diff --git a/src/content/docs/china-network/concepts/global-acceleration.mdx b/src/content/docs/china-network/concepts/global-acceleration.mdx
index 889b81d61f1dca9..b8286b29bc0db94 100644
--- a/src/content/docs/china-network/concepts/global-acceleration.mdx
+++ b/src/content/docs/china-network/concepts/global-acceleration.mdx
@@ -66,7 +66,7 @@ Travel SIM offers temporary, seamless Cloudflare One Client access for individua
 
 ### 1. Validate prerequisites
 
-Ensure that you have a Cloudflare [Enterprise plan](https://www.cloudflare.com/plans/enterprise/) and [China Network](/china-network/), if you want CDN Global Acceleration. the Cloudflare One Client and Cloudflare WAN licenses are required for the Cloudflare One Client Connection or Cloudflare WAN Global Acceleration.
+Ensure that you have a Cloudflare [Enterprise plan](https://www.cloudflare.com/plans/enterprise/) and [China Network](/china-network/), if you want CDN Global Acceleration. Cloudflare One Client and Cloudflare WAN licenses are required for the Cloudflare One Client Connection or Cloudflare WAN Global Acceleration.
 
 ### 2. Sign contract
 
diff --git a/src/content/docs/cloudflare-one/faq/devices-faq.mdx b/src/content/docs/cloudflare-one/faq/devices-faq.mdx
index 8cdd3790b915855..8ddf3ba798d6412 100644
--- a/src/content/docs/cloudflare-one/faq/devices-faq.mdx
+++ b/src/content/docs/cloudflare-one/faq/devices-faq.mdx
@@ -23,12 +23,12 @@ As our [Network Map](https://www.cloudflare.com/en-gb/network/) shows, we have l
 
 ## Why is my public IP address sometimes visible?
 
-Cloudflare One Client in the Cloudflare One Client mode was meant to ensure all your traffic is kept private between you and the origin (the site you are connecting to), but not from the origin itself. In a number of cases, if the origin site you are communicating with can't determine who you are and where you're from, they can't serve locale relevant content to you.
+The Cloudflare One Client is meant to ensure all your traffic is kept private between you and the origin (the site you are connecting to), but not from the origin itself. In a number of cases, if the origin site you are communicating with can't determine who you are and where you're from, they can't serve locale relevant content to you.
 Sites inside Cloudflare network are able to see this information. If a site is showing you your IP address, chances are they are in our network. Most sites outside our network (orange clouded sites) however are unable to see this information and instead see the nearest egress colo to their server. We are working to see if in the future we can't find a way to more easily share this information with a limited number of gray clouded sites where it is relevant to both parties.
 
 ## Why has my throughput dropped while using the Cloudflare One Client?
 
-the Cloudflare One Client is in part powered by 1.1.1.1. When visiting sites or going to a new location on the Internet, you should see blazing fast DNS lookups. However, the Cloudflare One Client is built to trade some throughput for enhanced privacy, because it encrypts all traffic both to and from your device. While this isn't noticeable at most mobile speeds, on desktop systems in countries where high speed broadband is available, you may notice a drop. We think the tradeoff is worth it though and continue to work on improving performance all over the system.
+The Cloudflare One Client is in part powered by 1.1.1.1. When visiting sites or going to a new location on the Internet, you should see blazing fast DNS lookups. However, the Cloudflare One Client is built to trade some throughput for enhanced privacy, because it encrypts all traffic both to and from your device. While this isn't noticeable at most mobile speeds, on desktop systems in countries where high speed broadband is available, you may notice a drop. We think the tradeoff is worth it though and continue to work on improving performance all over the system.
 
 ## Why is my device not connecting to a public Wi-Fi?
 
diff --git a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
index ef3393d60330b88..b04b302f1c311d4 100644
--- a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
+++ b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
@@ -107,7 +107,7 @@ Certain web browsers (such as Chrome and Microsoft Edge) load and cache root cer
 This error appears if you try to change your [team domain](/cloudflare-one/faq/getting-started-faq/#whats-a-team-domainteam-name) while the [Cloudflare dashboard SSO](/fundamentals/manage-members/dashboard-sso/) feature is enabled on your account.
 Cloudflare dashboard SSO does not currently support team domain changes. Contact your account team for more details.
 
-## the Cloudflare One Client on Linux shows `DNS connectivity check failed`.
+## The Cloudflare One Client on Linux shows `DNS connectivity check failed`.
 
 This error means that the `systemd-resolved` service on Linux is not allowing WARP to resolve DNS requests. You can identify this issue in the [`daemon.log`](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/troubleshooting/diagnostic-logs/#warp-diag-logs) file of the `warp diag` logs, where the error message appears as `ERROR main_loop: warp::warp::connectivity_check: DNS connectivity check failed to resolve host="warp-svc."`.
 
