cloudflare · RebeccaTamachiro · Oct 30, 2025 · Oct 29, 2025
@@ -70,6 +70,6 @@ The custom hostname can activate on the new zone even if the certificate is stil
 
 :::note
 
-Verify that the custom hostname successfully activated after the migration in the Cloudflare dashboard by selecting **SSL/TLS** > **Custom hostnames** > **`{your custom hostname}`**.
+Verify that the custom hostname successfully activated after the migration on the [**Custom Hostnames**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/custom-hostnames) page.
 
 :::
@@ -22,7 +22,7 @@ Before you can employ Early Hints for SaaS, you need to create a custom hostname
 
 1. [Locate your zone ID](/fundamentals/account/find-account-and-zone-ids/), available in the Cloudflare dashboard.
 
-2. Locate your Authentication Key by selecting **My Profile** > **API tokens** > **Global API Key**.
+2. Locate your Authentication Key on the [**API Tokens**](https://dash.cloudflare.com/?to=/:account/profile/api-tokens) page, under **Global API Key**.
 
 3. If you are [creating a new custom hostname](/api/resources/custom_hostnames/methods/create/), make an API call such as the example below, specifying `"early_hints": "on"`:
 

@@ -7,7 +7,7 @@ head:
 description: Learn how to configure your Enterprise zone with Salesforce Commerce Cloud.
 ---
 
-import { Details, Render } from "~/components";
+import { Details, Render, DashButton } from "~/components";
 
 <Render
 	file="provider-guide-intro"
@@ -104,11 +104,11 @@ If you do have a `CAA` record, verify that it permits SSL certificates to be iss
 ### Best practice Zone-level configuration
 
 1. Set **Minimum TLS version** to **TLS 1.2**
-   1. Navigate to **SSL/TLS > Edge Certificates**, scroll down the page to find **Minimum TLS Version**, and set it to _TLS 1.2_. This setting applies to every Proxied DNS record in your Zone.
+   1. Go to the [**Edge Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) page, scroll down to find **Minimum TLS Version**, and set it to _TLS 1.2_. This setting applies to every Proxied DNS record in your Zone.
 2. Match the **Security Level** set in **SFCC Business Manager**
-   1. _Option 1: Zone-level_ - Navigate to **Security > Settings**, find **Security Level** and set **Security Level** to match what is configured in **SFCC Business Manager**. This setting applies to every Proxied DNS record in your Cloudflare zone.
+   1. _Option 1: Zone-level_ - Go to the [**Settings**](https://dash.cloudflare.com/?to=/:account/:zone/security/settings) page under Security, find **Security Level** and set **Security Level** to match what is configured in **SFCC Business Manager**. This setting applies to every Proxied DNS record in your Cloudflare zone.
    2. _Option 2: Per Proxied DNS record_ - If the **Security Level** differs between the Proxied DNS records targeting your SFCC environment and other Proxied DNS records in your Cloudflare zone, use a **Configuration Rule** to set the **Security Level** specifically for the Proxied DNS records targeting your SFCC environment. For example:
-      1. Create a new **Configuration Rule** by navigating to **Rules** > **Overview** and selecting **Create rule** next to **Configuration Rules**:
+      1. Create a new **Configuration Rule** on the [**Rules Overview**](https://dash.cloudflare.com/?to=/:account/:zone/rules/overview) page by selecting **Create rule** next to **Configuration Rules**:
          1. **Rule name:** `Match Security Level on SFCC hostnames`
          2. **Field:** _Hostname_
          3. **Operator:** _is in_ (this will match against multiple hostnames specified in the **Value** field)
@@ -117,9 +117,9 @@ If you do have a `CAA` record, verify that it permits SSL certificates to be iss
             1. **Select Security Level:** _Medium_ (this should match the **Security Level** set in **SFCC Business Manager**)
          6. Scroll to the bottom of the page and click **Deploy**
 3. Disable **Browser Integrity Check**
-   1. _Option 1: Zone-level_ - Navigate to **Security > Settings**, find **Browser Integrity Check** and toggle it off to disable it. This setting applies to every Proxied DNS record in your Cloudflare zone.
+   1. _Option 1: Zone-level_ - Go to the [**Settings**](https://dash.cloudflare.com/?to=/:account/:zone/security/settings) page under Security, find **Browser Integrity Check** and toggle it off to disable it. This setting applies to every Proxied DNS record in your Cloudflare zone.
    2. _Option 2: Per Proxied DNS record_ - If you want to keep **Browser Integrity Check** enabled for other Proxied DNS records in your Cloudflare zone but want to disable it on Proxied DNS records targeting your SFCC environment, keep the Zone-level **Browser Integrity Check** feature enabled and use a **Configuration Rule** to disable **Browser Integrity Check** specifically for the hostnames targeting your SFCC environment. For example:
-      1. Create a new **Configuration Rule** by navigating to **Rules** > **Overview** and selecting **Create rule** next to **Configuration Rules**:
+      1. Create a new **Configuration Rule** on the [**Rules Overview**](https://dash.cloudflare.com/?to=/:account/:zone/rules/overview) page by selecting **Create rule** next to **Configuration Rules**:
          1. **Rule name:** `Disable Browser Integrity Check on SFCC hostnames`
          2. **Field:** _Hostname_
          3. **Operator:** _is in_ (this will match against multiple hostnames specified in the **Value** field)
@@ -131,7 +131,7 @@ If you do have a `CAA` record, verify that it permits SSL certificates to be iss
    1. Your SFCC environment, also called a **Realm**, will contain one to many SFCC Proxy Zones, which is where caching will always occur. In the corresponding SFCC Proxy Zone for your domain, SFCC performs their own cache optimization, so it is recommended to bypass the cache on the Proxied DNS records in your Cloudflare zone which target your SFCC environment to prevent a "double caching" scenario. This can be accomplished with a **Cache Rule**.
    2. If the **Cache Rule** is not created, caching will occur in both your Cloudflare zone and your corresponding SFCC Proxy Zone, which can cause issues if and when the cache is invalidated or purged in your SFCC environment.
       1. Additional information on caching in your SFCC environment can be found in [SFCC's Content Cache Documentation](https://developer.salesforce.com/docs/commerce/b2c-commerce/guide/b2c-content-cache.html)
-   3. Create a new **Cache Rule** by navigating to **Rules** > **Overview** and selecting **Create rule** next to **Cache Rules**:
+   3. Create a new **Cache Rule** on the [**Rules Overview**](https://dash.cloudflare.com/?to=/:account/:zone/rules/overview) page by selecting **Create rule** next to **Cache Rules**:
       1. **Rule name:** `Bypass cache on SFCC hostnames`
       2. **Field:** _Hostname_
       3. **Operator:** _is in_ (this will match against multiple hostnames specified in the **Value** field)

