cloudflare · pedrosousa · Sep 12, 2025 · Sep 11, 2025 · Sep 11, 2025 · Sep 11, 2025
@@ -9,6 +9,8 @@ sidebar:
 
 import { GlossaryTooltip, Render, Steps } from "~/components"
 
+<Render file="survey" product="waf" />
+
 This guide will help you set up API Shield to identify and address API security best practices.
 
 :::note

@@ -11,6 +11,8 @@ head:
 
 import { Description, Feature, Plan, RelatedProduct, Render } from "~/components"
 
+<Render file="survey" product="waf" />
+
 <Description>
 Identify and address your API vulnerabilities.
 </Description>

@@ -7,7 +7,9 @@ sidebar:
 
 ---
 
-import { GlossaryTooltip, Plan, Steps, Tabs, TabItem } from "~/components"
+import { GlossaryTooltip, Plan, Steps, Tabs, TabItem, Render } from "~/components"
+
+<Render file="survey" product="waf" />
 
 <Plan type="all" />
 

@@ -6,7 +6,9 @@ sidebar:
 
 ---
 
-import { DirectoryListing } from "~/components"
+import { DirectoryListing, Render } from "~/components"
+
+<Render file="survey" product="waf" />
 
 Cloudflare offers the following features to help secure your APIs:
 

@@ -8,6 +8,8 @@ sidebar:
 
 import { GlossaryTooltip, Steps, Tabs, TabItem, Render } from "~/components"
 
+<Render file="survey" product="waf" />
+
 <GlossaryTooltip term="JSON web token (JWT)">JSON web tokens (JWT)</GlossaryTooltip> are often used as part of an authentication component on many web applications today. Since JWTs are crucial to identifying users and their access, ensuring the token’s integrity is important.
 
 API Shield’s JWT validation stops JWT replay attacks and JWT tampering by cryptographically verifying incoming JWTs before they are passed to your API origin. JWT validation will also stop requests with expired tokens or tokens that are not yet valid.

@@ -6,7 +6,9 @@ sidebar:
 
 ---
 
-import { GlossaryDefinition, GlossaryTooltip, Plan, Steps, Tabs, TabItem } from "~/components"
+import { GlossaryDefinition, GlossaryTooltip, Plan, Steps, Tabs, TabItem, Render } from "~/components"
+
+<Render file="survey" product="waf" />
 
 <Plan type="all" />
 

@@ -10,6 +10,8 @@ head:
 
 import { GlossaryTooltip, Render } from "~/components";
 
+<Render file="survey" product="waf" />
+
 ## Business and Enterprise
 
 Business and Enterprise customers without Bot Management can use **Bot Analytics** to dynamically examine bot traffic. These dashboards offer less functionality than Bot Management for Enterprise but still help you understand bot traffic on your domain.

@@ -11,6 +11,8 @@ head:
 
 import { Tabs, TabItem, Steps, Render } from '~/components';
 
+<Render file="survey" product="waf" />
+
 Bot Fight Mode is a simple, free product that helps detect and mitigate bot traffic on your domain. When enabled, the product:
 
 - Identifies traffic matching patterns of known bots

@@ -11,6 +11,8 @@ learning_center:
 
 import { Tabs, TabItem, Steps, Render } from '~/components';
 
+<Render file="survey" product="waf" />
+
 Bot Management for Enterprise is a paid add-on that provides sophisticated bot protection for your domain. Customers can identify automated traffic, take appropriate action, and view detailed analytics within the dashboard.
 
 This Enterprise product provides the most flexibility to customers by:

@@ -11,6 +11,8 @@ head:
 
 import { Render, Tabs, TabItem, Steps } from "~/components"
 
+<Render file="survey" product="waf" />
+
 Super Bot Fight Mode is included in your Pro, Business, or Enterprise subscription. When enabled, the product:
 
 - Identifies traffic matching patterns of known bots

@@ -10,6 +10,8 @@ head:
 
 import { CardGrid, Description, Feature, LinkTitleCard, Plan, RelatedProduct, Render } from "~/components"
 
+<Render file="survey" product="waf" />
+
 <Description>
 
 Identify and mitigate automated traffic to protect your domain from bad bots. 

@@ -10,6 +10,8 @@ head:
 
 import { GlossaryTooltip, Render } from "~/components";
 
+<Render file="survey" product="waf" />
+
 ## Prefixes
 
 Advanced DDoS Protection protects the IP prefixes you select from sophisticated DDoS attacks. A prefix can be an IP address or an IP range in CIDR format. You must add prefixes to Advanced DDoS Protection so that Cloudflare can analyze incoming <GlossaryTooltip term="data packet">packets</GlossaryTooltip> and offer protection against sophisticated TCP DDoS attacks.

