diff --git a/src/content/docs/cloudflare-challenges/reference/challenge-solve-rate.mdx b/src/content/docs/cloudflare-challenges/reference/challenge-solve-rate.mdx
index c66c3ee3eff3561..d649a6f8bc75193 100644
--- a/src/content/docs/cloudflare-challenges/reference/challenge-solve-rate.mdx
+++ b/src/content/docs/cloudflare-challenges/reference/challenge-solve-rate.mdx
@@ -5,9 +5,13 @@ sidebar:
order: 2
---
-import { Render } from "~/components"
+The challenge solve rate (CSR) is the percentage of issued challenges — Interactive Challenge, JS Challenge, or Managed Challenge actions — that were solved.
-
+```sql
+CSR = number of challenges solved / number of challenges issued
+```
+
+This metric helps you evaluate your rule's effectiveness, as well as whether you need to make any adjustments to the rule's criteria or action. Rules in Challenge mode will start generating Challenge Solve Rate data (CSR) which indicates the false positive percentage.
You can find the CSR of a rule by going to its corresponding dashboard page:
diff --git a/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx b/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx
index 1dc4920c9134cf5..eaead212ba7b425 100644
--- a/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx
+++ b/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx
@@ -21,4 +21,24 @@ You do not have to obtain permission from Cloudflare to launch a DDoS attack sim
It is recommended that you choose the right service and enable the correct features to test against the corresponding DDoS attacks. For example, if you want to test Cloudflare against an HTTP DDoS attack and you are only using Magic Transit, the test is going to fail because you need to onboard your HTTP application to Cloudflare's reverse proxy service to test our HTTP DDoS Protection.
-
+### **For WAF/CDN customers:**
+
+* Attack origin region
+* Attack duration
+* Attack window (UTC)
+* Attack method
+* Traffic estimate in both requests per second (rps) and bandwidth (Gbps/Mbps/MBps)
+* Target IPs, ports, ranges, zones, hostnames, full URLs
+* Contact in case of emergency
+
+### For Magic Transit and Spectrum customers:
+
+* Attack origin region
+* Attack duration
+* Attack date & timeframe
+* Attack method
+* Target IPs, ports, ranges, zones, hostnames, full URLs
+* Protocol
+* Traffic estimate in both requests per second (rps) and bandwidth (Gbps/Mbps/MBps)
+* Max packet/bit rate
+* Contact in case of emergency
diff --git a/src/content/docs/fundamentals/account/account-security/manage-active-sessions.mdx b/src/content/docs/fundamentals/account/account-security/manage-active-sessions.mdx
index d4efac76ffa56e4..51907f59c4c3411 100644
--- a/src/content/docs/fundamentals/account/account-security/manage-active-sessions.mdx
+++ b/src/content/docs/fundamentals/account/account-security/manage-active-sessions.mdx
@@ -10,7 +10,10 @@ import { Render } from "~/components"
## View active sessions
-
+To view the active sessions associated with your email address:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com).
+2. Go to **My Profile** > **Sessions**.
## Revoke active sessions
diff --git a/src/content/docs/fundamentals/account/create-account.mdx b/src/content/docs/fundamentals/account/create-account.mdx
index 799b94eb0b4a960..1a78852ba999a48 100644
--- a/src/content/docs/fundamentals/account/create-account.mdx
+++ b/src/content/docs/fundamentals/account/create-account.mdx
@@ -10,7 +10,13 @@ description: Learn how to create a new Cloudflare account.
import { Render } from "~/components"
-
+To create a Cloudflare account:
+
+1. Go to the [Sign up page](https://dash.cloudflare.com/sign-up).
+2. Enter your **Email** and **Password**.
+3. Select **Create Account**.
+
+Once you create your account, Cloudflare will automatically send an email to your address to [verify that email address](/fundamentals/user-profiles/verify-email-address/).
## Account name
diff --git a/src/content/docs/fundamentals/api/get-started/account-owned-tokens.mdx b/src/content/docs/fundamentals/api/get-started/account-owned-tokens.mdx
index 48dda6ad445f8d3..6ecf477c8f8d8c4 100644
--- a/src/content/docs/fundamentals/api/get-started/account-owned-tokens.mdx
+++ b/src/content/docs/fundamentals/api/get-started/account-owned-tokens.mdx
@@ -8,6 +8,88 @@ description: Learn what account owned tokens are, when to use them, and what the
---
-import { Render } from "~/components"
+While user tokens act on behalf of a particular user and inherit a subset of that user's permissions, account owned tokens allow you to set up durable integrations that can act as service principals with their own specific set of permissions. This approach is ideal for scenarios like CI/CD, or building integrations with external services like SEIMs where it is important that the integration continues working, even long after the user who configured the integration may have left your organization altogether. User tokens are better for ad hoc tasks like scripting, where acting as the user is ideal and durability is less of a concern.
-
\ No newline at end of file
+## Create an account owned token
+
+:::note
+Creating an account owned token requires Super Administrator permission on the account
+:::
+
+1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com).
+2. Go to **Manage Account** > **Account API Tokens**.
+3. Select **Create Token** and fill in the token name, permissions, and the optional expiration date for the token.
+4. Select **Continue to summary** and review the details.
+5. Select **Create Token**.
+
+Alternatively, you can create a token using the [account owned token creation API](/api/resources/accounts/subresources/tokens/methods/create/).
+
+Refer to the [blog post](https://blog.cloudflare.com/account-owned-tokens-automated-actions-zaraz/) for more information.
+
+## Compatibility matrix
+
+Account owned tokens are generally available for all accounts. Some services may not support account owned tokens yet. Refer to the compatibility matrix below for the latest status.
+
+| Product | Compatibility |
+| ------------------------------- | ------------- |
+| Access | ✅ |
+| Account Analytics | ✅ |
+| Account Management | ✅ |
+| AI Gateway | ✅ |
+| AMP | ✅ |
+| API Shield | ✅ |
+| Argo | ✅ |
+| Billing | ✅ |
+| Cache | ✅ |
+| Tiered Cache | ✅ |
+| Cloud Connector | ✅ |
+| Configuration Rules | ✅ |
+| Custom Lists | ❌ |
+| Custom Pages | ✅ |
+| D1 | ✅ |
+| Data Loss Prevention | ✅ |
+| Digital Experience Monitoring | ✅ |
+| Distributed Web | ✅ |
+| DNS | ✅ |
+| Durable Objects | ✅ |
+| Email Relay | ✅ |
+| Secure Web Gateway | ✅ |
+| Healthchecks | ✅ |
+| Hyperdrive | ✅ |
+| Images | ✅ |
+| Intel Data Platform | ❌ |
+| Load Balancing | ✅ |
+| Log Explorer | ✅ |
+| Magic Network Monitoring | ✅ |
+| Magic Transit | ✅ |
+| Magic WAN | ✅ |
+| Managed Rules | ✅ |
+| Network Error Logging | ✅ |
+| Page Rules | ❌ |
+| Page Shield | ✅ |
+| Pages | ✅ |
+| Pub/Sub | ❌ |
+| R2 | ✅ |
+| Radar | ✅ |
+| Registrar | ❌ |
+| Rulesets | ✅ |
+| Spectrum | ❌ |
+| Speed | ✅ |
+| SSL/TLS | ✅ |
+| Stream | ✅ |
+| Super Bot Fight Mode | ❌ |
+| Trace | ✅ |
+| Tunnels | ✅ |
+| Turnstile | ❌ |
+| Vectorize | ✅ |
+| Waiting Room | ✅ |
+| Workers | ✅ |
+| Workers AI | ✅ |
+| Workers KV | ✅ |
+| Workers Observability | ❌ |
+| Workers Queues | ✅ |
+| Workflows | ✅ |
+| Zaraz | ✅ |
+| Zero Trust Client Platform | ❌ |
+| Zero Trust Devices and Services | ✅ |
+| Zone/Domain Management | ✅ |
diff --git a/src/content/docs/fundamentals/api/get-started/create-token.mdx b/src/content/docs/fundamentals/api/get-started/create-token.mdx
index b62178dcf8ee40f..ada9075aa4ea0dd 100644
--- a/src/content/docs/fundamentals/api/get-started/create-token.mdx
+++ b/src/content/docs/fundamentals/api/get-started/create-token.mdx
@@ -10,4 +10,61 @@ description: Learn how to create a token to perform actions using the Cloudflare
import { Render } from "~/components"
-
+:::note[Prerequisite]
+
+Before you begin, [find your zone and account IDs](/fundamentals/account/find-account-and-zone-ids/).
+
+:::
+
+1. Determine if you want a user token or an [Account owned token](/fundamentals/api/get-started/account-owned-tokens/). Use Account owned tokens if you prefer service tokens that are not associated with users and your [desired API endpoints are compatible](/fundamentals/api/get-started/account-owned-tokens/#compatibility-matrix).
