From 171f7f242788d375ab892f134c58431f21b3c35f Mon Sep 17 00:00:00 2001
From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com>
Date: Wed, 19 Mar 2025 16:25:04 +0000
Subject: [PATCH 1/5] [Docs] Threat score follow up changes

---
 src/content/docs/waf/tools/security-level.mdx        | 6 ++----
 src/content/partials/waf/security-level-scores.mdx   | 2 --
 src/content/partials/waf/threat-score-definition.mdx | 4 +---
 3 files changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/content/docs/waf/tools/security-level.mdx b/src/content/docs/waf/tools/security-level.mdx
index 84d14bf7c3263f7..b2a0eb8c802a3ac 100644
--- a/src/content/docs/waf/tools/security-level.mdx
+++ b/src/content/docs/waf/tools/security-level.mdx
@@ -6,12 +6,10 @@ title: Security Level
 
 import { Render } from "~/components";
 
-<Render file="security-level-description" product="waf" />
-
----
+<Render file="security-level-scores" product="waf" />
 
 <Render file="threat-score-definition" product="waf" />
 
-<Render file="security-level-scores" product="waf" />
+
 
 ---
\ No newline at end of file
diff --git a/src/content/partials/waf/security-level-scores.mdx b/src/content/partials/waf/security-level-scores.mdx
index e57080b0a1fab0e..aeb25d26595926e 100644
--- a/src/content/partials/waf/security-level-scores.mdx
+++ b/src/content/partials/waf/security-level-scores.mdx
@@ -2,8 +2,6 @@
 {}
 ---
 
-## Security level
-
 Cloudflare provides _I'm Under Attack!_ as a security level.
 
 Cloudflare's Under Attack mode performs additional security checks to help mitigate layer 7 DDoS attacks.
diff --git a/src/content/partials/waf/threat-score-definition.mdx b/src/content/partials/waf/threat-score-definition.mdx
index d0a07325129ddc4..842885a7b084a81 100644
--- a/src/content/partials/waf/threat-score-definition.mdx
+++ b/src/content/partials/waf/threat-score-definition.mdx
@@ -4,9 +4,7 @@
 
 ## Threat score
 
-The threat score measures IP reputation across Cloudflare services. This score is calculated based on [Project Honeypot](https://www.projecthoneypot.org/), external public IP information, as well as internal threat intelligence from our [WAF managed rules](/waf/reference/legacy/old-waf-managed-rules/) and [DDoS](/ddos-protection/about/).
-
-The threat score of a request has a value from 0 to 100, where 0 indicates low risk. Values above 10 may represent spammers or bots, and values above 40 identify bad actors on the Internet.
+Previously, a threat score represented a Cloudflare threat score from 0–100, where 0 indicates low risk. Now, a threat score is default to 0.
 
 :::note[Recommendation]
 Currently we do not recommend creating rules based on the threat score, since this score is no longer being populated.

From 2cfd7e3475896ac43cb00bdb63e745bd8373dbd5 Mon Sep 17 00:00:00 2001
From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com>
Date: Thu, 20 Mar 2025 12:30:10 +0000
Subject: [PATCH 2/5] adding always protected

---
 src/content/partials/waf/security-level-scores.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/partials/waf/security-level-scores.mdx b/src/content/partials/waf/security-level-scores.mdx
index aeb25d26595926e..4920d5a806909e0 100644
--- a/src/content/partials/waf/security-level-scores.mdx
+++ b/src/content/partials/waf/security-level-scores.mdx
@@ -2,7 +2,7 @@
 {}
 ---
 
-Cloudflare provides _I'm Under Attack!_ as a security level.
+Cloudflare provides _Always protected_ and _I'm Under Attack!_ as security levels.
 
 Cloudflare's Under Attack mode performs additional security checks to help mitigate layer 7 DDoS attacks.
 