@@ -349,7 +349,7 @@ msiexec /i <PATH_TO_WARP_MSI> /L*V <PATH_TO_OUTPUT_LOG>
 
 Check the logs to verify if there are any missing DLLs (for example, `netstandard2.0`), which may point to a missing or outdated version of the .NET Framework.
 
-One common cause is a missing or outdated version of the [.NET Framework Runtime](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/#windows:~:text=NET%20Framework%20version-,4.7.2%20or%20later,-HD%20space). the Cloudflare One Client requires a .NET Framework version of `4.7.2` or later.
+One common cause is a missing or outdated version of the [.NET Framework Runtime](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/#windows:~:text=NET%20Framework%20version-,4.7.2%20or%20later,-HD%20space). The Cloudflare One Client requires a .NET Framework version of `4.7.2` or later.
 
 Some legacy Windows systems (such as Windows 10 Enterprise 1607 LTSB, which is bundled with .NET `4.6`) do not include this runtime by default and may fail during installation with a `Setup Wizard ended prematurely` error. More recent Windows versions include .NET `4.7.2` or later by default and do not encounter this error.
 
diff --git a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks.mdx
index 53e8d1f239aebaa..e52c6db2baf5feb 100644
--- a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks.mdx
@@ -275,7 +275,7 @@ In this example, "private network" refers to a distinct environment (such as sta
 <Tabs>
 <TabItem label="Version 2026.2+">
 
-1. Open the Cloudflare One client.
+1. Open the Cloudflare One Client.
 2. Go to **Home**.
 3. In the **VNET** dropdown, choose the virtual network you want to connect to (for example, `staging-vnet`).
 
diff --git a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-device-client.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-device-client.mdx
index 1ddfebb72813b55..3b2499aee2650ec 100644
--- a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-device-client.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-device-client.mdx
@@ -10,7 +10,7 @@ sidebar:
 
 import { Render } from "~/components";
 
-the Cloudflare One Client to Tunnel allows users to connect to RDP servers using their preferred RDP client. Cloudflare Tunnel creates a secure, outbound-only connection from your RDP server to Cloudflare's global network; this requires running the `cloudflared` daemon on the server (or any other host machine within the private network). Users install the [Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/) on their device and enroll in your Zero Trust organization. Remote devices will be able to connect as if they were on your private network. By default, all devices enrolled in your organization can connect to the RDP server unless you build policies to allow or block specific users.
+The [Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/) allows users to connect to RDP servers using their preferred RDP client. Cloudflare Tunnel creates a secure, outbound-only connection from your RDP server to Cloudflare's global network; this requires running the `cloudflared` daemon on the server (or any other host machine within the private network). Users install the Cloudflare One Client on their device and enroll in your Zero Trust organization. Remote devices will be able to connect as if they were on your private network. By default, all devices enrolled in your organization can connect to the RDP server unless you build policies to allow or block specific users.
 
 This example walks through how to set up an RDP server on a Google Cloud Platform (GCP) virtual machine (VM), but you can use any machine that supports RDP connections.
 
diff --git a/src/content/docs/cloudflare-one/networks/routes/reserved-ips.mdx b/src/content/docs/cloudflare-one/networks/routes/reserved-ips.mdx
index 4f1aa9d4391c2ca..6c99e0d816bffdc 100644
--- a/src/content/docs/cloudflare-one/networks/routes/reserved-ips.mdx
+++ b/src/content/docs/cloudflare-one/networks/routes/reserved-ips.mdx
@@ -24,7 +24,7 @@ When planning your private network addressing and configuring [Split Tunnel](/cl
 
 | Name                                                          | Default CIDR               | Configurable |
 | ------------------------------------------------------------- | -------------------------- | ------------ |
-| [device IPs](#device-ips)                           | `2606:4700:0cf1:1000::/64` | No           |
+| [Device IPs](#device-ips)                           | `2606:4700:0cf1:1000::/64` | No           |
 | [Gateway initial resolved IPs](#gateway-initial-resolved-ips) | `2606:4700:0cf1:4000::/64` | No           |
 | [Cloudflare source IPs](#cloudflare-source-ips)               | `2606:4700:0cf1:5000::/64` | No           |
 
diff --git a/src/content/docs/cloudflare-one/reusable-components/posture-checks/client-checks/client-certificate.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/client-checks/client-certificate.mdx
index e1aef32ff62aeeb..878d97c3b59a7cb 100644
--- a/src/content/docs/cloudflare-one/reusable-components/posture-checks/client-checks/client-certificate.mdx
+++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/client-checks/client-certificate.mdx
@@ -29,7 +29,7 @@ The Client Certificate device posture attribute checks if the device has a valid
 
 ## Prerequisites
 
-- A CA that issues client certificates for your devices. the Cloudflare One Client does not evaluate the certificate trust chain; this needs to be the issuing certificate.
+- A CA that issues client certificates for your devices. The Cloudflare One Client does not evaluate the certificate trust chain; this needs to be the issuing certificate.
 