+2. From the [Cloudflare dashboard](https://dash.cloudflare.com/profile/api-tokens/), go to **My Profile** > **API Tokens** for user tokens. For Account Tokens, go to **Manage Account** > **API Tokens**.
+3. Select **Create Token**.
+4. Select a template from the available [API token templates](/fundamentals/api/reference/template/) or create a custom token. The following example uses the **Edit zone DNS** template.
+5. Add or edit the token name to describe why or how the token is used. Templates are prefilled with a token name and permissions.
+
+ 
+
+6. Modify the token's permissions. After selecting a permissions group (*Account*, *User*, or *Zone*), choose what level of access to grant the token. Most groups offer `Edit` or `Read` options. `Edit` is full CRUDL (create, read, update, delete, list) access, while `Read` is the read permission and list where appropriate. Refer to the [available token permissions](/fundamentals/api/reference/permissions/) for more information.
+7. Select which resources the token is authorized to access. For example, granting `Zone DNS Read` access to a zone `example.com` will allow the token to read DNS records only for that specific zone. Any other zone will return an error for DNS record reads operations. Any other operation on that zone will also return an error.
+8. (Optional) Restrict how a token is used in the **Client IP Address Filtering** and **TTL (time to live)** fields.
+9. Select **Continue to summary**.
+10. Review the token summary. Select **Edit token** to make adjustments. You can also edit a token after creation.
+
+ 
+
+11. Select **Create Token** to generate the token's secret.
+12. Copy the secret to a secure place.
+
+
+
+
+
+The token secret page also includes an example command to test the token. Use the `/user/tokens/verify` endpoint to fetch the current status of the given token.
+
+```bash
+curl "https://api.cloudflare.com/client/v4/user/tokens/verify" \
+--header "Authorization: Bearer "
+```
+
+The result:
+
+```json
+{
+ "result": {
+ "id": "100bf38cc8393103870917dd535e0628",
+ "status": "active"
+ },
+ "success": true,
+ "errors": [],
+ "messages": [
+ {
+ "code": 10000,
+ "message": "This API Token is valid and active",
+ "type": null
+ }
+ ]
+}
+```
+
+With this you have successfully created an API token and can start working with the Cloudflare API. After creating your first API token, you can create additional API tokens [via the API](/fundamentals/api/how-to/create-via-api/).
+
diff --git a/src/content/docs/fundamentals/concepts/cloudflare-ip-addresses.mdx b/src/content/docs/fundamentals/concepts/cloudflare-ip-addresses.mdx
index eeb0bfd097d471f..622c7565ebb568a 100644
--- a/src/content/docs/fundamentals/concepts/cloudflare-ip-addresses.mdx
+++ b/src/content/docs/fundamentals/concepts/cloudflare-ip-addresses.mdx
@@ -6,23 +6,62 @@ sidebar:
---
-import { Render } from "~/components"
+import { GlossaryTooltip, Render } from "~/components"
-
+Cloudflare has several [IP address ranges](https://www.cloudflare.com/ips/) which are shared by all proxied hostnames.
+
+Together, these IP addresses form the backbone of our [anycast network](https://www.cloudflare.com/learning/cdn/glossary/anycast-network/), helping distribute traffic amongst various edge network servers.
+
+:::note
+
+Cloudflare uses other IP ranges for various products and services, but these addresses will not make connections to your origin.
+
+:::
## Allow Cloudflare IP addresses
-
+All traffic to [proxied DNS records](/dns/proxy-status/) passes through Cloudflare before reaching your origin server. This means that your origin server will stop receiving traffic from individual visitor IP addresses and instead receive traffic from [Cloudflare IP addresses](https://www.cloudflare.com/ips), which are shared by all proxied hostnames.
+
+This setup can cause issues if your origin server blocks or rate limits connections from Cloudflare IP addresses. Because all visitor traffic will appear to come from Cloudflare IP addresses, blocking these IPs — even accidentally — will prevent visitor traffic from reaching your application.
+
+In addition, allowing Cloudflare IPs might be needed to avoid rate limiting or blocking these requests at your origin server.
+
+For [Magic Transit](/magic-transit/) customers, Cloudflare routes the traffic instead of proxying it. Once Cloudflare starts advertising your IP prefixes, it will accept IP packets destined for your network, process them, and then output these packets to your origin infrastructure.
## Configure origin server
### Allowlist Cloudflare IP addresses
-
+To avoid blocking Cloudflare IP addresses unintentionally, you also want to allow Cloudflare IP addresses at your origin web server.
+
+You can explicitly allow these IP addresses with a [.htaccess file](https://httpd.apache.org/docs/trunk/mod/mod_authz_core.html#require) or by using [iptables](https://www.linode.com/docs/security/firewalls/control-network-traffic-with-iptables/#block-or-allow-traffic-by-port-number-to-create-an-iptables-firewall).
+
+The following example demonstrates how you could use an iptables rule to allow a Cloudflare IP address range. Replace `$ip` below with one of the [Cloudflare IP address ranges](https://www.cloudflare.com/ips).
+
+```bash
+# For IPv4 addresses
+$ iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
+
+# For IPv6 addresses
+$ ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
+```
+
+For more specific guidance, contact your hosting provider or website administrator.
### Block other IP addresses (recommended)
-
+As a best practice, we also recommend that you explicitly block all traffic that does not come from Cloudflare IP addresses or the IP addresses of your trusted partners, vendors, or applications.
+
+For example, you might [update your iptables](https://www.linode.com/docs/guides/control-network-traffic-with-iptables/#block-or-allow-traffic-by-port-number-to-create-an-iptables-firewall) with the following commands:
+
+```sh
+# For IPv4 addresses
+iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
+# For IPv6 addresses
+ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP
+```
+
+For more specific guidance, contact your hosting provider or website administrator.
## Review external tools
@@ -39,7 +78,12 @@ For further recommendations on securing your origin server, refer to our guide o
### Customize Cloudflare IP addresses
-
+If they do not want to use Cloudflare IP addresses — which are shared by all proxied hostnames — Enterprise customers have two potential alternatives:
+
+* [**Bring Your Own IP (BYOIP)**](/byoip/): Cloudflare announces your IPs (an IP address range you lease/own) in all of our [locations](https://www.cloudflare.com/network/).
+* **Static IP addresses**: Cloudflare sets static IP addresses for your domain. For more details, contact your account team.
+
+Business and Enterprise customers can also reduce the number of Cloudflare IPs that their domain shares with other Cloudflare customer domains by [uploading a Custom SSL certificate](/ssl/edge-certificates/custom-certificates/).
### IP range updates
diff --git a/src/content/docs/fundamentals/concepts/traffic-flow-cloudflare.mdx b/src/content/docs/fundamentals/concepts/traffic-flow-cloudflare.mdx
index af23385f5dc3a06..7698514304ab539 100644
--- a/src/content/docs/fundamentals/concepts/traffic-flow-cloudflare.mdx
+++ b/src/content/docs/fundamentals/concepts/traffic-flow-cloudflare.mdx
@@ -5,6 +5,55 @@ sidebar:
order: 3
---
-import { Render } from "~/components";
+Internet traffic is made up of people, services, and agents requesting online resources from wherever they are hosted. Your resources may be publicly available, like a website or application that anyone on the Internet can access. Or your resources may be privately available, like an internal app or network that only your employees and partners should be able to access.
-
\ No newline at end of file
+Both public and private resources can be connected to the Cloudflare network to ensure only good actors can access what they are supposed to be able to access with high performance.
+
+For example, you may not always want the direct traffic because it can come from malicious sources, like hackers, or in the form of [DDoS attacks](https://www.cloudflare.com/learning/ddos/ddos-attack-tools/how-to-ddos/). Additionally, depending on the location where the request originated, you want to ensure the traffic is [routed through the most efficient and fastest path](/argo-smart-routing/).
+
+## Cloudflare's network
+
+[Cloudflare's global network](https://www.cloudflare.com/network/), coupled with [Anycast](https://www.cloudflare.com/learning/dns/what-is-anycast-dns/) IP addressing, ensures that requests are handled by a Cloudflare server that is as close to the source as possible.
+
+If you want to protect your traffic and ensure it travels efficiently, you need to configure Cloudflare to be in front of whatever you are trying to protect, such as your application, service, or server. How you put your resources behind Cloudflare's network will depend on the type of traffic and how you want to control it.
+
+## On-ramp and off-ramp traffic
+
+Traffic that enters Cloudflare's network is referred to as "on-ramping," and traffic that exits Cloudflare's network is referred to as "off-ramping." You may also know this as ingress and egress or "routing your traffic" through a network.
+
+### On-ramp traffic to Cloudflare
+
+When you on-ramp traffic to Cloudflare, this allows Cloudflare to act on, secure, and increase performance of that traffic.