From ab94f967f25c3f2d1d608715104213021b1b636c Mon Sep 17 00:00:00 2001
From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com>
Date: Thu, 20 Mar 2025 12:31:03 +0000
Subject: [PATCH 3/5] Apply suggestions from code review

Co-authored-by: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
---
 src/content/partials/waf/threat-score-definition.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/partials/waf/threat-score-definition.mdx b/src/content/partials/waf/threat-score-definition.mdx
index 842885a7b084a81..87063f7dd3b90fc 100644
--- a/src/content/partials/waf/threat-score-definition.mdx
+++ b/src/content/partials/waf/threat-score-definition.mdx
@@ -4,7 +4,7 @@
 
 ## Threat score
 
-Previously, a threat score represented a Cloudflare threat score from 0–100, where 0 indicates low risk. Now, a threat score is default to 0.
+Previously, a threat score represented a Cloudflare threat score from 0–100, where 0 indicates low risk. Now, the threat score is always `0` (zero).
 
 :::note[Recommendation]
 Currently we do not recommend creating rules based on the threat score, since this score is no longer being populated.

From cfb4df94167650975a51e9b93e7757c4a2583470 Mon Sep 17 00:00:00 2001
From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com>
Date: Thu, 20 Mar 2025 12:34:19 +0000
Subject: [PATCH 4/5] Updating yaml file

---
 src/content/fields/index.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/content/fields/index.yaml b/src/content/fields/index.yaml
index 12eab1c468b1c47..d2021f37be84cf4 100644
--- a/src/content/fields/index.yaml
+++ b/src/content/fields/index.yaml
@@ -602,9 +602,9 @@ entries:
     data_type: Number
     categories: [Request]
     keywords: [request, cloudflare, score, client, visitor]
-    summary: Represents a Cloudflare threat score from 0–100, where 0 indicates low risk.
+    summary: Represents a Cloudflare threat score.
     description: |-
-      Values above 10 may represent spammers or bots, and values above 40 identify bad actors on the Internet. It is rare to see values above 60. A common recommendation is to challenge requests with a score above 10 and to block those above 50.
+      Threat score is defaulted to `0`.
 
   - name: cf.tls_cipher
     data_type: String

From ac39500cc8272b881d2f8473a5808a2a37d80034 Mon Sep 17 00:00:00 2001
From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com>
Date: Thu, 20 Mar 2025 12:55:04 +0000
Subject: [PATCH 5/5] Apply suggestions from code review

Co-authored-by: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
---
 src/content/fields/index.yaml                      | 2 +-
 src/content/partials/waf/security-level-scores.mdx | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/content/fields/index.yaml b/src/content/fields/index.yaml
index d2021f37be84cf4..793673d750c47fe 100644
--- a/src/content/fields/index.yaml
+++ b/src/content/fields/index.yaml
@@ -604,7 +604,7 @@ entries:
     keywords: [request, cloudflare, score, client, visitor]
     summary: Represents a Cloudflare threat score.
     description: |-
-      Threat score is defaulted to `0`.
+      Previously, a threat score represented a Cloudflare threat score from 0–100, where 0 indicated low risk. Now, the threat score is always `0` (zero).
 
   - name: cf.tls_cipher
     data_type: String
diff --git a/src/content/partials/waf/security-level-scores.mdx b/src/content/partials/waf/security-level-scores.mdx
index 4920d5a806909e0..42e0533c6b76712 100644
--- a/src/content/partials/waf/security-level-scores.mdx
+++ b/src/content/partials/waf/security-level-scores.mdx
@@ -2,7 +2,9 @@
 {}
 ---
 
-Cloudflare provides _Always protected_ and _I'm Under Attack!_ as security levels.
+In the Cloudflare dashboard, security level has the value _Always protected_ and you cannot change this setting. To turn Under Attack mode on or off, use the separate toggle.
+
+In the API and in Terraform, use security level to turn Under Attack mode on or off.
 
 Cloudflare's Under Attack mode performs additional security checks to help mitigate layer 7 DDoS attacks.
 