   :::note[Upload the signing certificate that issued the client certificate]
 
@@ -86,10 +86,10 @@ To generate a sample root CA for testing, refer to [Generate mTLS certificates](
       	files or the same file.
       </Details>
    4. **Certificate ID**: Enter the UUID of the signing certificate.
-   5. **Common name**: (Optional) To check for a Common Name (CN) on the client certificate, enter a string with optional `${serial_number}` and `${hostname}` variables (for example, `${serial_number}_mycompany`). the Cloudflare One Client will search for an exact, case-insensitive match. If you do not specify a common name, the Cloudflare One Client will ignore the common name field on the certificate.
+   5. **Common name**: (Optional) To check for a Common Name (CN) on the client certificate, enter a string with optional `${serial_number}` and `${hostname}` variables (for example, `${serial_number}_mycompany`). The Cloudflare One Client will search for an exact, case-insensitive match. If you do not specify a common name, the Cloudflare One Client will ignore the common name field on the certificate.
    6. **Check for Extended Key Usage**: (Optional) Check whether the client certificate has one or more attributes set. Supported values are **Client authentication** (`1.3.6.1.5.5.7.3.2`) and/or **Email** (`1.3.6.1.5.5.7.3.4`).
    7. **Check for private key**: (Recommended) When enabled, WARP checks that the device has a private key associated with the client certificate.
-   8. **Subject Alternative Name**: (Optional) To check for a Subject Alternative Name (SAN) on the client certificate, enter a string with optional `${serial_number}` and `${hostname}` variables (for example, `${serial_number}_mycompany`). the Cloudflare One Client will search for an exact, case-insensitive match. You can add multiple SANs to the posture check — a certificate only needs to match one SAN for the check to pass.
+   8. **Subject Alternative Name**: (Optional) To check for a Subject Alternative Name (SAN) on the client certificate, enter a string with optional `${serial_number}` and `${hostname}` variables (for example, `${serial_number}_mycompany`). The Cloudflare One Client will search for an exact, case-insensitive match. You can add multiple SANs to the posture check — a certificate only needs to match one SAN for the check to pass.
 
 6. Select **Save**.
 
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/settings/index.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/settings/index.mdx
index df923886909f3d8..7bb65035f5abac9 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/settings/index.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/settings/index.mdx
@@ -75,7 +75,7 @@ To activate the override code on a user device:
 <Tabs>
 <TabItem label="Version 2026.2+">
 
-1. Open the Cloudflare One client and go to **Settings**.
+1. Open the Cloudflare One Client and go to **Settings**.
 2. In **Temporarily disconnect Cloudflare One Client**, select **Enter admin code**.
 3. Enter the override code and select **Disconnect**.
 
@@ -379,7 +379,7 @@ To turn on local network access in the Cloudflare One Client:
 
 <TabItem label="Windows and macOS">
 
-1. Open the Cloudflare One client and go to **Settings**.
+1. Open the Cloudflare One Client and go to **Settings**.
 2. In **Temporarily access local network resources**, select **Access resources**.
 
 <Details header="Version 2026.1 and earlier">
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/deployment/mdm-deployment/switch-organizations.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/deployment/mdm-deployment/switch-organizations.mdx
index 114a76a28bfb76b..630256826142671 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/deployment/mdm-deployment/switch-organizations.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/deployment/mdm-deployment/switch-organizations.mdx
@@ -84,7 +84,7 @@ To switch to a different organization as a user:
 
 <Tabs> <TabItem label="Windows, macOS, and Linux">
 
-1. Open the Cloudflare One client on your device.
+1. Open the Cloudflare One Client on your device.
 2. Go to **Home**. The **Configuration** dropdown will show the organizations that the admin has configured for your device.
 
 <Details header="Version 2026.1 and earlier">
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/troubleshooting/client-errors.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/troubleshooting/client-errors.mdx
index 1fa47f6fbd78d2c..b8545a15680722a 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/troubleshooting/client-errors.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/troubleshooting/client-errors.mdx
@@ -270,7 +270,7 @@ The device is not authenticated to an [organization](/cloudflare-one/setup/#crea
 <Tabs>
 <TabItem label="Version 2026.2+">
 
-1.  Launch the Cloudflare One client.
+1.  Launch the Cloudflare One Client.
 2.  Go to **Profile** > **Account information**.
 3.  Select **Re-Authenticate**.
 4.  Complete the authentication steps required by your organization.
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/troubleshooting/troubleshooting-guide.mdx
index 829c400c7657337..d43e0ea9e31ca92 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/cloudflare-one-client/troubleshooting/troubleshooting-guide.mdx
@@ -53,7 +53,7 @@ After updating the Cloudflare One Client, monitor the issue to see if it recurs.
 <Tabs>
 <TabItem label="Version 2026.2+">
 
-1.  Open the Cloudflare One client on your desktop.
+1.  Open the Cloudflare One Client on your desktop.
 2.  Select **About**.
 3.  Compare your device's version with the [latest version](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/).
 