@@ -40,7 +40,7 @@ While TLS 1.3 is the most recent and secure version, it is not supported by some
 
 ### Scope
 
-Minimum TLS version exists both as a [zone-level setting](/ssl/edge-certificates/additional-options/minimum-tls/) (under **Edge certificates** > **Minimum TLS Version**) and as a custom hostname setting. What this implies is:
+Minimum TLS version exists both as a [zone-level setting](/ssl/edge-certificates/additional-options/minimum-tls/) (on the [**Edge Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) page under **Minimum TLS Version**) and as a custom hostname setting. What this implies is:
 
 - For custom hostnames created via API, it is possible not to explicitly define a value for `min_tls_version`. When that is the case, whatever value is defined as your zone's minimum TLS version will be applied. To confirm whether a given custom hostname has a specific minimum TLS version set, use the following API call.
 

@@ -22,7 +22,7 @@ DCV Delegation requires your customers to place a one-time record at their autho
 To set up Delegated DCV:
 
 1. Add a [custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/create-custom-hostnames/) for your zone, choosing `TXT` as the **Certificate validation method**.
-2. On **SSL/TLS** > **Custom Hostnames**, go to **DCV Delegation for Custom Hostnames**.
+2. On the [**Custom Hostnames**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/custom-hostnames) page, go to **DCV Delegation for Custom Hostnames**.
 3. Copy the hostname value.
 4. For each hostname, the domain owner needs to place a `CNAME` record at their authoritative DNS. In this example, the SaaS zone is `example.com`.
    ```txt

@@ -59,7 +59,7 @@ If you would like to complete the issuance process before asking your customer t
 <br />
 
 - [**API**](/api/resources/custom_hostnames/methods/get/): Within the `ssl` object, store the values present in the `validation_records` array (specifically `http_url` and `http_body`).
-- **Dashboard**: When viewing an individual certificate at **SSL/TLS** > **Custom Hostnames**, refer to the values for **Certificate validation request** and **Certificate validation response**.
+- **Dashboard**: When viewing an individual certificate on the [**Custom Hostnames**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/custom-hostnames) page, refer to the values for **Certificate validation request** and **Certificate validation response**.
 
 At your origin, make the `http_body` available in a TXT record at the path specified in `http_url`. This path should also be publicly accessible to anyone on the Internet so your CA can access it.
 

@@ -37,7 +37,7 @@ To apply WAF to your custom hostname, you need to create an association between
 
 1. [Locate your zone ID](/fundamentals/account/find-account-and-zone-ids/), available in the Cloudflare dashboard.
 
-2. Locate your Authentication Key by selecting **My Profile** > **API tokens** > **Global API Key**.
+2. Locate your Authentication Key on the [**API Tokens**](https://dash.cloudflare.com/?to=/:account/profile/api-tokens) page, under **Global API Key**.
 