@@ -6,7 +6,9 @@ sidebar:
 
 ---
 
-import { Steps } from "~/components"
+import { Steps, Render } from "~/components"
+
+<Render file="survey" product="waf" />
 
 ## Free, Pro, and Business plans
 

@@ -8,7 +8,9 @@ head:
     content: Overview
 ---
 
-import { Description, Feature, FeatureTable, GlossaryTooltip, Plan, RelatedProduct } from "~/components"
+import { Description, Feature, FeatureTable, GlossaryTooltip, Plan, RelatedProduct, Render } from "~/components"
+
+<Render file="survey" product="waf" />
 
 <Description>
 

@@ -9,6 +9,8 @@ head: []
 description: Learn more about Page Shield's detection features.
 ---
 
-import { DirectoryListing } from "~/components";
+import { DirectoryListing, Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 <DirectoryListing />
@@ -11,6 +11,8 @@ description: Learn how to get started with client-side resource monitoring.
 
 import { Tabs, TabItem, Render, Steps } from "~/components";
 
+<Render file="survey" product="waf" />
+
 ## Activate client-side resource monitoring
 
 To enable client-side resource monitoring:

@@ -10,7 +10,9 @@ description: Page Shield tracks resources (such as scripts) loaded by your
   malicious resources.
 ---
 
-import { GlossaryTooltip } from "~/components";
+import { GlossaryTooltip, Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 Page Shield helps manage client-side resources loaded by your website visitors, including scripts, their connections, and [cookies](https://www.cloudflare.com/learning/privacy/what-are-cookies/). It can trigger alert notifications when resources change or are considered malicious.
 

@@ -11,7 +11,9 @@ description: Page Shield is a comprehensive client-side security and privacy
   browsing environment.
 ---
 
-import { Description, Feature, FeatureTable, Plan } from "~/components";
+import { Description, Feature, FeatureTable, Plan, Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 <Description>
 

@@ -7,7 +7,9 @@ description: Use Page Shield policies to define the resources (scripts) allowed
   on your applications.
 ---
 
-import { GlossaryTooltip } from "~/components";
+import { GlossaryTooltip, Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 :::note
 Only available to Enterprise customers with a paid add-on.

@@ -16,8 +16,11 @@ import {
 	LinkTitleCard,
 	RelatedProduct,
 	Stream,
+	Render
 } from "~/components";
 
+<Render file="survey" product="waf" />
+
 The application security dashboard is your starting point to better understand the security posture of your web applications, and to configure rules to protect them.
 
 <Card title="New dashboard experience" icon="rocket">

@@ -4,6 +4,9 @@ title: Custom rulesets
 sidebar:
   order: 2
 ---
+import { Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 :::note
 This feature requires an Enterprise plan with a paid add-on.

@@ -6,6 +6,9 @@ sidebar:
   group:
     label: Account-level configuration
 ---
+import { Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 :::note
 This feature requires an Enterprise plan with a paid add-on.

@@ -4,6 +4,9 @@ pcx_content_type: concept
 sidebar:
   order: 4
 ---
+import { Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 import { Render, Tabs, TabItem, Details, APIRequest } from "~/components";
 

@@ -4,6 +4,9 @@ pcx_content_type: concept
 sidebar:
   order: 3
 ---
+import { Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 import { GlossaryTooltip } from "~/components";
 

@@ -7,7 +7,9 @@ sidebar:
     hideIndex: true
 ---
 
-import { DirectoryListing } from "~/components";
+import { DirectoryListing, Render} from "~/components";
+
+<Render file="survey" product="waf" />
 
 Refer to the following pages for more information on the available analytics dashboards for Cloudflare security products:
 

@@ -7,6 +7,8 @@ sidebar:
 
 import { GlossaryTooltip, Render } from "~/components";
 
+<Render file="survey" product="waf" />
+
 <Render file="waf-intro" product="waf" />
 
 :::note[What is a Web Application Firewall?]

@@ -7,6 +7,8 @@ sidebar:
 
 import { Render, FeatureTable } from "~/components";
 
+<Render file="survey" product="waf" />
+
 <Render file="custom-rules-intro" product="waf" />
 
 Custom rules are evaluated in order, and some actions like _Block_ will stop the evaluation of other rules. For more details on actions and their behavior, refer to the [actions reference](/ruleset-engine/rules-language/actions/).