@@ -479,7 +479,7 @@ Both methods update the client with the latest configuration.
 <Tabs>
 <TabItem label="Version 2026.2+">
 
-1. On the end user device, open the Cloudflare One client and select **Disconnect**.
+1. On the end user device, open the Cloudflare One Client and select **Disconnect**.
 
 :::note[What if the end user cannot disconnect?]
 If the end user does not see the [disconnect button](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/settings/#lock-warp-switch), they will need to enter an [admin override code](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/settings/#allow-admin-override-codes).
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment.mdx
index 6191b3a3c5fe792..c1fe0450d6b9936 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment.mdx
@@ -42,14 +42,14 @@ To configure the Cloudflare One Client to install a root certificate on your org
 5. [Enroll the device](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/deployment/manual-deployment/) in your Zero Trust organization.
 6. (Optional) If the device is running macOS Big Sur or newer, [manually trust the certificate](#manually-trust-the-certificate).
 
-the Cloudflare One Client will now download any [certificates set to **Available**](/cloudflare-one/team-and-resources/devices/user-side-certificates/#activate-a-root-certificate). After download, the Cloudflare One Client will add the certificates to the device's system certificate store in `installed_certs/<certificate_id>.pem` and append the contents to the `installed_cert.pem` file. If you have any scripts using `installed_cert.pem`, Cloudflare recommends you set them to use the individual files in the `installed_certs/` directory instead. `installed_certs.pem` will be deprecated by 2025-06-31.
+The Cloudflare One Client will now download any [certificates set to **Available**](/cloudflare-one/team-and-resources/devices/user-side-certificates/#activate-a-root-certificate). After download, the Cloudflare One Client will add the certificates to the device's system certificate store in `installed_certs/<certificate_id>.pem` and append the contents to the `installed_cert.pem` file. If you have any scripts using `installed_cert.pem`, Cloudflare recommends you set them to use the individual files in the `installed_certs/` directory instead. `installed_certs.pem` will be deprecated by 2025-06-31.
 
 :::note
 
 <Render file="warp/client-notification-lag" product="cloudflare-one" />
 :::
 
-the Cloudflare One Client does not install certificates to individual applications. You will need to [manually add certificates](/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment/#add-the-certificate-to-applications) to applications that rely on their own certificate store instead of the system certificate store.
+The Cloudflare One Client does not install certificates to individual applications. You will need to [manually add certificates](/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment/#add-the-certificate-to-applications) to applications that rely on their own certificate store instead of the system certificate store.
 
 ## Access the installed certificate
 
@@ -118,6 +118,6 @@ The Cloudflare One Client will also place the certificate in `/var/lib/cloudflar
 
 ## Uninstall the certificate
 
-If the certificate was installed by the Cloudflare One Client, it is automatically removed when you turn on another certificate for inspection in Cloudflare One, turn off **Install CA to system certificate store**, or [uninstall the Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/uninstall/). the Cloudflare One Client does not remove certificates that were installed manually (for example, certificates added to third-party applications).
+If the certificate was installed by the Cloudflare One Client, it is automatically removed when you turn on another certificate for inspection in Cloudflare One, turn off **Install CA to system certificate store**, or [uninstall the Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/uninstall/). The Cloudflare One Client does not remove certificates that were installed manually (for example, certificates added to third-party applications).
 
 To manually remove the certificate, refer to the instructions supplied by your operating system or the third-party application.
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx
index 1015e4d5bee54cc..40bcd530d39159d 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx
@@ -38,7 +38,7 @@ First, [generate](/cloudflare-one/team-and-resources/devices/user-side-certifica
 4. Select **More actions**.
 5. Depending on which format you want, choose **Download .pem** and/or **Download .crt**.
 
-Alternatively, you can download and install a certificate [using the Cloudflare One Client](/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment/#install-a-certificate-using-the-cloudflare-one-client). the Cloudflare One Client will add the certificates to the device's system certificate store in `installed_certs/<certificate_id>.pem`.
+Alternatively, you can download and install a certificate [using the Cloudflare One Client](/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment/#install-a-certificate-using-the-cloudflare-one-client). The Cloudflare One Client will add the certificates to the device's system certificate store in `installed_certs/<certificate_id>.pem`.
 
