cloudflare · patriciasantaana · May 9, 2025 · May 8, 2025 · May 8, 2025 · May 8, 2025
@@ -212,6 +212,7 @@
 /src/content/docs/waf/ @pedrosousa @cloudflare/firewall @cloudflare/pcx-technical-writing
 /src/content/docs/waf/change-log/ @pedrosousa @cloudflare/firewall @vs-mg @cloudflare/pcx-technical-writing
 /src/content/release-notes/waf.yaml @pedrosousa @cloudflare/firewall @vs-mg @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-challenges/ @patriciasantaana @cloudflare/pcx-technical-writing
 
 # Support
 

@@ -232,6 +232,7 @@
 /bots/get-started/free/ /bots/get-started/bot-fight-mode/ 301
 /bots/get-started/bm-subscription/ /bots/get-started/bot-management/ 301
 /bots/get-started/pro/ /bots/get-started/super-bot-fight-mode/ 301
+/bots/additional-configurations/javascript-detections/ /cloudflare-challenges/challenge-types/javascript-detections/ 301
 
 #browser-rendering
 /browser-rendering/get-started/browser-rendering-with-do/ /browser-rendering/workers-binding-api/browser-rendering-with-do/ 301

@@ -1,46 +1,7 @@
 ---
-type: overview
-pcx_content_type: reference
+pcx_content_type: concept
 title: JavaScript detections
+external_link: /cloudflare-challenges/challenge-types/javascript-detections/
 sidebar:
-  order: 6
----
-
-import { Render } from "~/components"
-
-<Render file="javascript-detections-definition" params={{ one: " " }} />
-
-## Enable JavaScript detections
-
-For Free customers (Bot Fight Mode), JavaScript detections are automatically enabled and cannot be disabled.
-
-For all other customers (Super Bot Fight Mode and Bot Management for Enterprise), JavaScript detections are optional.
-
-<Render file="javascript-detections-enable" />
-
-For more details on how to set up bot protection, see [Get started](/bots/get-started/).
-
-## Enforcing execution of JavaScript detections
-
-<Render file="javascript-detections-implementation" />
-
-<Render file="cf-clearance-cookie" />
-
-## Limitations
-
-### If you enabled Bot Management before June 2020
-
-Customers who enabled Enterprise Bot Management before June 2020 do not have JavaScript detections enabled by default (unless specifically requested). These customers can still enable the feature in the Cloudflare dashboard.
-
-### If you have a Content Security Policy (CSP)
-
-<Render file="javascript-detections-csp" />
-
-:::caution[Warning]
-
-JavaScript detections are not supported with `nonce` set via `<meta>` tags. 
-:::
-
-### If you have ETags
-
-Enabling JavaScript Detections (JSD) will strip [ETags](/cache/reference/etag-headers/) from HTML responses where JSD is injected.
+  order: 2
+---
@@ -51,7 +51,7 @@ You can view blocked AI bot traffic via [Security Analytics](/waf/analytics/secu
 
 Enabling [JavaScript detections](/bots/additional-configurations/javascript-detections/) validates that the browser can run JavaScript, and is stored in the `cf.bot_management.js_detection.passed` variable.
 
-<Render file="javascript-detections-enable" params={{ one: "Bot Management" }} />
+<Render file="javascript-detections-enable" params={{ one: "Bot Management" }} product="cloudflare-challenges" />
 
 ### Deploy default templates
 

@@ -1,7 +1,47 @@
+
 ---
-pcx_content_type: concept
+type: overview
+pcx_content_type: reference
 title: JavaScript detections
-external_link: /bots/additional-configurations/javascript-detections/
 sidebar:
-  order: 2
----
+  order: 6
+---
+
+import { Render } from "~/components"
+
+<Render file="javascript-detections-definition" />
+
+## Enable JavaScript detections
+
+For Bot Fight Mode customers, JavaScript detections are automatically enabled and cannot be disabled.
+
+For Super Bot Fight Mode and Bot Management for Enterprise customers, JavaScript detections are optional.
+
+<Render file="javascript-detections-enable" />
+
+For more details on how to set up bot protection, refer to the [Bots documentation](/bots/get-started/).
+
+## Enforcing execution of JavaScript detections
+
+<Render file="javascript-detections-implementation" />
+
+<Render file="cf-clearance-cookie" />
+
+## Limitations
+
+### If you enabled Bot Management before June 2020
+
+Customers who enabled Enterprise Bot Management before June 2020 do not have JavaScript detections enabled by default (unless specifically requested). These customers can still enable the feature in the Cloudflare dashboard.
+
+### If you have a Content Security Policy (CSP)
+
+<Render file="javascript-detections-csp" />
+
+:::caution[Warning]
+
+JavaScript detections are not supported with `nonce` set via `<meta>` tags. 
+:::
+
+### If you have ETags
+
+Enabling JavaScript Detections (JSD) will strip [ETags](/cache/reference/etag-headers/) from HTML responses where JSD is injected.
@@ -11,8 +11,6 @@ import { Render, Description, Plan, RelatedProduct } from "~/components";
 Challenges are security mechanisms used by Cloudflare to verify whether a visitor to your site is a real human and not a bot or automated script. 
 </Description>
 
-<Plan type="all" />
-
 When a challenge is issued, Cloudflare asks the browser to perform a series of checks that help confirm the visitor’s legitimacy. This process involves evaluating client side signals or asking a visitor to take minimal action such as checking a box. Challenges are designed to protect your application without introducing unnecessary friction. Most visitors will pass challenges automatically without interaction. 
 