+
+One example of on-ramping traffic to Cloudflare is updating your public website to use Cloudflare as the primary authoritative [DNS provider](/fundamentals/concepts/how-cloudflare-works/#cloudflare-as-a-dns-provider) for your domain.
+
+However, maybe you need to protect a private application that is not directly available on the Internet. In this scenario, you can:
+
+* Connect your private application to Cloudflare using [secure tunnels](/cloudflare-one/connections/connect-networks/), and use a [device agent](/cloudflare-one/connections/connect-devices/warp/) to connect as a user.
+* For users already connected to a private company network, connect the entire network to Cloudflare using secure tunnels, and any request from a user device will access the private application through those tunnels.
+
+With these options, any request from a user device can access internal private applications via the secure private tunnels.
+
+Refer to the list below for products you can use to on-ramp traffic to Cloudflare.
+
+* [Anycast routing](https://www.cloudflare.com/learning/cdn/glossary/anycast-network/) uses Anycast IP addressing to route traffic to the nearest Cloudflare data center. Selective routing allows an Anycast network to be resilient in the face of high traffic volume, network congestion, and[ DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/).
+* [DNS-based](/fundamentals/concepts/how-cloudflare-works/#cloudflare-as-a-dns-provider) traffic resolves domains onboarded to [Cloudflare's CDN](/fundamentals/concepts/how-cloudflare-works/). Cloudflare's DNS directs traffic to Cloudflare's global network of servers instead of a website's origin server.
+* [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/) connects your resources to Cloudflare without a publicly routable IP address so that your origins can serve traffic through Cloudflare without being vulnerable to attacks that bypass Cloudflare.
+* [Magic Transit](/magic-transit/about/) offers DDoS protection, traffic acceleration, and more for on-premise, cloud-hosted, and hybrid networks by accepting IP packets destined for your network, processing them, and outputting the packets to your origin infrastructure.
+* The [Cloudflare WARP client](/cloudflare-one/connections/connect-devices/warp/) securely and privately sends traffic from corporate devices to Cloudflare's global network while also applying advanced Zero Trust policies that check for a device's health before it connects to corporate applications.
+
+### Off-ramp traffic from Cloudflare
+
+If you need to ensure traffic leaves Cloudflare's network in a specific way, you can manage how traffic is off-ramped.
+
+For example, if you need to adhere to [regional laws](/data-localization/regional-services/) that dictate user traffic and require data never leaves your country, you can configure off-ramp and on-ramp traffic on servers in the same geographical area.
+
+Or maybe you want to force traffic to off-ramp in a certain country to maintain your user's experience. For example, if you have employees in India who travel frequently, you can configure the off-ramp traffic to always appear to come from India so websites they visit maintain their language and preferences.
+
+You can also utilize [caching](/cache/) to help with performance. Instead of off-ramp traffic going to a server across the globe, Cloudflare can cache that content locally for the user to reduce the overall time for their request.
+
+Refer to the list below for products you can use to off-ramp traffic from Cloudflare.
+
+* [Argo Smart Routing](/argo-smart-routing/) detects real-time network issues and routes your web traffic across the most efficient network path, avoiding congestion.
+* [Cache](/cache/) works with cached content to avoid off-ramping to origin servers and instead serving directly from Cloudflare's global network.
+* [Regional services](/data-localization/regional-services/) lets you choose which subset of data centers decrypt and service HTTPS traffic, which can help customers who have to meet regional compliance or have preferences for maintaining regional control over their data.
\ No newline at end of file
diff --git a/src/content/docs/fundamentals/index.mdx b/src/content/docs/fundamentals/index.mdx
index 3ac127864c59d0a..cbaf6320acb2e55 100644
--- a/src/content/docs/fundamentals/index.mdx
+++ b/src/content/docs/fundamentals/index.mdx
@@ -16,4 +16,11 @@ Before you get started, we recommend reviewing [Concepts](/fundamentals/concepts
## Additional resources
-
+Refer to the list below for additional Cloudflare resources.
+
+- [Cloudflare blog](https://blog.cloudflare.com)
+- [Cloudflare's Go library](https://github.com/cloudflare/cloudflare-go)
+- [Cloudflare system status](https://www.cloudflarestatus.com/)
+- [Cloudflare Radar](https://radar.cloudflare.com)
+- [Cloudflare TV](https://cloudflare.tv/schedule)
+- [Terraform](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)
diff --git a/src/content/docs/fundamentals/manage-domains/add-site.mdx b/src/content/docs/fundamentals/manage-domains/add-site.mdx
index a53091cf8bd00be..e63737b6427b96e 100644
--- a/src/content/docs/fundamentals/manage-domains/add-site.mdx
+++ b/src/content/docs/fundamentals/manage-domains/add-site.mdx
@@ -4,7 +4,7 @@ pcx_content_type: tutorial
---
-import { Render } from "~/components"
+import { GlossaryTooltip, Render } from "~/components"
If you purchased your domain from a different provider, you can still connect the domain to Cloudflare. After you connect your domain to Cloudflare, Cloudflare will act as the [reverse proxy](/fundamentals/concepts/how-cloudflare-works/#cloudflare-as-a-reverse-proxy) and [DNS provider](/fundamentals/concepts/how-cloudflare-works/#cloudflare-as-a-dns-provider) for your site.
@@ -20,7 +20,27 @@ To use Cloudflare as a reverse proxy but maintain your DNS provider, refer to [p
## 1. Add site in Cloudflare
-
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login).
+2. Select **Add a domain**.
+3. Enter your website's apex domain (for example, `example.com`), choose how you would like to add your [DNS records](/dns/manage-dns-records/), and select **Continue**.
+ :::note
+ If Cloudflare is unable to identify your domain as a registered domain, make sure you are using an existing [top-level domain](https://www.cloudflare.com/learning/dns/top-level-domain/) (`.com`, `.net`, `.biz`, or others).
+
+ Cloudflare requires your apex domain to be one level below a valid TLD defined in the [Public Suffix List (PSL)](https://github.com/publicsuffix/list/blob/master/public_suffix_list.dat). Enterprise customers can onboard lower-level subdomains using [Subdomain setup](/dns/zone-setups/subdomain-setup/).
+ :::
+
+4. Select a [plan](https://www.cloudflare.com/plans/#compare-features).
+5. [Review your DNS records](/dns/zone-setups/full-setup/setup/#review-dns-records) to ensure none are missing. Your DNS records must accurate for your domain to work properly.
+
+
+
+ 1.
+
+
+
+ 2. If you find any missing records, [manually add](/dns/manage-dns-records/how-to/create-dns-records/) those records.
+ 3. Depending on your site setup, you may want to adjust the [proxy status](/dns/proxy-status/) for certain `A`, `AAAA`, or `CNAME` records.
+ 4. Select **Continue**.
## 2. Update nameservers
diff --git a/src/content/docs/fundamentals/manage-domains/manage-subdomains.mdx b/src/content/docs/fundamentals/manage-domains/manage-subdomains.mdx
index 29afcfd5ff11500..e8623a4f88d89e6 100644
--- a/src/content/docs/fundamentals/manage-domains/manage-subdomains.mdx
+++ b/src/content/docs/fundamentals/manage-domains/manage-subdomains.mdx
@@ -4,7 +4,7 @@ title: Manage subdomains
---
-import { Render } from "~/components"
+import { Example, Render } from "~/components"
Once you have [added your domain to Cloudflare](/fundamentals/manage-domains/add-site/) and [updated your nameservers](/dns/zone-setups/full-setup/), you also might want to set up a subdomain.
@@ -18,11 +18,59 @@ If you have already added a subdomain at your host, create a corresponding [DNS
### Redirect a subdomain to the apex domain
-
+Sometimes, you might want all traffic to a subdomain (`www.example.com`) to actually go to your apex domain (`example.com`).
+
+1. Create a [proxied DNS A record](/dns/manage-dns-records/how-to/create-dns-records/) for your subdomain. This record can point to any IP address since all traffic will be redirected prior to reaching the address.
+
+ | **Type** | **Name** | **IPv4 address** | **Proxy status** |
+ | -------- | -------- | ---------------- | ---------------- |
+ | A | `www` | `192.0.2.1` | Proxied |
+
+2. Create a [Single Redirect](/rules/url-forwarding/single-redirects/create-dashboard/) to forward traffic from your subdomain to your apex domain.
+
+
+
+**When incoming requests match**
+
+Using the Expression Editor:
+`(http.request.full_uri contains "www.example.com")`
+
+**Then**
+
+* **Type:** *Dynamic*
+* **Expression:** `concat("https://","example.com",http.request.uri.path)`
+* **Status code:** *301*
+
+
### Redirect the apex domain to a subdomain
-
+Sometimes, you might want all traffic to your apex domain (`example.com`) to actually go to a subdomain (`www.example.com`).
+
+1. If you have already added that subdomain at your host, create a corresponding [DNS A or CNAME record](/dns/manage-dns-records/how-to/create-dns-records/) for that subdomain.