 ## 2. Verify the downloaded certificate
 
diff --git a/src/content/docs/cloudflare-one/traffic-policies/get-started/dns.mdx b/src/content/docs/cloudflare-one/traffic-policies/get-started/dns.mdx
index 90dffcc49359316..bba9979f25feeb3 100644
--- a/src/content/docs/cloudflare-one/traffic-policies/get-started/dns.mdx
+++ b/src/content/docs/cloudflare-one/traffic-policies/get-started/dns.mdx
@@ -35,7 +35,7 @@ You can filter DNS queries from individual devices (for example, employee laptop
 
 To filter DNS requests from an individual device such as a laptop or phone:
 
-1. [Install the Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/) on your device. the Cloudflare One Client is a lightweight agent that routes the device's DNS queries through Cloudflare so Gateway can inspect and filter them.
+1. [Install the Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/) on your device. The Cloudflare One Client is a lightweight agent that routes the device's DNS queries through Cloudflare so Gateway can inspect and filter them.
 2. [Enroll the Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/deployment/manual-deployment/) in your organization's <GlossaryTooltip term="team name">Zero Trust instance</GlossaryTooltip> [^1]. This tells WARP which Gateway policies to enforce.
 3. (Optional) If you want to display a [custom block page](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/) instead of a generic browser error when a request is blocked, [install a Cloudflare root certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/) on your device.
 
diff --git a/src/content/docs/cloudflare-one/traffic-policies/get-started/network.mdx b/src/content/docs/cloudflare-one/traffic-policies/get-started/network.mdx
index b1b89c2c6154c7a..860f651c9372369 100644
--- a/src/content/docs/cloudflare-one/traffic-policies/get-started/network.mdx
+++ b/src/content/docs/cloudflare-one/traffic-policies/get-started/network.mdx
@@ -47,7 +47,7 @@ To verify your device is connected to Cloudflare One:
   <Tabs>
 	<TabItem label="Version 2026.2+">
 
-   1. Open the Cloudflare One client.
+   1. Open the Cloudflare One Client.
    2. Go to **Profile**.
    3. Note the **Client Interface IP**. This is the same address that will appear as the Source IP in your network logs.
   </TabItem>
diff --git a/src/content/docs/cloudflare-one/tutorials/deploy-client-headless-linux.mdx b/src/content/docs/cloudflare-one/tutorials/deploy-client-headless-linux.mdx
index e44dde281313184..0fa6645a8ae16a7 100644
--- a/src/content/docs/cloudflare-one/tutorials/deploy-client-headless-linux.mdx
+++ b/src/content/docs/cloudflare-one/tutorials/deploy-client-headless-linux.mdx
@@ -122,4 +122,4 @@ To install the Cloudflare One Client using the example script:
    sudo ./install_warp.sh
    ```
 
-the Cloudflare One Client is now deployed with the configuration parameters stored in `/var/lib/cloudflare-warp/mdm.xml`. Assuming [`auto_connect`](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/deployment/mdm-deployment/parameters/#auto_connect) is configured, the Cloudflare One Client will automatically connect to your Zero Trust organization. Once connected, the device will appear in [Cloudflare One](https://one.dash.cloudflare.com) under **Team & Resources** > **Devices** with the email `non_identity@<team-name>.cloudflareaccess.com`.
+The Cloudflare One Client is now deployed with the configuration parameters stored in `/var/lib/cloudflare-warp/mdm.xml`. Assuming [`auto_connect`](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/deployment/mdm-deployment/parameters/#auto_connect) is configured, the Cloudflare One Client will automatically connect to your Zero Trust organization. Once connected, the device will appear in [Cloudflare One](https://one.dash.cloudflare.com) under **Team & Resources** > **Devices** with the email `non_identity@<team-name>.cloudflareaccess.com`.
diff --git a/src/content/docs/containers/local-dev.mdx b/src/content/docs/containers/local-dev.mdx
index 54d2d9306bdf35e..74d3bab264ca966 100644
--- a/src/content/docs/containers/local-dev.mdx
+++ b/src/content/docs/containers/local-dev.mdx
@@ -83,7 +83,7 @@ If you are running the Cloudflare One Client or a VPN that performs TLS inspecti
 To resolve this, you can either:
 
 - Disable the Cloudflare One Client or your VPN while running `wrangler dev` or `wrangler deploy`, then re-enable it afterwards.
-- Add the certificate to your Docker build context. the Cloudflare One Client exposes its certificate via the `NODE_EXTRA_CA_CERTS` and `SSL_CERT_FILE` environment variables on your host machine. You can pass the certificate into your Docker build as an environment variable, so that it is available during the build without being baked into the final image.
+- Add the certificate to your Docker build context. The Cloudflare One Client exposes its certificate via the `NODE_EXTRA_CA_CERTS` and `SSL_CERT_FILE` environment variables on your host machine. You can pass the certificate into your Docker build as an environment variable, so that it is available during the build without being baked into the final image.
 
