diff --git a/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx
index cd8505a5d969031..8d256f0d32dc2dd 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx
@@ -288,7 +288,7 @@ Gateway matches DNS queries against the following selectors, or criteria:
### Application
@@ -358,7 +358,7 @@ Use this selector to filter DNS responses by their `TXT` records.
### Domain
@@ -366,7 +366,7 @@ Use this selector to filter DNS responses by their `TXT` records.
### Host
@@ -440,19 +440,19 @@ Use this selector to match a dynamic list of [category IDs](/cloudflare-one/poli
### Source Continent
-Use this selector to filter based on the continent where the query arrived to Gateway from.
+Use this selector to filter based on the continent where the query arrived to Gateway from.
### Source Country
-Use this selector to filter based on the country where the query arrived to Gateway from.
+Use this selector to filter based on the country where the query arrived to Gateway from.
### Source IP
-
+
### Users
-
+
## Comparison operators
diff --git a/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx
index 6b9cc2ba3fe36ce..374d6763934156c 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx
@@ -69,7 +69,7 @@ Gateway matches egress traffic against the following selectors, or criteria:
### Application
@@ -127,7 +127,7 @@ Gateway matches egress traffic against the following selectors, or criteria:
### Domain
@@ -140,7 +140,7 @@ Gateway matches egress traffic against the following selectors, or criteria:
### Host
@@ -160,11 +160,11 @@ Gateway matches egress traffic against the following selectors, or criteria:
### Source Continent
-The continent of the user making the request.
+The continent of the user making the request.
### Source Country
-The country of the user making the request.
+The country of the user making the request.
### Source Internal IP
@@ -188,7 +188,7 @@ The country of the user making the request.
+
### Virtual Network
diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
index 6bf55eebd825e2f..0cb8a18fe889037 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
@@ -411,7 +411,7 @@ The review approval status of an application from [Shadow IT Discovery](/cloudfl
### Application
@@ -495,7 +495,7 @@ Only applies to traffic sent through the [WARP client](/cloudflare-one/connectio
### Domain
@@ -622,7 +622,7 @@ Use [Cloudflare Data Loss Prevention (DLP)](/cloudflare-one/policies/data-loss-p
### Host
@@ -657,11 +657,11 @@ The HTTP response status code received by the traffic.
### Source Continent
-The continent of the user making the request.
+The continent of the user making the request.
### Source Country
-The country of the user making the request.
+The country of the user making the request.
### Source Internal IP
@@ -713,7 +713,7 @@ The query of a webpage's URL.
### Users
-
+
### Virtual Network
diff --git a/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
index 0ce456b9b904244..76e8403eb71defe 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
@@ -260,7 +260,7 @@ Gateway matches network traffic against the following selectors, or criteria.
### Application
@@ -355,11 +355,11 @@ By default, this selector only applies to HTTPS traffic on port `443`. To inspec
### Source Continent
-The continent of the user making the request.
+The continent of the user making the request.
### Source Country
-The country of the user making the request.
+The country of the user making the request.
### Source Internal IP
@@ -383,7 +383,7 @@ The country of the user making the request.
+
### Virtual Network
diff --git a/src/content/docs/cloudflare-one/policies/gateway/resolver-policies.mdx b/src/content/docs/cloudflare-one/policies/gateway/resolver-policies.mdx
index 032dc594d76f61a..a990cf6cc57af40 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/resolver-policies.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/resolver-policies.mdx
@@ -111,7 +111,7 @@ For more information on creating a DNS policy, refer to [DNS policies](/cloudfla
### Domain
@@ -119,7 +119,7 @@ For more information on creating a DNS policy, refer to [DNS policies](/cloudfla
### Host
@@ -138,19 +138,19 @@ For more information on creating a DNS policy, refer to [DNS policies](/cloudfla
### Source Continent
-Use this selector to filter based on the continent where the query arrived to Gateway from.
+Use this selector to filter based on the continent where the query arrived to Gateway from.
### Source Country
-Use this selector to filter based on the country where the query arrived to Gateway from.
+Use this selector to filter based on the country where the query arrived to Gateway from.
### Source IP
-
+
### Users
-
+
## Comparison operators
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/application-dns.mdx b/src/content/partials/cloudflare-one/gateway/selectors/application-dns.mdx
new file mode 100644
index 000000000000000..062901c43f3eda2
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/application-dns.mdx
@@ -0,0 +1,10 @@
+---
+params:
+ - policyType
+---
+
+You can apply {props.policyType} policies to a growing list of popular web applications. Refer to [Application and app types](/cloudflare-one/policies/gateway/application-app-types/) for more information.