+
+2. Create a proxied DNS A record for your apex domain. This record can point to any IP address since all traffic will be redirected prior to reaching the address.
+
+ | **Type** | **Name** | **IPv4 address** | **Proxy status** |
+ | -------- | -------- | ---------------- | ---------------- |
+ | A | `@` | `192.0.2.1` | Proxied |
+
+3. Create a [Single Redirect](/rules/url-forwarding/single-redirects/create-dashboard/) to forward traffic from your apex domain to your subdomain.
+
+
+
+**When incoming requests match**
+
+Using the Expression Editor:
+`(lower(http.host) eq "example.com")`
+
+**Then**
+
+* **Type:** *Dynamic*
+* **Expression:** `concat("https://","www.example.com",http.request.uri.path)`
+* **Status code:** *301*
+
+
## SSL/TLS for subdomains
diff --git a/src/content/docs/fundamentals/performance/minimize-downtime.mdx b/src/content/docs/fundamentals/performance/minimize-downtime.mdx
index fcc3d981eb60af2..b8d861a03a477a5 100644
--- a/src/content/docs/fundamentals/performance/minimize-downtime.mdx
+++ b/src/content/docs/fundamentals/performance/minimize-downtime.mdx
@@ -6,4 +6,47 @@ pcx_content_type: tutorial
import { Render } from "~/components"
-
+When making any change to the routing of an Internet application, there is always a possibility of downtime due to certificate issuance, misconfigured settings, or limitations at your origin server. To avoid downtime when going live, it is important to review the most common configurations.
+
+## Update and review DNS records
+
+Before activating your domain on Cloudflare (exact steps depend on your [DNS setup](/dns/zone-setups/)), review the DNS records in your Cloudflare account.
+
+### Start with unproxied records
+
+With a new domain, make sure all of your DNS records have a [proxy status](/dns/proxy-status/) of **DNS-only**.
+
+This setting prevents Cloudflare from proxying your traffic before you have an active edge certificate or before you have allowed Cloudflare IP addresses.
+
+### Confirm record accuracy
+
+Take extra time to confirm the accuracy of your DNS records before activating your domain, paying special attention to:
+
+- [Zone apex records (`example.com`)](/dns/manage-dns-records/how-to/create-zone-apex/)
+- [Subdomain records (`www.example.com` or `blog.example.com`)](/dns/manage-dns-records/how-to/create-subdomain/)
+- [Email records](/dns/manage-dns-records/how-to/email-records/)
+
+If you add DNS records to your authoritative DNS provider between onboarding your domain and activating your domain, you may need to also add these records within Cloudflare.
+
+## Activate your domain
+
+Finish the [DNS setup](/dns/zone-setups/) for your domain, moving the [domain status](/dns/zone-setups/reference/domain-status/) to **Active**:
+
+- [Full setups](/dns/zone-setups/full-setup/setup/): Update the authoritative nameservers at your registrar and wait for that change to be authenticated.
+- [Partial setups](/dns/zone-setups/partial-setup/setup/): Add the verification TXT record to your authoritative DNS and wait for that change to be authenticated.
+
+## Verify SSL/TLS edge certificates
+
+Before proxying your traffic through Cloudflare, [verify](/ssl/reference/certificate-statuses/#monitor-certificate-statuses) that Cloudflare has an active **Edge Certificate** for your domain.
+
+For more details about timing and certificate recommendations, refer to [Certificate issuance](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#full-dns-setup).
+
+## Optional - Test configuration
+
+You may want to test your configuration using your local machine or proxying traffic from a development domain or subdomain.
+
+If you experience issues, you should make sure that you have [allowed Cloudflare IP addresses](/fundamentals/concepts/cloudflare-ip-addresses/) at your origin server.
+
+## Update proxy status
+
+Once you have verified that your SSL/TLS edge certificate is active and you have allowed Cloudflare IP addresses, change the [proxy status](/dns/proxy-status/) of appropriate DNS records to **Proxied**.
diff --git a/src/content/docs/fundamentals/reference/network-layers.mdx b/src/content/docs/fundamentals/reference/network-layers.mdx
index d1fd23bee04841c..bca308bca72d452 100644
--- a/src/content/docs/fundamentals/reference/network-layers.mdx
+++ b/src/content/docs/fundamentals/reference/network-layers.mdx
@@ -4,6 +4,20 @@ title: Network Layers
---
-import { Render } from "~/components"
+Below is a list of the different layers that makes up the [open systems interconnection (OSI) model](https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/) and the associated Cloudflare products.
-
+:::note
+
+The list of related products is representative but not comprehensive.
+
+:::
+
+| Network layer | Protocol and related products |
+| -------------------- | ------------------------- |
+| 7 Application layer | **HTTP, DNS**
[Authoritative DNS](/dns), [Bot Management](/bots), [CDN](/cache/), [Cloudflare Access](/cloudflare-one/policies/access/), [Cloudflare Gateway](/cloudflare-one/policies/gateway/) (outbound only), [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/), [Load Balancing](/load-balancing/understand-basics/proxy-modes/), [Stream](/stream/), [WAF](/waf/) |
+| 6 Presentation layer | |
+| 5 Session layer | |
+| 4 Transport layer | **TCP/UDP**
[Argo Smart Routing](/argo-smart-routing/), [Cloudflare Gateway](/cloudflare-one/policies/gateway/) (outbound only), [Load Balancing](/load-balancing/understand-basics/proxy-modes/), [Spectrum](/spectrum/) |
+| 3 Network layer | **IP, GRE, any packet/protocol**
[Magic Firewall](/magic-firewall), [Magic Transit](/magic-transit), [Magic WAN](/magic-wan) |
+| 2 Datalink layer | **Direct connection**
[Cloudflare Network Interconnect (CNI)](/network-interconnect) |
+| 1 Physical layer | **Direct connection**
[Cloudflare Network Interconnect (CNI)](/network-interconnect) |
diff --git a/src/content/docs/fundamentals/security/protect-your-origin-server.mdx b/src/content/docs/fundamentals/security/protect-your-origin-server.mdx
index 49639ee3cc91e2c..9d84e01c2ff3625 100644
--- a/src/content/docs/fundamentals/security/protect-your-origin-server.mdx
+++ b/src/content/docs/fundamentals/security/protect-your-origin-server.mdx
@@ -7,13 +7,22 @@ head:
---
-import { Render } from "~/components"
+import { GlossaryTooltip, Render } from "~/components"
-
+Your [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server) is a physical or virtual machine that is not owned by Cloudflare and hosts your application content (data, webpages, etc.).
+
+Receiving too many requests can be bad for your origin. These requests might increase latency for visitors, incur higher costs — particularly for cloud-based machines — and could knock your application offline.
## Secure origin connections
-
+When you secure origin connections, it prevents attackers from discovering and overloading your origin server with requests.
+
+* **DNS**:
+
+ 1. **Proxy records** (when possible): Set up [proxied (orange-clouded) DNS records](/dns/proxy-status/) to hide your origin IP addresses and provide DDoS protection. As part of this, you should [allow Cloudflare IP addresses](/fundamentals/concepts/cloudflare-ip-addresses/) at your origin to prevent requests from being blocked.
+ 2. **Review DNS-only records**: Audit existing **DNS-only** records (`SPF`, `TXT`, and more) to make sure they do not contain origin IP information.
+ 3. **Evaluate mail infrastructure**: If possible, do not host a mail service on the same server as the web resource you want to protect, since emails sent to non-existent addresses get bounced back to the attacker and reveal the mail server IP.
+ 4. **Rotate origin IPs**: Once [onboarded](/dns/zone-setups/full-setup/setup/#verify-changes), rotate your origin IPs, as DNS records are in the public domain. Historical records are kept and would contain IP addresses prior to joining Cloudflare
### Application layer
@@ -33,13 +42,19 @@ import { Render } from "~/components"
For passive monitoring, [create notifications](/notifications/get-started/#create-a-notification) for **Origin Error Rate Alerts** to receive alerts when your origin returns 5xx codes above a configurable threshold and **Passive Origin Monitoring** to see when Cloudflare is unable to reach your origin for a few minutes.
-
+For more active monitoring, set up [standalone health checks](/health-checks/) for your origin.
+
+:::note
-
+If you have multiple servers and want to proactively prevent origin problems, [set up load balancing](/load-balancing/) as an add-on service.
+
+:::
### Zero Downtime Failover
-
+If you have another *A* or *AAAA* record in your Cloudflare **DNS** or your Cloudflare **Load Balancer** provides another endpoint in the same pool, **Zero-Downtime Failover** automatically retries requests to your origin even before a Load Balancing decision is made.
+
+
## Reduce origin traffic
@@ -49,11 +64,12 @@ For more details, refer to [Secure your website](/learning-paths/application-sec
### Increase caching
-
+The [cache](/cache/) stores data from your application (webpages, etc.) at Cloudflare data centers around the world, which reduces the number of requests sent to your origin server.
