cloudflare · patriciasantaana · Apr 3, 2025 · Apr 2, 2025 · Apr 2, 2025 · Apr 2, 2025
@@ -178,16 +178,27 @@
 /api-shield/security/sequential-abuse-detection/ /api-shield/security/sequence-analytics/ 301
 
 # bots
-/bots/about/javascript-detections/ /bots/reference/javascript-detections/ 301
 /bots/about/plans/ /bots/plans/ 301
 /bots/about/plans/biz-and-ent/ /bots/plans/biz-and-ent/ 301
 /bots/about/plans/bm-subscription/ /bots/plans/bm-subscription/ 301
 /support/firewall/tools/cloudflare-bot-products-faqs/ /bots/troubleshooting/ 301
 /support/other-languages/deutsch/cloudflare-bot/ /bots/troubleshooting/ 301
-/bots/concepts/ja3-fingerprint/ /bots/concepts/ja3-ja4-fingerprint/ 301
 /bots/reference/verified-bot-categories/ /bots/concepts/bot/verified-bots/categories/ 301
 /bots/reference/verified-bot-policy/ /bots/concepts/bot/verified-bots/policy/ 301
 /bots/concepts/challenge-solve-rate/ /fundamentals/security/cloudflare-challenges/challenge-solve-rate/ 301
+/bots/concepts/detection-ids/ /bots/additional-configurations/detection-ids/ 301
+/bots/concepts/ja3-ja4-fingerprint/ /bots/additional-configurations/ja3-ja4-fingerprint/ 301
+/bots/concepts/signals-intelligence/ /bots/additional-configurations/ja3-ja4-fingerprint/signals-intelligence/ 301
+/bots/reference/javascript-detections/ /bots/additional-configurations/javascript-detections/ 301
+/bots/concepts/sequence-rules/ /bots/additional-configurations/sequence-rules/ 301
+/bots/reference/static-resources/ /bots/additional-configurations/static-resources/ 301
+/bots/bot-analytics/biz-and-ent/ /bots/bot-analytics/ 301
+/bots/bot-analytics/bm-subscription/ /bots/bot-analytics/ 301
+/bots/concepts/cloudflare-bot-tags/ /bots/concepts/bot-tags/ 301
+/bots/get-started/biz-and-ent/ /bots/get-started/super-bot-fight-mode/ 301
+/bots/get-started/free/ /bots/get-started/bot-fight-mode/ 301
+/bots/get-started/bm-subscription/ /bots/get-started/bot-management/ 301
+/bots/get-started/pro/ /bots/get-started/super-bot-fight-mode/ 301
 
 #browser-rendering
 /browser-rendering/get-started/browser-rendering-with-do/ /browser-rendering/workers-binding-api/browser-rendering-with-do/ 301

@@ -10,7 +10,7 @@ import { GlossaryTooltip, Render } from "~/components"
 
 API Shield sequence custom rules use the configured API Shield <GlossaryTooltip term="session identifier">session identifier</GlossaryTooltip> to track the order of requests a user has made and the time between requests, and makes them available via [Cloudflare Rules](/rules). This allows you to write rules that match valid or invalid sequences.
 
-These rules are different from [cookie sequence rules](/bots/concepts/sequence-rules/) in a few ways: 
+These rules are different from [cookie sequence rules](/bots/additional-configurations/sequence-rules/) in a few ways: 
 
 - They only require an API Shield subscription.
 - They require [session identifiers](/api-shield/get-started/#session-identifiers) to be set in API Shield.

@@ -1,7 +1,8 @@
 ---
 pcx_content_type: concept
 title: Detection IDs
-
+sidebar:
+  order: 2
 ---
 
 import { Render } from "~/components"

@@ -0,0 +1,16 @@
+---
+title: Additional configurations
+pcx_content_type: navigation
+sidebar:
+  order: 5
+  group:
+    hideIndex: true
+head:
+  - tag: title
+    content: Additional Bots configurations
+
+---
+
+import { DirectoryListing } from "~/components"
+
+<DirectoryListing />
@@ -1,6 +1,8 @@
 ---
 pcx_content_type: concept
 title: JA3/JA4 fingerprint
+sidebar:
+  order: 1
 
 ---
 
@@ -78,7 +80,7 @@ This sample was generated using [Workers' Cloudflare Object script](/workers/exa
 
 To get more information about potential bot requests, use these JA3 and JA4 fingerprints in:
 
-- [Bot Analytics](/bots/bot-analytics/bm-subscription/)
+- [Bot Analytics](/bots/bot-analytics/#enterprise-bot-management)
 - [Security Events](/waf/analytics/security-events/) and [Security Analytics](/waf/analytics/security-analytics/)
 - [Analytics GraphQL API](/analytics/graphql-api/), specifically the **HTTP Requests** dataset
 - [Logs](/logs/reference/log-fields/zone/http_requests/)