   ```dockerfile
   RUN if [ -n "$SSL_CERT_FILE" ]; then \
diff --git a/src/content/docs/learning-paths/replace-vpn/get-started/index.mdx b/src/content/docs/learning-paths/replace-vpn/get-started/index.mdx
index 9c382f6c127396c..3621500b18af00e 100644
--- a/src/content/docs/learning-paths/replace-vpn/get-started/index.mdx
+++ b/src/content/docs/learning-paths/replace-vpn/get-started/index.mdx
@@ -7,7 +7,7 @@ sidebar:
 
 import { Render } from "~/components";
 
-In this learning path, you will learn how to replace your existing VPN provider with Cloudflare's ZTNA solution. Your users will run the Cloudflare One Client on their devices, and you will run either Cloudflare Tunnel or the Cloudflare One Client Connector in your network or on your application servers. After deploying Zero Trust, users will be able to connect to private resources (not exposed to the Internet) via TCP/UDP/ICMP, and administrators will be able to control access to these resources based on user identity, device posture, and other factors.
+In this learning path, you will learn how to replace your existing VPN provider with Cloudflare's ZTNA solution. Your users will run the Cloudflare One Client on their devices, and you will run either Cloudflare Tunnel or the WARP Connector in your network or on your application servers. After deploying Zero Trust, users will be able to connect to private resources (not exposed to the Internet) via TCP/UDP/ICMP, and administrators will be able to control access to these resources based on user identity, device posture, and other factors.
 
 ![How Cloudflare connects a user device to a private network application](~/assets/images/reference-architecture/cloudflare-one-reference-architecture-images/cf1-ref-arch-10.svg)
 
diff --git a/src/content/docs/learning-paths/replace-vpn/get-started/prerequisites.mdx b/src/content/docs/learning-paths/replace-vpn/get-started/prerequisites.mdx
index 4cc6df66ffc29f8..8bfdebbb52829f8 100644
--- a/src/content/docs/learning-paths/replace-vpn/get-started/prerequisites.mdx
+++ b/src/content/docs/learning-paths/replace-vpn/get-started/prerequisites.mdx
@@ -11,4 +11,4 @@ To make the most of this learning path, make sure that you have the following:
 * A device that can run [Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/), Cloudflare's endpoint agent.
 * A private network with applications or services that are available locally or via a VPN.
 * A [host server](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/system-requirements/#recommendations) on the private network that can run the lightweight Cloudflare Tunnel daemon process.
-* (Optional) A [Linux host server](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/#linux) on the private network that can run the Cloudflare One Client Connector. This is only needed for server-initiated traffic flows such as Microsoft SCCM, Active Directory (AD) updates, and DevOps workflows that require server-initiated connections.
+* (Optional) A [Linux host server](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/#linux) on the private network that can run WARP Connector. This is only needed for server-initiated traffic flows such as Microsoft SCCM, Active Directory (AD) updates, and DevOps workflows that require server-initiated connections.
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/connect-devices-networks/choose-on-ramp.mdx b/src/content/docs/learning-paths/secure-internet-traffic/connect-devices-networks/choose-on-ramp.mdx
index fc2b4bd1fa4e88c..29793f8d7acc903 100644
--- a/src/content/docs/learning-paths/secure-internet-traffic/connect-devices-networks/choose-on-ramp.mdx
+++ b/src/content/docs/learning-paths/secure-internet-traffic/connect-devices-networks/choose-on-ramp.mdx
@@ -17,9 +17,9 @@ The following steps are identical to [Connect user devices](/learning-paths/repl
 
 The most common way to protect and filter your end-user traffic is by using a device client. The standard Cloudflare device client supports a number of operating systems and deployment methodologies, but there can still be scenarios in which an alternative path makes sense.
 
-### Zero Trust Client
+### Cloudflare One Client
 
-the Cloudflare One Client is the most common onramp to send user traffic to Gateway. It is a lightweight device client, which builds proxy tunnels using either Wireguard or MASQUE, and builds a DNS proxy using DNS-over-HTTPS. It supports all major operating systems, supports all common forms of endpoint management tooling, and has a robust series of management parameters and profiles to accurately scope the needs of a diverse user base. It has flexible operating modes and can control device traffic as a proxy, control device DNS traffic as a DNS proxy, or both. It is the most common method to send traffic from user devices to be filtered and decrypted by Cloudflare Gateway.
+The Cloudflare One Client is the most common onramp to send user traffic to Gateway. It is a lightweight device client, which builds proxy tunnels using either Wireguard or MASQUE, and builds a DNS proxy using DNS-over-HTTPS. It supports all major operating systems, supports all common forms of endpoint management tooling, and has a robust series of management parameters and profiles to accurately scope the needs of a diverse user base. It has flexible operating modes and can control device traffic as a proxy, control device DNS traffic as a DNS proxy, or both. It is the most common method to send traffic from user devices to be filtered and decrypted by Cloudflare Gateway.
 