### Distribute traffic
-
+To randomly distribute traffic across multiple servers, [set up multiple DNS records](/dns/manage-dns-records/how-to/round-robin-dns/).
+
+For more fine-grained control over traffic distribution — including automatic failover, intelligent routing, and more — set up our [add-on load balancing service](/load-balancing/).
-\
-
+To protect specific endpoints from being overwhelmed by traffic spikes, [set up a waiting room](/waiting-room/).
diff --git a/src/content/docs/fundamentals/user-profiles/verify-email-address.mdx b/src/content/docs/fundamentals/user-profiles/verify-email-address.mdx
index 989aa062bd6d239..0da3f4ee81558fd 100644
--- a/src/content/docs/fundamentals/user-profiles/verify-email-address.mdx
+++ b/src/content/docs/fundamentals/user-profiles/verify-email-address.mdx
@@ -6,6 +6,42 @@ sidebar:
---
-import { Render } from "~/components"
+For security reasons, Cloudflare attempts to verify the email address associated with your account. You cannot perform certain tasks within the Cloudflare dashboard -- for example, [adding a new member](/fundamentals/manage-members/manage/#add-account-members), [changing your email address](/fundamentals/user-profiles/change-password-or-email/#change-email-address) or [updating your communication preferences](/fundamentals/user-profiles/customize-account/#notifications) -- without verifying your email.
-
\ No newline at end of file
+## When creating your account
+
+When you first [create an account](/fundamentals/account/create-account/), Cloudflare automatically sends a message to the email address you provided for your account.
+
+To verify your email:
+
+1. Log in to your email provider and find your recent message from Cloudflare. If you cannot find the message, check your Spam folder.
+2. Go to the link in the email.
+3. Log in to Cloudflare to verify the email address associated with your account.
+
+:::note
+
+If someone else used your email to sign up for a Cloudflare account, you can remove this account by going to our [unintended registration](https://dash.cloudflare.com/unintended-registration) page and entering the information at the end of your confirmation email.
+
+:::
+
+## Resend verification emails
+
+If you cannot find your verification email or your email has expired, request another verification email:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com).
+2. Go to **My Profile**.
+3. For **Email Address**, select **Send verification email** (if this option is not available, your email has already been verified).
+
+## Verification issues
+
+If you experience issues with your verification link, you might have already verified your email address.
+
+To check your verification:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com).
+2. Go to **My Profile**.
+3. For **Email Address**, your email address will have `(verified)` added after it.
+
+If your email is still not verified, try clicking the verification link in a different browser or a private window.
+
+If this still does not work, try [resending](#resend-verification-emails) the verification email to get a new verification link.
\ No newline at end of file
diff --git a/src/content/docs/learning-paths/prevent-ddos-attacks/baseline/proxy-dns-records.mdx b/src/content/docs/learning-paths/prevent-ddos-attacks/baseline/proxy-dns-records.mdx
index 0ec593bade18d0b..4aab88296907ab9 100644
--- a/src/content/docs/learning-paths/prevent-ddos-attacks/baseline/proxy-dns-records.mdx
+++ b/src/content/docs/learning-paths/prevent-ddos-attacks/baseline/proxy-dns-records.mdx
@@ -12,7 +12,41 @@ The first - and often easiest - step of DDoS protection is making sure your DNS
## How it works
-
+### Without Cloudflare
+
+Without Cloudflare, DNS lookups for your application's URL return the IP address of your [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server/).
+
+| URL | Returned IP address |
+| ------------- | ------------------- |
+| `example.com` | `192.0.2.1` |
+
+When using Cloudflare with [unproxied DNS records](/dns/proxy-status/), DNS lookups for unproxied domains or subdomains also return your origin's IP address.
+
+Another way of thinking about this concept is that visitors directly connect with your origin server.
+
+```mermaid
+ flowchart LR
+ accTitle: Connections without Cloudflare
+ A[Visitor] <-- Connection --> B[Origin server]
+```
+
+### With Cloudflare
+
+With Cloudflare — meaning your domain or subdomain is using [proxied DNS records](/dns/proxy-status/) — DNS lookups for your application's URL will resolve to [Cloudflare anycast IPs](https://www.cloudflare.com/ips/) instead of their original DNS target.
+
+| URL | Returned IP address |
+| ------------- | ------------------- |
+| `example.com` | `104.16.77.250` |
+
+All requests intended for proxied hostnames are directed to Cloudflare first and then forwarded to your origin server.
+
+```mermaid
+ flowchart LR
+ accTitle: Connections with Cloudflare
+ A[Visitor] <-- Connection --> B[Cloudflare global network] <-- Connection --> C[Origin server]
+```
+
+Cloudflare assigns specific anycast IPs to your domain dynamically and these IPs may change at any time. This is an expected part of the operation of our anycast network and does not affect the proxy behavior described above.
## How it helps
diff --git a/src/content/partials/fundamentals/account-owned-tokens.mdx b/src/content/partials/fundamentals/account-owned-tokens.mdx
deleted file mode 100644
index 103c240beee5210..000000000000000
--- a/src/content/partials/fundamentals/account-owned-tokens.mdx
+++ /dev/null
@@ -1,85 +0,0 @@
-While user tokens act on behalf of a particular user and inherit a subset of that user's permissions, account owned tokens allow you to set up durable integrations that can act as service principals with their own specific set of permissions. This approach is ideal for scenarios like CI/CD, or building integrations with external services like SEIMs where it is important that the integration continues working, even long after the user who configured the integration may have left your organization altogether. User tokens are better for ad hoc tasks like scripting, where acting as the user is ideal and durability is less of a concern.
-
-## Create an account owned token
-
-:::note
-Creating an account owned token requires Super Administrator permission on the account
-:::
-
-1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com).
-2. Go to **Manage Account** > **Account API Tokens**.
-3. Select **Create Token** and fill in the token name, permissions, and the optional expiration date for the token.
-4. Select **Continue to summary** and review the details.
-5. Select **Create Token**.
-
-Alternatively, you can create a token using the [account owned token creation API](/api/resources/accounts/subresources/tokens/methods/create/).
-
-Refer to the [blog post](https://blog.cloudflare.com/account-owned-tokens-automated-actions-zaraz/) for more information.
-
-## Compatibility matrix
-
-Account owned tokens are generally available for all accounts. Some services may not support account owned tokens yet. Refer to the compatibility matrix below for the latest status.
-
-| Product | Compatibility |
-| ------------------------------- | ------------- |
-| Access | ✅ |
-| Account Analytics | ✅ |
-| Account Management | ✅ |
-| AI Gateway | ✅ |
-| AMP | ✅ |
-| API Shield | ✅ |
-| Argo | ✅ |
-| Billing | ✅ |
-| Cache | ✅ |
-| Tiered Cache | ✅ |
-| Cloud Connector | ✅ |
-| Configuration Rules | ✅ |
-| Custom Lists | ❌ |
-| Custom Pages | ✅ |
-| D1 | ✅ |
-| Data Loss Prevention | ✅ |
-| Digital Experience Monitoring | ✅ |
-| Distributed Web | ✅ |
-| DNS | ✅ |
-| Durable Objects | ✅ |
-| Email Relay | ✅ |
-| Secure Web Gateway | ✅ |
-| Healthchecks | ✅ |
-| Hyperdrive | ✅ |
-| Images | ✅ |
-| Intel Data Platform | ❌ |
-| Load Balancing | ✅ |
-| Log Explorer | ✅ |
-| Magic Network Monitoring | ✅ |
-| Magic Transit | ✅ |
-| Magic WAN | ✅ |
-| Managed Rules | ✅ |
-| Network Error Logging | ✅ |
-| Page Rules | ❌ |
-| Page Shield | ✅ |
-| Pages | ✅ |
-| Pub/Sub | ❌ |
-| R2 | ✅ |
-| Radar | ✅ |
-| Registrar | ❌ |
-| Rulesets | ✅ |
-| Spectrum | ❌ |
-| Speed | ✅ |
-| SSL/TLS | ✅ |
-| Stream | ✅ |
-| Super Bot Fight Mode | ❌ |
-| Trace | ✅ |
-| Tunnels | ✅ |
-| Turnstile | ❌ |
-| Vectorize | ✅ |
-| Waiting Room | ✅ |
-| Workers | ✅ |
-| Workers AI | ✅ |
-| Workers KV | ✅ |
-| Workers Observability | ❌ |
-| Workers Queues | ✅ |
-| Workflows | ✅ |
-| Zaraz | ✅ |
-| Zero Trust Client Platform | ❌ |
-| Zero Trust Devices and Services | ✅ |
-| Zone/Domain Management | ✅ |
diff --git a/src/content/partials/fundamentals/account-view-active-sessions.mdx b/src/content/partials/fundamentals/account-view-active-sessions.mdx
deleted file mode 100644
index 4673f6b6d5202b2..000000000000000
--- a/src/content/partials/fundamentals/account-view-active-sessions.mdx
+++ /dev/null
@@ -1,9 +0,0 @@
----
-{}
-
----
-
-To view the active sessions associated with your email address:
-
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com).