@@ -1,12 +1,13 @@
 ---
 pcx_content_type: concept
 title: Signals Intelligence
-
+sidebar:
+  order: 1
 ---
 
 import { Render } from "~/components"
 
-For every available [JA4 fingerprint](/bots/concepts/ja3-ja4-fingerprint/), Bot Management customers can view how Cloudflare sees it on the Internet and what behavior we view with the fingerprint. This data can help you understand why a request is scored in a particular fashion or allow you to use the aggregate data in your own ML models, run in either [Cloudflare Workers](/workers/) or at the origin location.
+For every available [JA4 fingerprint](/bots/additional-configurations/ja3-ja4-fingerprint/), Bot Management customers can view how Cloudflare sees it on the Internet and what behavior we view with the fingerprint. This data can help you understand why a request is scored in a particular fashion or allow you to use the aggregate data in your own ML models, run in either [Cloudflare Workers](/workers/) or at the origin location.
 
 Specifically, for each JA4 fingerprint, you will be able to access the following information:
 

@@ -2,8 +2,8 @@
 type: overview
 pcx_content_type: reference
 title: JavaScript detections
-weight: 0
-
+sidebar:
+  order: 6
 ---
 
 import { Render } from "~/components"

@@ -1,12 +1,13 @@
 ---
 pcx_content_type: reference
 title: Sequence rules
-
+sidebar:
+  order: 4
 ---
 
 import { Render } from "~/components"
 
-<Render file="sequence-rules" product="bots" params={{ one: "Sequence rules", two: "/bots/concepts/sequence-rules/" }} />
+<Render file="sequence-rules" product="bots" params={{ one: "Sequence rules", two: "/bots/additional-configurations/sequence-rules/" }} />
 
 Sequence rules is currently in private beta. If you would like to be included in the beta, contact your account team.
 

@@ -1,7 +1,8 @@
 ---
 pcx_content_type: reference
 title: Static resource protection
-weight: 0
+sidebar:
+  order: 7
 
 ---
 

@@ -1,25 +1,27 @@
 ---
-title: Business
-pcx_content_type: reference
+title: Bot Analytics
+pcx_content_type: navigation
 sidebar:
-  order: 3
+  order: 5
 head:
   - tag: title
-    content: Super Bot Fight Mode (Business) Analytics
+    content: Cloudflare Bot Analytics
 
 ---
 
 import { GlossaryTooltip, Render } from "~/components"
 
+## Business and Enterprise
+
 Business and Enterprise customers without Bot Management can use **Bot Analytics** to dynamically examine bot traffic. These dashboards offer less functionality than Bot Management for Enterprise but still help you understand bot traffic on your domain.
 
-## Access
+### Access
 
 To use Bot Analytics, open the Cloudflare dashboard and select **Security** > **Bots**.
 
 ![View Bot Analytics in the Cloudflare dashboard. For more details, keep reading.](~/assets/images/bots/bot-analytics-dashboard-biz.png)
 
-## Features
+### Features
 
 For a full tour of Bot Analytics, see [our blog post](https://blog.cloudflare.com/introducing-bot-analytics/). At a high level, the tool includes:
 
@@ -31,12 +33,43 @@ Bot Analytics shows up to 72 hours of data at a time and can display data up to
 
 <Render file="analytics-features" />
 
-## Common uses
+### Common uses
 
 Business and Enterprise customers without Bot Management can use Bot Analytics to:
 
 - Understand <GlossaryTooltip term="bot">bot</GlossaryTooltip> traffic
 - Study recent attacks to find trends and detailed information
 - Learn more about Cloudflare’s detection engines with real data
 