 Cloudflare does not use CAPTCHA puzzles or visual tests like selecting objects or typing distorted characters. All challenge types are lightweight, privacy-preserving, and optimized for real-world traffic. 

@@ -2,7 +2,7 @@
 pcx_content_type: reference
 title: Challenge solve rate (CSR)
 sidebar:
-  order: 1
+  order: 2
 ---
 
 import { Render } from "~/components"

@@ -2,7 +2,7 @@
 pcx_content_type: reference
 title: Private Access Tokens (PAT)
 sidebar:
-  order: 4
+  order: 3
 ---
 
 When a user is presented with a challenge page, Cloudflare decides what challenges need to be solved to prove they are human using results from the Private Access Token (PAT). If a user presents a token, they will have an easier time solving the challenge.

@@ -2,7 +2,7 @@
 pcx_content_type: reference
 title: Supported browsers
 sidebar:
-  order: 2
+  order: 4
 ---
 
 When your application sends a challenge, your visitors either receive a non-interactive or an interactive challenge page.

@@ -9,7 +9,7 @@ sidebar:
 
 Cloudflare's challenges can detect multiple languages and display the localized challenge experience, which is determined by `navigator.language` value. The [Navigator.language read-only property](https://developer.mozilla.org/en-US/docs/Web/API/Navigator/language) returns a string representing the preferred language of the user, usually the language of the browser user interface. 
 
-Refer to the table below for currently supported languages.
+For language support specific to challenge pages, refer to the table below. 
 
 | Language                         | Language code<br/>(4 letters) | Language code<br/>(2 letters) |
 | -------------------------------- | ----------------------------- | ----------------------------- |

@@ -2,7 +2,7 @@
 title: Challenge solve issues
 pcx_content_type: troubleshooting
 sidebar:
-  order: 4
+  order: 2
 
 ---
 

@@ -2,7 +2,7 @@
 title: FAQ
 pcx_content_type: faq
 sidebar:
-    order: 2
+    order: 3
 ---
 
 ## Why am I being challenged on a Cloudflare-protected site?

@@ -17,7 +17,7 @@ The prerequisite is crucial for pre-clearance to function properly. If set up co
 
 For more details on managing hostnames, refer to the [Hostname Management documentation](/turnstile/concepts/hostname-management/).
 
-<Render file="cf-clearance-cookie" product="bots" />
+<Render file="cf-clearance-cookie" product="cloudflare-challenges" />
 
 ## Enable pre-clearance on a new site
 

@@ -1,16 +1,11 @@
 ---
-inputParameters: param1
-
+{}
 ---
 
 import { Markdown } from "~/components"
 
 JavaScript detections are another method that help Cloudflare identify bot requests.
 
-{props.one}
-
-## What are JavaScript detections?
-
 These detections are implemented via a lightweight, invisible JavaScript code snippet that follows Cloudflare’s [privacy standards](https://www.cloudflare.com/privacypolicy/). JavaScript is injected only in response to requests for HTML pages or page views, excluding AJAX calls. API and mobile app traffic is unaffected. JavaScript detections have a lifespan of 15 minutes. However, the code is injected again before the session expires. After page load, the script is deferred and utilizes a separate thread (where available) to ensure that performance impact is minimal.
 
 The snippets of JavaScript will contain a source pointing to the challenge platform, with paths that start with `/cdn-cgi/challenge-platform/...`

@@ -3,7 +3,7 @@
 
 ---
 
-Once you enable JavaScript detections, you can use the `cf.bot_management.js_detection.passed` field in WAF custom rules (or the `request.cf.botManagement.jsDetection.passed` variable in Workers).
+Once you enable JavaScript detections, you can use the `cf.bot_management.js_detection.passed` field in [WAF custom rules](/waf/custom-rules/) (or the `request.cf.botManagement.jsDetection.passed` variable in [Workers](/workers/)).
 
 When adding this field to WAF custom rules, use it:
 
@@ -14,7 +14,7 @@ When adding this field to WAF custom rules, use it:
 ### Prerequisites
 
 * You must have JavaScript detections enabled on your zone.
-* You must have [updated your Content Security Policy headers](/bots/additional-configurations/javascript-detections/#if-you-have-a-content-security-policy-csp) for JavaScript detections.
+* You must have [updated your Content Security Policy headers](/cloudflare-challenges/challenge-types/javascript-detections/#if-you-have-a-content-security-policy-csp) for JavaScript detections.
 * You must not run this field on websocket endpoints.
 * You must use the field in a custom rules expression that expects only browser traffic.
 * The action should always be a managed challenge in case a legitimate user has not received the challenge for network or browser reasons.