-2. Go to **My Profile** > **Sessions**.
diff --git a/src/content/partials/fundamentals/add-site.mdx b/src/content/partials/fundamentals/add-site.mdx
deleted file mode 100644
index c401cf259f9dc2d..000000000000000
--- a/src/content/partials/fundamentals/add-site.mdx
+++ /dev/null
@@ -1,27 +0,0 @@
----
-{}
----
-
-import { GlossaryTooltip, Render } from "~/components";
-
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login).
-2. Select **Add a domain**.
-3. Enter your website's apex domain (for example, `example.com`), choose how you would like to add your [DNS records](/dns/manage-dns-records/), and select **Continue**.
- :::note
- If Cloudflare is unable to identify your domain as a registered domain, make sure you are using an existing [top-level domain](https://www.cloudflare.com/learning/dns/top-level-domain/) (`.com`, `.net`, `.biz`, or others).
-
- Cloudflare requires your apex domain to be one level below a valid TLD defined in the [Public Suffix List (PSL)](https://github.com/publicsuffix/list/blob/master/public_suffix_list.dat). Enterprise customers can onboard lower-level subdomains using [Subdomain setup](/dns/zone-setups/subdomain-setup/).
- :::
-
-4. Select a [plan](https://www.cloudflare.com/plans/#compare-features).
-5. [Review your DNS records](/dns/zone-setups/full-setup/setup/#review-dns-records) to ensure none are missing. Your DNS records must accurate for your domain to work properly.
-
-
-
- 1.
-
-
-
- 2. If you find any missing records, [manually add](/dns/manage-dns-records/how-to/create-dns-records/) those records.
- 3. Depending on your site setup, you may want to adjust the [proxy status](/dns/proxy-status/) for certain `A`, `AAAA`, or `CNAME` records.
- 4. Select **Continue**.
diff --git a/src/content/partials/fundamentals/allow-cloudflare-ips-tactical.mdx b/src/content/partials/fundamentals/allow-cloudflare-ips-tactical.mdx
deleted file mode 100644
index 6666e010d12f0b9..000000000000000
--- a/src/content/partials/fundamentals/allow-cloudflare-ips-tactical.mdx
+++ /dev/null
@@ -1,20 +0,0 @@
----
-{}
-
----
-
-To avoid blocking Cloudflare IP addresses unintentionally, you also want to allow Cloudflare IP addresses at your origin web server.
-
-You can explicitly allow these IP addresses with a [.htaccess file](https://httpd.apache.org/docs/trunk/mod/mod_authz_core.html#require) or by using [iptables](https://www.linode.com/docs/security/firewalls/control-network-traffic-with-iptables/#block-or-allow-traffic-by-port-number-to-create-an-iptables-firewall).
-
-The following example demonstrates how you could use an iptables rule to allow a Cloudflare IP address range. Replace `$ip` below with one of the [Cloudflare IP address ranges](https://www.cloudflare.com/ips).
-
-```bash
-# For IPv4 addresses
-$ iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
-
-# For IPv6 addresses
-$ ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
-```
-
-For more specific guidance, contact your hosting provider or website administrator.
diff --git a/src/content/partials/fundamentals/allow-cloudflare-ips.mdx b/src/content/partials/fundamentals/allow-cloudflare-ips.mdx
deleted file mode 100644
index 297237f50f8ece9..000000000000000
--- a/src/content/partials/fundamentals/allow-cloudflare-ips.mdx
+++ /dev/null
@@ -1,14 +0,0 @@
----
-{}
-
----
-
-import { GlossaryTooltip } from "~/components"
-
-All traffic to [proxied DNS records](/dns/proxy-status/) passes through Cloudflare before reaching your origin server. This means that your origin server will stop receiving traffic from individual visitor IP addresses and instead receive traffic from [Cloudflare IP addresses](https://www.cloudflare.com/ips), which are shared by all proxied hostnames.
-
-This setup can cause issues if your origin server blocks or rate limits connections from Cloudflare IP addresses. Because all visitor traffic will appear to come from Cloudflare IP addresses, blocking these IPs — even accidentally — will prevent visitor traffic from reaching your application.
-
-In addition, allowing Cloudflare IPs might be needed to avoid rate limiting or blocking these requests at your origin server.
-
-For [Magic Transit](/magic-transit/) customers, Cloudflare routes the traffic instead of proxying it. Once Cloudflare starts advertising your IP prefixes, it will accept IP packets destined for your network, process them, and then output these packets to your origin infrastructure.
diff --git a/src/content/partials/fundamentals/block-cloudflare-ips-tactical.mdx b/src/content/partials/fundamentals/block-cloudflare-ips-tactical.mdx
deleted file mode 100644
index ea90a87214c7457..000000000000000
--- a/src/content/partials/fundamentals/block-cloudflare-ips-tactical.mdx
+++ /dev/null
@@ -1,16 +0,0 @@
----
-{}
----
-
-As a best practice, we also recommend that you explicitly block all traffic that does not come from Cloudflare IP addresses or the IP addresses of your trusted partners, vendors, or applications.
-
-For example, you might [update your iptables](https://www.linode.com/docs/guides/control-network-traffic-with-iptables/#block-or-allow-traffic-by-port-number-to-create-an-iptables-firewall) with the following commands:
-
-```sh
-# For IPv4 addresses
-iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
-# For IPv6 addresses
-ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP
-```
-
-For more specific guidance, contact your hosting provider or website administrator.
diff --git a/src/content/partials/fundamentals/challenge-solve-rate.mdx b/src/content/partials/fundamentals/challenge-solve-rate.mdx
deleted file mode 100644
index eeb3574f1e1f5f8..000000000000000
--- a/src/content/partials/fundamentals/challenge-solve-rate.mdx
+++ /dev/null
@@ -1,12 +0,0 @@
----
-{}
-
----
-
-The challenge solve rate (CSR) is the percentage of issued challenges — Interactive Challenge, JS Challenge, or Managed Challenge actions — that were solved.
-
-```sql
-CSR = number of challenges solved / number of challenges issued
-```
-
-This metric helps you evaluate your rule's effectiveness, as well as whether you need to make any adjustments to the rule's criteria or action. Rules in Challenge mode will start generating Challenge Solve Rate data (CSR) which indicates the false positive percentage.
diff --git a/src/content/partials/fundamentals/cloudflare-ips.mdx b/src/content/partials/fundamentals/cloudflare-ips.mdx
deleted file mode 100644
index b8685159bd1c1aa..000000000000000
--- a/src/content/partials/fundamentals/cloudflare-ips.mdx
+++ /dev/null
@@ -1,16 +0,0 @@
----
-{}
-
----
-
-Cloudflare has several [IP address ranges](https://www.cloudflare.com/ips/) which are shared by all proxied hostnames.
-
-Together, these IP addresses form the backbone of our [anycast network](https://www.cloudflare.com/learning/cdn/glossary/anycast-network/), helping distribute traffic amongst various edge network servers.
-
-:::note
-
-
-Cloudflare uses other IP ranges for various products and services, but these addresses will not make connections to your origin.
-
-
-:::
diff --git a/src/content/partials/fundamentals/cloudflare-resources.mdx b/src/content/partials/fundamentals/cloudflare-resources.mdx
deleted file mode 100644
index ad952da30fd41e7..000000000000000
--- a/src/content/partials/fundamentals/cloudflare-resources.mdx
+++ /dev/null
@@ -1,13 +0,0 @@
----
-{}
-
----
-
-Refer to the list below for additional Cloudflare resources.
-
-- [Cloudflare blog](https://blog.cloudflare.com)
-- [Cloudflare's Go library](https://github.com/cloudflare/cloudflare-go)
-- [Cloudflare system status](https://www.cloudflarestatus.com/)
-- [Cloudflare Radar](https://radar.cloudflare.com)
-- [Cloudflare TV](https://cloudflare.tv/schedule)
-- [Terraform](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)
diff --git a/src/content/partials/fundamentals/create-account.mdx b/src/content/partials/fundamentals/create-account.mdx
deleted file mode 100644
index dfbd26182b29d36..000000000000000
--- a/src/content/partials/fundamentals/create-account.mdx
+++ /dev/null
@@ -1,12 +0,0 @@
----
-{}
-
----
-
-To create a Cloudflare account:
-
-1. Go to the [Sign up page](https://dash.cloudflare.com/sign-up).
-2. Enter your **Email** and **Password**.
-3. Select **Create Account**.