-For more details and granular control over bot traffic, consider upgrading to [Bot Management for Enterprise](/bots/bot-analytics/bm-subscription/).
+For more details and granular control over bot traffic, consider upgrading to [Bot Management for Enterprise](/bots/bot-analytics/#enterprise-bot-management).
+
+## Enterprise Bot Management
+
+Enterprise customers with Bot Management can use **Bot Analytics** to dynamically examine bot traffic.
+
+### Access
+
+To use Bot Analytics, open the Cloudflare dashboard and select **Security** > **Bots**.
+
+![View Bot Analytics in the Cloudflare dashboard. For more details, keep reading.](~/assets/images/bots/bot-analytics-dashboard-ent.png)
+
+### Features
+
+<Render file="bm-analytics-features" />
+
+<Render file="analytics-features" />
+
+### Common uses
+
+Bot Management customers can use Bot Analytics to:
+
+- Understand traffic during [your onboarding phase](/bots/get-started/bot-management/).
+- Tune WAF custom rules to be effective but not overly aggressive.
+- Study recent attacks to find trends and detailed information.
+- Learn more about Cloudflare’s detection engines with real data.
+
+### API
+
+Data from Bot Analytics is also available via the GraphQL API. You can access <GlossaryTooltip term="bot score">bot scores</GlossaryTooltip>, bot sources, <GlossaryTooltip term="bot tags" link="/bots/concepts/bot-tags/">bot tags</GlossaryTooltip>, and bot _decisions_ (_automated_, _likely automated_, etc.), and more.
+
+Read the [GraphQL Analytics API documentation](/analytics/graphql-api/) for more information about GraphQL and basic querying.
@@ -0,0 +1,35 @@
+---
+pcx_content_type: navigation
+title: Bot detection engines
+sidebar:
+  order: 5
+
+---
+
+import { Render } from "~/components"
+
+## Heuristics
+
+<Render file="bots-heuristics" />
+
+## JavaScript detections
+
+<Render file="bots-jsd" />
+
+JSD is completely optional. To adjust your settings, configure Super Bot Fight Mode from **Security** > **Bots**.
+
+## Machine Learning (Business and Enterprise)
+
+<Render file="bots-ml" />
+
+The ML engine identifies _likely automated_ traffic.
+
+## Anomaly detection (Enterprise)
+
+<Render file="bots-ad" />
+
+## Notes on detection
+
+<Render file="bots-cookie" />
+
+<Render file="disable-cf-bm-cookie" />
@@ -1,7 +1,7 @@
 ---
 type: overview
 pcx_content_type: reference
-title: Bot Tags
+title: Bot tags
 sidebar:
   order: 3
 
@@ -20,7 +20,7 @@ Bot tags are only available to Enterprise customers who have purchased Bot Manag
 
 ## Potential values
 
-Once you [enable Bot Tags](#enable-bot-tags), you can see more information about bot requests, such as whether a request came from a verified bot (like Bing) or a category of verified bot (like SearchEngine).
+Once you [enable bot tags](#enable-bot-tags), you can see more information about bot requests, such as whether a request came from a verified bot (like Bing) or a category of verified bot (like SearchEngine).
 
 <Render file="bot-tags-values" />
 
@@ -30,6 +30,6 @@ To enable bot tags, include the `BotTags` log field when using our [Logpush serv
 
 ## Limitations
 
-Currently, Bot Tags are only available in log fields.
+Currently, bot tags are only available in log fields.
 
-Future work will add more values and extend Bot Tags to other Cloudflare products.
+Future work will add more values and extend bot tags to other Cloudflare products.
@@ -1,7 +1,8 @@
 ---
 pcx_content_type: concept
 title: Bot Feedback Loop
-
+sidebar:
+  order: 4
 ---
 
 import { GlossaryTooltip } from "~/components"
@@ -212,7 +213,7 @@ The instructions below apply to Enterprise subscription with Bot Management only
 
 After submitting a false positive, you can explicitly allow the traffic if you are confident that this traffic source cannot be used for abuse in the future. To allow traffic, you can create a WAF custom rule with a [Skip the remaining custom rules](/waf/custom-rules/skip/options/) action that matches the characteristics of your false positive report. We recommend any skip rule that you create uses the most narrow possible scope, including restricting the request methods and URIs that the expected traffic has access to, to limit potential abuse.
 
-* Allowing a **[JA3/JA4 fingerprint](/bots/concepts/ja3-ja4-fingerprint/)**:  If you want to allow access to a stable software client that does not come from a dedicated IP, you can do so by looking up the JA3 fingerprint(s) used by that client in the Bot Analytics dashboard, and creating a WAF custom rule to allow traffic based on that JA3 fingerprint. JA3 fingerprints will only match a client’s TLS library, so be cautious in looking for both overlap with other clients and with variation based on the operating system. <br/><br/>Cloudflare does not recommend relying on JA3 rules for mobile applications that may be abused. If you have questions about how to securely allow traffic from your mobile application, please contact your account team.
+* Allowing a **[JA3/JA4 fingerprint](/bots/additional-configurations/ja3-ja4-fingerprint/)**:  If you want to allow access to a stable software client that does not come from a dedicated IP, you can do so by looking up the JA3 fingerprint(s) used by that client in the Bot Analytics dashboard, and creating a WAF custom rule to allow traffic based on that JA3 fingerprint. JA3 fingerprints will only match a client’s TLS library, so be cautious in looking for both overlap with other clients and with variation based on the operating system. <br/><br/>Cloudflare does not recommend relying on JA3 rules for mobile applications that may be abused. If you have questions about how to securely allow traffic from your mobile application, please contact your account team.
 
 :::note
 

@@ -2,7 +2,7 @@
 pcx_content_type: navigation
 title: Concepts
 sidebar:
-  order: 3
+  order: 4
   group:
     hideIndex: true