 ### PAC files (Enterprise only)
 
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/initial-setup/prerequisites.mdx b/src/content/docs/learning-paths/secure-internet-traffic/initial-setup/prerequisites.mdx
index 5354603607f1264..c507dcd0e1b0911 100644
--- a/src/content/docs/learning-paths/secure-internet-traffic/initial-setup/prerequisites.mdx
+++ b/src/content/docs/learning-paths/secure-internet-traffic/initial-setup/prerequisites.mdx
@@ -9,4 +9,4 @@ sidebar:
 To make the most of securing your Internet traffic and SaaS apps, make sure that you have the following:
 
 * A device that can run [Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/), Cloudflare's endpoint agent.
-* (Optional) A [Linux host server](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/#linux) on the private network that can run the Cloudflare One Client Connector.
+* (Optional) A [Linux host server](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/#linux) on the private network that can run WARP Connector, a software agent similar to the Cloudflare One Client.
diff --git a/src/content/docs/reference-architecture/design-guides/zero-trust-for-startups.mdx b/src/content/docs/reference-architecture/design-guides/zero-trust-for-startups.mdx
index 1cb86d9722a88a9..c4b8b6c042e0ac8 100644
--- a/src/content/docs/reference-architecture/design-guides/zero-trust-for-startups.mdx
+++ b/src/content/docs/reference-architecture/design-guides/zero-trust-for-startups.mdx
@@ -320,7 +320,7 @@ Cloudflare can help provide scoped secure access for both web and network connec
 - **Cloudflare Access can integrate and use [multiple identity providers simultaneously](/cloudflare-one/integrations/identity-providers/).** This can be scoped to a single application and a singular policy, and can have granular capabilities to 'force' some user access to authenticate in specific ways. There are also many third-party specific workflows — like [purpose justification](/cloudflare-one/access-controls/policies/require-purpose-justification/) — that can ensure that user access is both easy for third parties, and documented and controllable for administrators.
 - **Cloudflare Zero Trust can be deployed with flexible endpoint agent parameters and [logical groupings](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/device-profiles/) for contractor and third-party users.** If you have external users with internal access needs, they can be both tightly-scoped and limit potential conflict with other external systems.
 - **[Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/) can act as a unidirectional access model to provide corporate users access to scoped customer resources.** It is lightweight, easy to deploy, and can even be built into your deployment packages and deployed alongside the services you manage in customer environments.
-- **the Cloudflare One Client Connector can help you build secure, extensible networks relevant for each of your client controls.** This is particularly helpful when bidirectional (site-to-site) traffic flows are a necessity for the way that you engage with your customers, interact with their applications, or address other management concerns. WARP Connector has all of the same inline security policy application and auditability controls as the rest of your deployment, so you can maintain a Zero Trust security posture while achieving customer connectivity.
+- **WARP Connector can help you build secure, extensible networks relevant for each of your client controls.** This is particularly helpful when bidirectional (site-to-site) traffic flows are a necessity for the way that you engage with your customers, interact with their applications, or address other management concerns. WARP Connector has all of the same inline security policy application and auditability controls as the rest of your deployment, so you can maintain a Zero Trust security posture while achieving customer connectivity.
 
 ![How Cloudflare provides remote access for contractors, vendors, and customers](~/assets/images/reference-architecture/zt-for-startups/zero-trust-design-guide-remote-access-for-contractors-vendors-and-customers.svg)
 
diff --git a/src/content/partials/cloudflare-one/gateway/client-notifications.mdx b/src/content/partials/cloudflare-one/gateway/client-notifications.mdx
index e98203d6e516ec8..302bfc0f97dfef7 100644
--- a/src/content/partials/cloudflare-one/gateway/client-notifications.mdx
+++ b/src/content/partials/cloudflare-one/gateway/client-notifications.mdx
@@ -22,7 +22,7 @@ import { Details, Render, Markdown } from "~/components";
 
 </Details>
 
-Turn on <Markdown text={props.toggleName} /> to display notifications for Gateway block events. Blocked users will receive an operating system notification from the Cloudflare One Client with a custom message you set. If you do not set a custom message, the Cloudflare One Client will display a default message. Custom messages must be 100 characters or less. the Cloudflare One Client will only display one notification per minute.