-
-Once you create your account, Cloudflare will automatically send an email to your address to [verify that email address](/fundamentals/user-profiles/verify-email-address/).
diff --git a/src/content/partials/fundamentals/create-token.mdx b/src/content/partials/fundamentals/create-token.mdx
deleted file mode 100644
index 96fe6afb605c9ce..000000000000000
--- a/src/content/partials/fundamentals/create-token.mdx
+++ /dev/null
@@ -1,75 +0,0 @@
----
-{}
-
----
-
-import { Render } from "~/components"
-
-:::note[Prerequisite]
-
-
-Before you begin, [find your zone and account IDs](/fundamentals/account/find-account-and-zone-ids/).
-
-
-:::
-
-1. Determine if you want a user token or an [Account owned token](/fundamentals/api/get-started/account-owned-tokens/). Use Account owned tokens if you prefer service tokens that are not associated with users and your [desired API endpoints are compatible](/fundamentals/api/get-started/account-owned-tokens/#compatibility-matrix).
-
-2. From the [Cloudflare dashboard](https://dash.cloudflare.com/profile/api-tokens/), go to **My Profile** > **API Tokens** for user tokens. For Account Tokens, go to **Manage Account** > **API Tokens**.
-
-3. Select **Create Token**.
-
-4. Select a template from the available [API token templates](/fundamentals/api/reference/template/) or create a custom token. The following example uses the **Edit zone DNS** template.
-
-5. Add or edit the token name to describe why or how the token is used. Templates are prefilled with a token name and permissions.
-
- 
-
-6. Modify the token's permissions. After selecting a permissions group (*Account*, *User*, or *Zone*), choose what level of access to grant the token. Most groups offer `Edit` or `Read` options. `Edit` is full CRUDL (create, read, update, delete, list) access, while `Read` is the read permission and list where appropriate. Refer to the [available token permissions](/fundamentals/api/reference/permissions/) for more information.
-
-7. Select which resources the token is authorized to access. For example, granting `Zone DNS Read` access to a zone `example.com` will allow the token to read DNS records only for that specific zone. Any other zone will return an error for DNS record reads operations. Any other operation on that zone will also return an error.
-
-8. (Optional) Restrict how a token is used in the **Client IP Address Filtering** and **TTL (time to live)** fields.
-
-9. Select **Continue to summary**.
-
-10. Review the token summary. Select **Edit token** to make adjustments. You can also edit a token after creation.
-
- 
-
-11. Select **Create Token** to generate the token's secret.
-
-12. Copy the secret to a secure place.
-
-
-
-
-
-The token secret page also includes an example command to test the token. Use the `/user/tokens/verify` endpoint to fetch the current status of the given token.
-
-```bash
-curl "https://api.cloudflare.com/client/v4/user/tokens/verify" \
---header "Authorization: Bearer "
-```
-
-The result:
-
-```json
-{
- "result": {
- "id": "100bf38cc8393103870917dd535e0628",
- "status": "active"
- },
- "success": true,
- "errors": [],
- "messages": [
- {
- "code": 10000,
- "message": "This API Token is valid and active",
- "type": null
- }
- ]
-}
-```
-
-With this you have successfully created an API token and can start working with the Cloudflare API. After creating your first API token, you can create additional API tokens [via the API](/fundamentals/api/how-to/create-via-api/).
diff --git a/src/content/partials/fundamentals/customize-cloudflare-ips.mdx b/src/content/partials/fundamentals/customize-cloudflare-ips.mdx
deleted file mode 100644
index 7181d5008d62216..000000000000000
--- a/src/content/partials/fundamentals/customize-cloudflare-ips.mdx
+++ /dev/null
@@ -1,11 +0,0 @@
----
-{}
-
----
-
-If they do not want to use Cloudflare IP addresses — which are shared by all proxied hostnames — Enterprise customers have two potential alternatives:
-
-* [**Bring Your Own IP (BYOIP)**](/byoip/): Cloudflare announces your IPs (an IP address range you lease/own) in all of our [locations](https://www.cloudflare.com/network/).
-* **Static IP addresses**: Cloudflare sets static IP addresses for your domain. For more details, contact your account team.
-
-Business and Enterprise customers can also reduce the number of Cloudflare IPs that their domain shares with other Cloudflare customer domains by [uploading a Custom SSL certificate](/ssl/edge-certificates/custom-certificates/).
diff --git a/src/content/partials/fundamentals/dns-zero-downtime-failover.mdx b/src/content/partials/fundamentals/dns-zero-downtime-failover.mdx
deleted file mode 100644
index 90b6392cd6fc416..000000000000000
--- a/src/content/partials/fundamentals/dns-zero-downtime-failover.mdx
+++ /dev/null
@@ -1,10 +0,0 @@
----
-{}
-
----
-
-import { GlossaryTooltip, Render } from "~/components"
-
-If you have another *A* or *AAAA* record in your Cloudflare **DNS** or your Cloudflare **Load Balancer** provides another endpoint in the same pool, **Zero-Downtime Failover** automatically retries requests to your origin even before a Load Balancing decision is made.
-
-
diff --git a/src/content/partials/fundamentals/minimize-downtime.mdx b/src/content/partials/fundamentals/minimize-downtime.mdx
deleted file mode 100644
index d368f7fab8d5839..000000000000000
--- a/src/content/partials/fundamentals/minimize-downtime.mdx
+++ /dev/null
@@ -1,48 +0,0 @@
----
-{}
----
-
-When making any change to the routing of an Internet application, there is always a possibility of downtime due to certificate issuance, misconfigured settings, or limitations at your origin server. To avoid downtime when going live, it is important to review the most common configurations.
-
-## Update and review DNS records
-
-Before activating your domain on Cloudflare (exact steps depend on your [DNS setup](/dns/zone-setups/)), review the DNS records in your Cloudflare account.
-
-### Start with unproxied records
-
-With a new domain, make sure all of your DNS records have a [proxy status](/dns/proxy-status/) of **DNS-only**.
-
-This setting prevents Cloudflare from proxying your traffic before you have an active edge certificate or before you have allowed Cloudflare IP addresses.
-
-### Confirm record accuracy
-
-Take extra time to confirm the accuracy of your DNS records before activating your domain, paying special attention to:
-
-- [Zone apex records (`example.com`)](/dns/manage-dns-records/how-to/create-zone-apex/)
-- [Subdomain records (`www.example.com` or `blog.example.com`)](/dns/manage-dns-records/how-to/create-subdomain/)
-- [Email records](/dns/manage-dns-records/how-to/email-records/)
-
-If you add DNS records to your authoritative DNS provider between onboarding your domain and activating your domain, you may need to also add these records within Cloudflare.
-
-## Activate your domain
-
-Finish the [DNS setup](/dns/zone-setups/) for your domain, moving the [domain status](/dns/zone-setups/reference/domain-status/) to **Active**:
-
-- [Full setups](/dns/zone-setups/full-setup/setup/): Update the authoritative nameservers at your registrar and wait for that change to be authenticated.
-- [Partial setups](/dns/zone-setups/partial-setup/setup/): Add the verification TXT record to your authoritative DNS and wait for that change to be authenticated.
-
-## Verify SSL/TLS edge certificates
-
-Before proxying your traffic through Cloudflare, [verify](/ssl/reference/certificate-statuses/#monitor-certificate-statuses) that Cloudflare has an active **Edge Certificate** for your domain.
-
-For more details about timing and certificate recommendations, refer to [Certificate issuance](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#full-dns-setup).
-
-## Optional - Test configuration
-
-You may want to test your configuration using your local machine or proxying traffic from a development domain or subdomain.
-
-If you experience issues, you should make sure that you have [allowed Cloudflare IP addresses](/fundamentals/concepts/cloudflare-ip-addresses/) at your origin server.
-
-## Update proxy status
-
-Once you have verified that your SSL/TLS edge certificate is active and you have allowed Cloudflare IP addresses, change the [proxy status](/dns/proxy-status/) of appropriate DNS records to **Proxied**.
diff --git a/src/content/partials/fundamentals/network-layers.mdx b/src/content/partials/fundamentals/network-layers.mdx
deleted file mode 100644
index 3a2632d9c98d4a2..000000000000000
--- a/src/content/partials/fundamentals/network-layers.mdx
+++ /dev/null
@@ -1,24 +0,0 @@
----
-{}
-
----
-
-Below is a list of the different layers that makes up the [open systems interconnection (OSI) model](https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/) and the associated Cloudflare products.
-
-:::note
-
-
-The list of related products is representative but not comprehensive.