+
+| UI name | API example | Evaluation phase |
+| ----------- | -------------------------- | --------------------- |
+| Application | `any(app.ids[*] in {505})` | Before DNS resolution |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/application-http.mdx b/src/content/partials/cloudflare-one/gateway/selectors/application-http.mdx
new file mode 100644
index 000000000000000..37f35f2db289c21
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/application-http.mdx
@@ -0,0 +1,10 @@
+---
+params:
+ - policyType
+---
+
+You can apply {props.policyType} policies to a growing list of popular web applications. Refer to [Application and app types](/cloudflare-one/policies/gateway/application-app-types/) for more information.
+
+| UI name | API example |
+| ----------- | -------------------------- |
+| Application | `any(app.ids[*] in {505})` |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/domain-dns.mdx b/src/content/partials/cloudflare-one/gateway/selectors/domain-dns.mdx
new file mode 100644
index 000000000000000..c4778b53c59f16f
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/domain-dns.mdx
@@ -0,0 +1,18 @@
+---
+params:
+ - APIendpoint
+---
+
+import { Render } from "~/components";
+
+Use this selector to match against a domain and all subdomains. For example, you can match `example.com` and its subdomains, such as `www.example.com`.
+
+| UI name | API example | Evaluation phase |
+| ------- | --------------------------------------------------------- | --------------------- |
+| Domain | any({props.APIendpoint}[*] == "example.com") | Before DNS resolution |
+
+
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/domain-http.mdx b/src/content/partials/cloudflare-one/gateway/selectors/domain-http.mdx
new file mode 100644
index 000000000000000..858bc151b7e0cd1
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/domain-http.mdx
@@ -0,0 +1,18 @@
+---
+params:
+ - APIendpoint
+---
+
+import { Render } from "~/components";
+
+Use this selector to match against a domain and all subdomains. For example, you can match `example.com` and its subdomains, such as `www.example.com`.
+
+| UI name | API example |
+| ------- | --------------------------------------------------------- |
+| Domain | any({props.APIendpoint}[*] == "example.com") |
+
+
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/host-dns.mdx b/src/content/partials/cloudflare-one/gateway/selectors/host-dns.mdx
new file mode 100644
index 000000000000000..0dc831a4607023b
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/host-dns.mdx
@@ -0,0 +1,22 @@
+---
+params:
+ - APIendpoint
+---
+
+import { Render } from "~/components";
+
+Use this selector to match against only the hostname specified. For example, you can match `test.example.com` but not `example.com` or `www.test.example.com`.
+
+| UI name | API example | Evaluation phase |
+| ------- | --------------------------------------------------- | --------------------- |
+| Host | {props.APIendpoint} == \"example.com\" | Before DNS resolution |
+
+
+
+:::note
+Some hostnames (`example.com`) will invisibly redirect to the www subdomain (`www.example.com`). To match this type of website, use the [Domain](#domain) selector instead of the Host selector.
+:::
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/host-http.mdx b/src/content/partials/cloudflare-one/gateway/selectors/host-http.mdx
new file mode 100644
index 000000000000000..e0342c853e5ef3e
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/host-http.mdx
@@ -0,0 +1,22 @@
+---
+params:
+ - APIendpoint
+---
+
+import { Render } from "~/components";
+
+Use this selector to match against only the hostname specified. For example, you can match `test.example.com` but not `example.com` or `www.test.example.com`.
+
+| UI name | API example |
+| ------- | --------------------------------------------------- |
+| Host | {props.APIendpoint} == \"example.com\" |
+
+
+
+:::note
+Some hostnames (`example.com`) will invisibly redirect to the www subdomain (`www.example.com`). To match this type of website, use the [Domain](#domain) selector instead of the Host selector.
+:::
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/source-continent-dns.mdx b/src/content/partials/cloudflare-one/gateway/selectors/source-continent-dns.mdx
new file mode 100644
index 000000000000000..b40ba217f8524fd
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/source-continent-dns.mdx
@@ -0,0 +1,22 @@
+---
+inputParameters: param1
+---
+
+import { Markdown } from "~/components";
+
+Geolocation is determined from the device's public IP address (typically assigned by the user's ISP). To specify a continent, enter its two-letter code into the **Value** field:
+
+| Continent | Code |
+| ------------- | ---- |
+| Africa | `AF` |
+| Antarctica | `AN` |
+| Asia | `AS` |
+| Europe | `EU` |
+| North America | `NA` |
+| Oceania | `OC` |
+| South America | `SA` |
+| Tor network | `T1` |
+
+| UI name | API example | Evaluation phase |
+| ------------------------------- | --------------------------------------------------------- | --------------------- |
+| Source Continent IP Geolocation | {props.one}.geo.continent == "North America" | Before DNS resolution |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/source-continent-http.mdx b/src/content/partials/cloudflare-one/gateway/selectors/source-continent-http.mdx
new file mode 100644
index 000000000000000..5bcafbcaf7ee841
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/source-continent-http.mdx
@@ -0,0 +1,22 @@
+---
+inputParameters: param1
+---
+
+import { Markdown } from "~/components";
+
+Geolocation is determined from the device's public IP address (typically assigned by the user's ISP). To specify a continent, enter its two-letter code into the **Value** field:
+
+| Continent | Code |
+| ------------- | ---- |
+| Africa | `AF` |
+| Antarctica | `AN` |
+| Asia | `AS` |
+| Europe | `EU` |
+| North America | `NA` |
+| Oceania | `OC` |
+| South America | `SA` |
+| Tor network | `T1` |
+
+| UI name | API example |
+| ------------------------------- | --------------------------------------------------------- |
+| Source Continent IP Geolocation | {props.one}.geo.continent == "North America" |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/source-country-dns.mdx b/src/content/partials/cloudflare-one/gateway/selectors/source-country-dns.mdx
new file mode 100644
index 000000000000000..f770cd8258d370f
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/source-country-dns.mdx
@@ -0,0 +1,12 @@
+---
+inputParameters: param1
+
+---
+
+import { Markdown } from "~/components"
+
+Geolocation is determined from the device's public IP address (typically assigned by the user's ISP). To specify a country, enter its [ISO 3166-1 Alpha-2 code](https://www.iso.org/obp/ui/#search/code/) in the **Value** field.