@@ -14,8 +14,11 @@ import {
 	Tabs,
 	TabItem,
 	Steps,
+	Render
 } from "~/components";
 
+<Render file="survey" product="waf" />
+
 Traffic detections check incoming requests for malicious or potentially malicious activity. Each enabled detection provides one or more scores — available in the [Security Analytics](/waf/analytics/security-analytics/) dashboard — that you can use in rule expressions.
 
 Cloudflare currently provides the following detections for finding security threats in incoming requests:

@@ -7,7 +7,9 @@ sidebar:
     label: Leaked credentials
 ---
 
-import { Type } from "~/components";
+import { Type, Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 The leaked credentials [traffic detection](/waf/detections/) scans incoming requests for credentials (usernames and passwords) previously leaked from [data breaches](https://www.cloudflare.com/learning/security/what-is-a-data-breach/).
 

@@ -7,7 +7,9 @@ sidebar:
     label: Malicious uploads
 ---
 
-import { GlossaryTooltip, Type } from "~/components";
+import { GlossaryTooltip, Type, Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 The malicious uploads detection, also called uploaded content scanning, is a WAF [traffic detection](/waf/concepts/#detection-versus-mitigation) that scans content being uploaded to your application.
 

@@ -5,7 +5,9 @@ sidebar:
   order: 2
 ---
 
-import { Details, GlossaryTooltip, Tabs, TabItem, Steps } from "~/components";
+import { Details, GlossaryTooltip, Tabs, TabItem, Steps, Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 The Cloudflare Web Application Firewall (Cloudflare WAF) checks incoming web and API requests and filters undesired traffic based on sets of rules called rulesets.
 

@@ -19,6 +19,8 @@ import {
 	Stream,
 } from "~/components";
 
+<Render file="survey" product="waf" />
+
 <Description>
 
 Get automatic protection from vulnerabilities and the flexibility to create custom rules.

@@ -7,6 +7,8 @@ sidebar:
 
 import { GlossaryTooltip, Render } from "~/components";
 
+<Render file="survey" product="waf" />
+
 Many web applications have suffered <GlossaryTooltip term="credential stuffing" link="https://www.cloudflare.com/learning/bots/what-is-credential-stuffing/">credential stuffing</GlossaryTooltip> attacks in the recent past. In these attacks there is a massive number of login attempts using username/password pairs from databases of <GlossaryTooltip term="leaked credentials">exposed credentials</GlossaryTooltip>.
 
 Cloudflare offers you automated checks for exposed credentials using Cloudflare Web Application Firewall (WAF).

@@ -12,6 +12,8 @@ head:
 
 import { FeatureTable, Render, RuleID } from "~/components";
 
+<Render file="survey" product="waf" />
+
 <Render file="waf-managed-rules-intro" product="waf" />
 
 ## Available managed rulesets

@@ -5,7 +5,9 @@ sidebar:
   order: 11
 ---
 
-import { GlossaryTooltip } from "~/components";
+import { GlossaryTooltip, Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 The WAF allows you to log the request information that triggered a specific rule of a managed ruleset. This information is known as the payload. Payload information includes the specific string that triggered the rule, along with the text that appears immediately before and after the match.
 

@@ -8,6 +8,9 @@ head:
     content: Create WAF exceptions
 
 ---
+import { Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 Create an exception to skip the execution of WAF managed rulesets or some of their rules. The exception configuration includes an expression that defines the skip conditions, and the rules or rulesets to skip under those conditions.
 

@@ -8,6 +8,8 @@ sidebar:
 
 import { Render } from "~/components";
 
+<Render file="survey" product="waf" />
+
 The following sections cover typical rate limiting configurations for common use cases. You can combine the provided example rules and adjust them to your own scenario.
 
 The main use cases for rate limiting are the following:

@@ -8,6 +8,8 @@ tableOfContents: false
 
 import { Render } from "~/components";
 
+<Render file="survey" product="waf" />
+
 Rate limiting rules allow you to define rate limits for requests matching an expression, and the action to perform when those rate limits are reached.
 
 In the [new security dashboard](/security/), rate limiting rules are one of the available types of [security rules](/security/rules/). Security rules perform security-related actions on incoming requests that match specified filters.

@@ -7,7 +7,9 @@ sidebar:
     hideIndex: true
 ---
 
-import { DirectoryListing } from "~/components";
+import { DirectoryListing, Render } from "~/components";
+
+<Render file="survey" product="waf" />
 
 The Cloudflare WAF offers the following additional tools:
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,6 +9,8 @@ sidebar: @@
     import { GlossaryTooltip, Render, Steps } from "~/components"
+    <Render file="survey" product="waf" />
     This guide will help you set up API Shield to identify and address API security best practices.
     :::note
@@ Expand Down @@