14 +19,14 @@ Once enabled, leaked credentials detection will scan incoming HTTP requests for
 
 If Cloudflare detects authentication credentials in the request, those credentials are checked against a list of known leaked credentials. This list of credentials consists of Cloudflare-collected credentials, in addition to the [Have I been Pwned (HIBP)](https://haveibeenpwned.com) matched passwords dataset.
 
-Cloudflare will populate the existing [leaked credentials fields](#leaked-credentials-fields) based on the scan results. You can check these results in the [Security Analytics](/waf/analytics/security-analytics/) dashboard, and use these fields in rule expressions ([custom rules](/waf/custom-rules/) or [rate limiting rules](/waf/rate-limiting-rules/)) to protect your application against the usage of compromised credentials by your end users, and also against leaked credential attacks.
+Cloudflare will populate the existing [leaked credentials fields](#leaked-credentials-fields) based on the scan results. You can check these results in the [Security Analytics](/waf/analytics/security-analytics/) dashboard, and use these fields in rule expressions ([custom rules](/waf/custom-rules/) or [rate limiting rules](/waf/rate-limiting-rules/)) to protect your application against the usage of compromised credentials by your end users, and also against leaked credential attacks. Cloudflare may detect leaked credentials either because an attacker is performing a [credential stuffing](https://www.cloudflare.com/learning/bots/what-is-credential-stuffing/) attack or because a legitimate end user is reusing a previously leaked password.
 
 In addition, leaked credentials detection provides a [managed transform](/rules/transform/managed-transforms/reference/#add-leaked-credentials-checks-header) that adds an `Exposed-Credential-Check` request header with a value indicating which field was leaked. For example, if both username and password were previously leaked, the header value will be `1`; if only the password was leaked, the value will be `4`.
 
 One common approach used in web applications when detecting the use of stolen credentials is to warn end users about the situation and ask them to update their password. You can do this based on the managed header received at your origin server.
 
 :::note
-Cloudflare may detect leaked credentials either because an attacker is performing a [credential stuffing](https://www.cloudflare.com/learning/bots/what-is-credential-stuffing/) attack or because a legitimate end user is reusing a previously leaked password.
+Cloudflare does not store, log, or retain plaintext end-user passwords when performing leaked credential checks. Passwords are hashed, converted into a cryptographic representation, and then compared against a database of leaked credentials.
 :::
 
 ## Availability

@@ -5,6 +5,10 @@ productLink: "/ai-gateway/"
 productArea: Developer platform
 productAreaLink: /workers/platform/changelog/platform/
 entries:
+  - publish_date: "2025-03-18"
+    title: WebSockets
+    description: |-
+      Added [WebSockets API](/ai-gateway/configuration/websockets-api/) provide a persistent connection for AI interactions, eliminating repeated handshakes and reducing latency.
   - publish_date: "2025-02-26"
     title: Guardrails
     description: |-

@@ -1,6 +1,6 @@
 import { experimental_AstroContainer } from "astro/container";
-import { getContainerRenderer } from "@astrojs/mdx";
-import { loadRenderers } from "astro:container";
+import reactRenderer from "@astrojs/react/server.js";
+import mdxRenderer from "@astrojs/mdx/server.js";
 import { render, type CollectionEntry } from "astro:content";
 import type { AstroComponentFactory } from "astro/runtime/server/index.js";
 
@@ -12,9 +12,14 @@ export async function entryToString(
 		return entry.rendered.html;
 	}
 
-	const renderers = await loadRenderers([getContainerRenderer()]);
-	const container = await experimental_AstroContainer.create({
-		renderers,
+	const container = await experimental_AstroContainer.create({});
+	container.addServerRenderer({
+		name: "astro:jsx",
+		renderer: mdxRenderer,
+	});
+	container.addServerRenderer({
+		name: "@astrojs/react",
+		renderer: reactRenderer,
 	});
 
 	const { Content } = await render(entry);
@@ -31,9 +36,14 @@ export async function componentToString(
 	component: AstroComponentFactory,
 	props: any,
 ) {
-	const renderers = await loadRenderers([getContainerRenderer()]);
-	const container = await experimental_AstroContainer.create({
-		renderers,
+	const container = await experimental_AstroContainer.create({});
+	container.addServerRenderer({
+		name: "astro:jsx",
+		renderer: mdxRenderer,
+	});
+	container.addServerRenderer({
+		name: "@astrojs/react",
+		renderer: reactRenderer,
 	});
 
 	const html = await container.renderToString(component, {