+Turn on <Markdown text={props.toggleName} /> to display notifications for Gateway block events. Blocked users will receive an operating system notification from the Cloudflare One Client with a custom message you set. If you do not set a custom message, the Cloudflare One Client will display a default message. Custom messages must be 100 characters or less. The Cloudflare One Client will only display one notification per minute.
 
 Upon selecting the notification, the Cloudflare One Client will direct your users to the [Gateway block page](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/) you have configured. Optionally, you can direct users to a custom URL, such as an internal support form.
 
diff --git a/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx b/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx
index 00b12c71c0e8389..eda82a801695453 100644
--- a/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx
+++ b/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx
@@ -12,7 +12,7 @@ The Cloudflare One Client GUI should display `Connected` and `Your Internet is p
 
 <div class="medium-img">
 
-![Cloudflare One client GUI when connected to Cloudflare](~/assets/images/cloudflare-one/connections/warp-connected.png)
+![Cloudflare One Client GUI when connected to Cloudflare](~/assets/images/cloudflare-one/connections/warp-connected.png)
 
 </div>
 
diff --git a/src/content/partials/cloudflare-one/warp/enroll-desktop.mdx b/src/content/partials/cloudflare-one/warp/enroll-desktop.mdx
index ca090aae3e6b37e..4fc17d4709e3f93 100644
--- a/src/content/partials/cloudflare-one/warp/enroll-desktop.mdx
+++ b/src/content/partials/cloudflare-one/warp/enroll-desktop.mdx
@@ -9,8 +9,8 @@ To enroll your device using the client GUI:
 <Tabs>
 <TabItem label="Version 2026.2+">
 
-1. [Download](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/) and install the Cloudflare One client.
-2. Launch the Cloudflare One client.
+1. [Download](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/) and install the Cloudflare One Client.
+2. Launch the Cloudflare One Client.
 3. On the **What would you like to use the Cloudflare One Client for?** screen, select **Zero Trust security**.
 4. Enter your <GlossaryTooltip term="team name">team name</GlossaryTooltip>.
 5. Complete the authentication steps required by your organization.
diff --git a/src/content/partials/cloudflare-one/warp/reset-encryption-keys.mdx b/src/content/partials/cloudflare-one/warp/reset-encryption-keys.mdx
index 0e89403db313e41..1240186ca5a627f 100644
--- a/src/content/partials/cloudflare-one/warp/reset-encryption-keys.mdx
+++ b/src/content/partials/cloudflare-one/warp/reset-encryption-keys.mdx
@@ -7,7 +7,7 @@ import { Tabs, TabItem } from "~/components";
 <Tabs>
 <TabItem label="Version 2026.2+">
 
-1. Open the Cloudflare One client on your device.
+1. Open the Cloudflare One Client on your device.
 2. Go to **Connectivity** > **Encryption keys**
 3. Select **Reset keys**.
 
diff --git a/src/content/partials/networking-services/cloudflare-one-connectivity-options.mdx b/src/content/partials/networking-services/cloudflare-one-connectivity-options.mdx
index b0d9c4d77222271..8ebe3d11e5a8315 100644
--- a/src/content/partials/networking-services/cloudflare-one-connectivity-options.mdx
+++ b/src/content/partials/networking-services/cloudflare-one-connectivity-options.mdx
@@ -78,7 +78,7 @@ Use WARP Connector to connect sites with IoT devices or IP phones that cannot ru
 
 For VPN replacement and Zero Trust Network Access (ZTNA) use cases, Cloudflare Tunnel via `cloudflared` is the [primary recommended on-ramp](/learning-paths/replace-vpn/concepts/). Cloudflare Tunnel requires minimal network infrastructure changes and integrates directly with Cloudflare Access for identity-aware application protection.
 
-Deploy the Cloudflare One Client Connector supplementally when you need bidirectional connectivity for specific use cases like Active Directory Group Policy updates, SCCM, SIP traffic, VoIP traffic, or DevOps pipelines.
+Deploy the WARP Connector supplementally when you need bidirectional connectivity for specific use cases like Active Directory Group Policy updates, SCCM, SIP traffic, VoIP traffic, or DevOps pipelines.
 
 :::caution[Cloudflare WAN compatibility]
 Accounts on Legacy routing mode do not support WARP Connector when Cloudflare WAN (formerly Magic WAN) is enabled. Your account must be on <a href={props.unifiedRoutingURL}>Cloudflare One Unified Routing</a> for both to work together.
diff --git a/src/content/partials/networking-services/cloudflare-wan/zero-trust/warp.mdx b/src/content/partials/networking-services/cloudflare-wan/zero-trust/warp.mdx
index 9977e64c33ce600..e9548bec15bb13b 100644
--- a/src/content/partials/networking-services/cloudflare-wan/zero-trust/warp.mdx
+++ b/src/content/partials/networking-services/cloudflare-wan/zero-trust/warp.mdx
@@ -85,7 +85,7 @@ Since Cloudflare One Client traffic is already protected on its own, set up Clou
 
 To learn which IP addresses and UDP ports you should exclude to accomplish this, refer to <a href={props.warpIngressIpURL}>WARP ingress IP</a>.
 
-### the Cloudflare One Client and {props.mwanConnectorName}
+### The Cloudflare One Client and {props.mwanConnectorName}
 
 <Render
 	file="mconn/network-options/app-aware-policies/warp-traffic"