 3. Locate your custom hostname ID by making a `GET` call in the API:
 

@@ -9,13 +9,16 @@ head:
 
 ---
 
+import { DashButton } from "~/components";
+
 To enable Cloudflare for SaaS for your account:
 
-1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com).
-2. Select your account and zone.
-3. Go to **SSL/TLS** > **Custom Hostnames**.
-4. Select **Enable**.
-5. The next step depends on the zone's plan:
+1. In the Cloudflare dashboard, go to the **Custom Hostnames** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/custom-hostnames" />
+
+2. Select **Enable**.
+3. The next step depends on the zone's plan:
    * **Enterprise**: Can preview this product as a [non-contract service](/billing/preview-services/), which provide full access, free of metered usage fees, limits, and certain other restrictions.
    * **Non-enterprise**: Will have to enter payment information.
 

@@ -5,18 +5,16 @@
 
 import { DashButton } from "~/components";
 
-1. In the Cloudflare dashboard, go to the **Account home** page and select your account.
+1. In the Cloudflare dashboard, go to the **Custom Hostnames** page.
 
-    <DashButton url="/?to=/:account/home" />
+   <DashButton url="/?to=/:account/:zone/ssl-tls/custom-hostnames" />
 
-2. Select your Cloudflare for SaaS application.
-3. Navigate to **SSL/TLS** > **Custom Hostnames**.
-4. Click **Add Custom Hostname**.
-5. Add your customer's hostname `app.customer.com` and set the relevant options, including:
+2. Select **Add Custom Hostname**.
+3. Add your customer's hostname `app.customer.com` and set the relevant options, including:
     - The [minimum TLS version](/ssl/reference/protocols/).
     - Defining whether you want to use a certificate provided by Cloudflare or [upload a custom certificate](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates/).
     - Selecting the [certificate authority (CA)](/ssl/reference/certificate-authorities/) that will issue the certificate.
     - Choosing the [validation method](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/).
     - Whether you want to **Enable wildcard**, which adds a `*.<custom-hostname>` SAN to the custom hostname certificate. For more details, refer to [Hostname priority](/ssl/reference/certificate-and-hostname-priority/#hostname-priority).
     - Choosing a value for [Custom origin server](/cloudflare-for-platforms/cloudflare-for-saas/start/advanced-settings/custom-origin/).
-6. Click **Add Custom Hostname**.
+4. Select **Add Custom Hostname**.
@@ -5,12 +5,10 @@
 
 import { DashButton } from "~/components";
 
-1. In the Cloudflare dashboard, go to the **Account home** page and select your account and website.
+1. In the Cloudflare dashboard, go to the **Custom Hostnames** page.
 
-    <DashButton url="/?to=/:account/home" />
+   <DashButton url="/?to=/:account/:zone/ssl-tls/custom-hostnames" />
 
-2. Select **SSL/TLS** > **Custom Hostnames**.
+2. Select the custom hostname and select **Delete**.
 
-3. Select the custom hostname and select **Delete**.
-
-4. A confirmation window will appear. Acknowledge the warning and select **Delete** again.
+3. A confirmation window will appear. Acknowledge the warning and select **Delete** again.
@@ -2,7 +2,7 @@
 {}
 ---
 
-import { Example, TabItem, Tabs } from "~/components";
+import { Example, TabItem, Tabs, DashButton } from "~/components";
 
 The fallback origin is where Cloudflare will route traffic sent to your custom hostnames (must be proxied).
 
@@ -28,11 +28,12 @@ To create your fallback origin:
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com).
-2. Select your account and zone.
-3. Go to **SSL/TLS** > **Custom Hostnames**.
-4. For **Fallback Origin**, enter the hostname for your fallback origin.
-5. Select **Add Fallback Origin**.
+1. In the Cloudflare dashboard, go to the **Custom Hostnames** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/custom-hostnames" />
+
+2. For **Fallback Origin**, enter the hostname for your fallback origin.
+3. Select **Add Fallback Origin**.
 
 </TabItem> <TabItem label="API">
 

@@ -5,13 +5,11 @@
 
 import { DashButton } from "~/components";
 
-1. In the Cloudflare dashboard, go to the **Account home** page and select your account.
+1. In the Cloudflare dashboard, go to the **Custom Hostnames** page.
 
-    <DashButton url="/?to=/:account/home" />
+   <DashButton url="/?to=/:account/:zone/ssl-tls/custom-hostnames" />
 
-2. Select your Cloudflare for SaaS application.
-3. Navigate to **SSL/TLS** > **Custom Hostnames**.
-4. Select a hostname.
-5. Copy the values for **Certificate validation TXT name** and **Certificate validation TXT value**.
+2. Select a hostname.
+3. Copy the values for **Certificate validation TXT name** and **Certificate validation TXT value**.
 
 If you had previously created a **wildcard** custom hostname, you would need to copy the values for two different validation TXT records.
-Original file line number
+Diff line change
@@ Expand Up @@
     :::note
-    Verify that the custom hostname successfully activated after the migration in the Cloudflare dashboard by selecting **SSL/TLS** > **Custom hostnames** > **`{your custom hostname}`**.
+    Verify that the custom hostname successfully activated after the migration on the [**Custom Hostnames**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/custom-hostnames) page.
     :::