+
+| UI name | API example | Evaluation phase |
+| ----------------------------- | ------------------------ | --------------------- |
+| Source Country IP Geolocation | {props.one}.geo.country == "RU" | Before DNS resolution |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/source-country-http.mdx b/src/content/partials/cloudflare-one/gateway/selectors/source-country-http.mdx
new file mode 100644
index 000000000000000..bea70cb9423860e
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/source-country-http.mdx
@@ -0,0 +1,12 @@
+---
+inputParameters: param1
+
+---
+
+import { Markdown } from "~/components"
+
+Geolocation is determined from the device's public IP address (typically assigned by the user's ISP). To specify a country, enter its [ISO 3166-1 Alpha-2 code](https://www.iso.org/obp/ui/#search/code/) in the **Value** field.
+
+| UI name | API example |
+| ----------------------------- | ------------------------ |
+| Source Country IP Geolocation | {props.one}.geo.country == "RU" |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/source-ip-resolver.mdx b/src/content/partials/cloudflare-one/gateway/selectors/source-ip-resolver.mdx
new file mode 100644
index 000000000000000..135f98ad365bdf1
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/source-ip-resolver.mdx
@@ -0,0 +1,10 @@
+---
+{}
+
+---
+
+Use this selector to apply policies to the source IP address of DNS queries. For example, this could be the WAN IP address of the stub resolver used by your organization to send queries to Gateway.
+
+| UI name | API example | Evaluation phase |
+| --------- | ---------------------------- | --------------------- |
+| Source IP | `dns.src_ip == 198.51.100.0` | Before DNS resolution |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/users-dns.mdx b/src/content/partials/cloudflare-one/gateway/selectors/users-dns.mdx
new file mode 100644
index 000000000000000..bd7de5ffe296634
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/users-dns.mdx
@@ -0,0 +1,16 @@
+---
+{}
+---
+
+import { Render } from "~/components";
+
+Use these selectors to match against identity attributes.
+
+| UI name | API example | Evaluation phase |
+| --------------- | ------------------------------------------------------------------------------------------ | --------------------- |
+| User Email | `identity.email == "user@example.com"` | Before DNS resolution |
+| User Name | `identity.name == "Test User"` | Before DNS resolution |
+| User Group IDs | `any(identity.groups[*].id in {"group_id"})` | Before DNS resolution |
+| User Group Names| `any(identity.groups[*].name in {"group_name"})` | Before DNS resolution |
+| User Group Emails| `any(identity.groups[*].email in {"group@example.com"})` | Before DNS resolution |
+| SAML Attributes | `any(identity.saml_attributes["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"] in {"Test User"})` | Before DNS resolution |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/users-http.mdx b/src/content/partials/cloudflare-one/gateway/selectors/users-http.mdx
new file mode 100644
index 000000000000000..e963ab12286d3ee
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/users-http.mdx
@@ -0,0 +1,16 @@
+---
+{}
+---
+
+import { Render } from "~/components";
+
+Use these selectors to match against identity attributes.
+
+| UI name | API example |
+| --------------- | ------------------------------------------------------------------------------------------ |
+| User Email | `identity.email == "user@example.com"` |
+| User Name | `identity.name == "Test User"` |
+| User Group IDs | `any(identity.groups[*].id in {"group_id"})` |
+| User Group Names| `any(identity.groups[*].name in {"group_name"})` |
+| User Group Emails| `any(identity.groups[*].email in {"group@example.com"})` |
+| SAML Attributes | `any(identity.saml_attributes["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"] in {"Test User"})` |