-
-
-:::
-
-| Network layer | Protocol and related products |
-| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| 7 Application layer | **HTTP, DNS**
[Authoritative DNS](/dns), [Bot Management](/bots), [CDN](/cache/), [Cloudflare Access](/cloudflare-one/policies/access/), [Cloudflare Gateway](/cloudflare-one/policies/gateway/) (outbound only), [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/), [Load Balancing](/load-balancing/understand-basics/proxy-modes/), [Stream](/stream/), [WAF](/waf/) |
-| 6 Presentation layer | |
-| 5 Session layer | |
-| 4 Transport layer | **TCP/UDP**
[Argo Smart Routing](/argo-smart-routing/), [Cloudflare Gateway](/cloudflare-one/policies/gateway/) (outbound only), [Load Balancing](/load-balancing/understand-basics/proxy-modes/), [Spectrum](/spectrum/) |
-| 3 Network layer | **IP, GRE, any packet/protocol**
[Magic Firewall](/magic-firewall), [Magic Transit](/magic-transit), [Magic WAN](/magic-wan) |
-| 2 Datalink layer | **Direct connection**
[Cloudflare Network Interconnect (CNI)](/network-interconnect) |
-| 1 Physical layer | **Direct connection**
[Cloudflare Network Interconnect (CNI)](/network-interconnect) |
diff --git a/src/content/partials/fundamentals/origin-caching.mdx b/src/content/partials/fundamentals/origin-caching.mdx
deleted file mode 100644
index 48c30fe96fad59d..000000000000000
--- a/src/content/partials/fundamentals/origin-caching.mdx
+++ /dev/null
@@ -1,6 +0,0 @@
----
-{}
-
----
-
-The [cache](/cache/) stores data from your application (webpages, etc.) at Cloudflare data centers around the world, which reduces the number of requests sent to your origin server.
diff --git a/src/content/partials/fundamentals/origin-health-check.mdx b/src/content/partials/fundamentals/origin-health-check.mdx
deleted file mode 100644
index d5665caa94b100f..000000000000000
--- a/src/content/partials/fundamentals/origin-health-check.mdx
+++ /dev/null
@@ -1,6 +0,0 @@
----
-{}
-
----
-
-For more active monitoring, set up [standalone health checks](/health-checks/) for your origin.
diff --git a/src/content/partials/fundamentals/origin-health-overview.mdx b/src/content/partials/fundamentals/origin-health-overview.mdx
deleted file mode 100644
index 02eaa7e301821d4..000000000000000
--- a/src/content/partials/fundamentals/origin-health-overview.mdx
+++ /dev/null
@@ -1,8 +0,0 @@
----
-{}
-
----
-
-Your [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server) is a physical or virtual machine that is not owned by Cloudflare and hosts your application content (data, webpages, etc.).
-
-Receiving too many requests can be bad for your origin. These requests might increase latency for visitors, incur higher costs — particularly for cloud-based machines — and could knock your application offline.
diff --git a/src/content/partials/fundamentals/origin-lb-alert.mdx b/src/content/partials/fundamentals/origin-lb-alert.mdx
deleted file mode 100644
index 0b3f2c47aa0cae4..000000000000000
--- a/src/content/partials/fundamentals/origin-lb-alert.mdx
+++ /dev/null
@@ -1,12 +0,0 @@
----
-{}
-
----
-
-:::note
-
-
-If you have multiple servers and want to proactively prevent origin problems, [set up load balancing](/load-balancing/) as an add-on service.
-
-
-:::
diff --git a/src/content/partials/fundamentals/origin-load-balancing.mdx b/src/content/partials/fundamentals/origin-load-balancing.mdx
deleted file mode 100644
index 3504ba96ab97a4a..000000000000000
--- a/src/content/partials/fundamentals/origin-load-balancing.mdx
+++ /dev/null
@@ -1,8 +0,0 @@
----
-{}
-
----
-
-To randomly distribute traffic across multiple servers, [set up multiple DNS records](/dns/manage-dns-records/how-to/round-robin-dns/).
-
-For more fine-grained control over traffic distribution — including automatic failover, intelligent routing, and more — set up our [add-on load balancing service](/load-balancing/).
diff --git a/src/content/partials/fundamentals/origin-secure-dns.mdx b/src/content/partials/fundamentals/origin-secure-dns.mdx
deleted file mode 100644
index 2cec91c0b7f01c5..000000000000000
--- a/src/content/partials/fundamentals/origin-secure-dns.mdx
+++ /dev/null
@@ -1,13 +0,0 @@
----
-{}
-
----
-
-When you secure origin connections, it prevents attackers from discovering and overloading your origin server with requests.
-
-* **DNS**:
-
- 1. **Proxy records** (when possible): Set up [proxied (orange-clouded) DNS records](/dns/proxy-status/) to hide your origin IP addresses and provide DDoS protection. As part of this, you should [allow Cloudflare IP addresses](/fundamentals/concepts/cloudflare-ip-addresses/) at your origin to prevent requests from being blocked.
- 2. **Review DNS-only records**: Audit existing **DNS-only** records (`SPF`, `TXT`, and more) to make sure they do not contain origin IP information.
- 3. **Evaluate mail infrastructure**: If possible, do not host a mail service on the same server as the web resource you want to protect, since emails sent to non-existent addresses get bounced back to the attacker and reveal the mail server IP.
- 4. **Rotate origin IPs**: Once [onboarded](/dns/zone-setups/full-setup/setup/#verify-changes), rotate your origin IPs, as DNS records are in the public domain. Historical records are kept and would contain IP addresses prior to joining Cloudflare.
diff --git a/src/content/partials/fundamentals/origin-waiting-room.mdx b/src/content/partials/fundamentals/origin-waiting-room.mdx
deleted file mode 100644
index cf4df6c9470d447..000000000000000
--- a/src/content/partials/fundamentals/origin-waiting-room.mdx
+++ /dev/null
@@ -1,6 +0,0 @@
----
-{}
-
----
-
-To protect specific endpoints from being overwhelmed by traffic spikes, [set up a waiting room](/waiting-room/).
diff --git a/src/content/partials/fundamentals/proxy-status-effects.mdx b/src/content/partials/fundamentals/proxy-status-effects.mdx
deleted file mode 100644
index 36a01c57ee1feb8..000000000000000
--- a/src/content/partials/fundamentals/proxy-status-effects.mdx
+++ /dev/null
@@ -1,40 +0,0 @@
----
-{}
-
----
-
-### Without Cloudflare
-
-Without Cloudflare, DNS lookups for your application's URL return the IP address of your [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server/).
-
-| URL | Returned IP address |
-| ------------- | ------------------- |
-| `example.com` | `192.0.2.1` |
-
-When using Cloudflare with [unproxied DNS records](/dns/proxy-status/), DNS lookups for unproxied domains or subdomains also return your origin's IP address.
-
-Another way of thinking about this concept is that visitors directly connect with your origin server.
-
-```mermaid
- flowchart LR
- accTitle: Connections without Cloudflare
- A[Visitor] <-- Connection --> B[Origin server]
-```
-
-### With Cloudflare
-
-With Cloudflare — meaning your domain or subdomain is using [proxied DNS records](/dns/proxy-status/) — DNS lookups for your application's URL will resolve to [Cloudflare anycast IPs](https://www.cloudflare.com/ips/) instead of their original DNS target.
-
-| URL | Returned IP address |
-| ------------- | ------------------- |
-| `example.com` | `104.16.77.250` |
-
-All requests intended for proxied hostnames are directed to Cloudflare first and then forwarded to your origin server.
-
-```mermaid
- flowchart LR
- accTitle: Connections with Cloudflare
- A[Visitor] <-- Connection --> B[Cloudflare global network] <-- Connection --> C[Origin server]
-```
-
-Cloudflare assigns specific anycast IPs to your domain dynamically and these IPs may change at any time. This is an expected part of the operation of our anycast network and does not affect the proxy behavior described above.
diff --git a/src/content/partials/fundamentals/redirect-root-to-subdomain.mdx b/src/content/partials/fundamentals/redirect-root-to-subdomain.mdx
deleted file mode 100644
index e9f352928be0797..000000000000000
--- a/src/content/partials/fundamentals/redirect-root-to-subdomain.mdx
+++ /dev/null
@@ -1,33 +0,0 @@
----
-{}
-
----
-
-import { Example } from "~/components"
-
-Sometimes, you might want all traffic to your apex domain (`example.com`) to actually go to a subdomain (`www.example.com`).
-
-1. If you have already added that subdomain at your host, create a corresponding [DNS A or CNAME record](/dns/manage-dns-records/how-to/create-dns-records/) for that subdomain.
-
-2. Create a proxied DNS A record for your apex domain. This record can point to any IP address since all traffic will be redirected prior to reaching the address.
-
- | **Type** | **Name** | **IPv4 address** | **Proxy status** |
- | -------- | -------- | ---------------- | ---------------- |
- | A | `@` | `192.0.2.1` | Proxied |
-
-3. Create a [Single Redirect](/rules/url-forwarding/single-redirects/create-dashboard/) to forward traffic from your apex domain to your subdomain.
-
-
-
-**When incoming requests match**
-
-Using the Expression Editor:
-`(lower(http.host) eq "example.com")`
-
-**Then**
-
-* **Type:** *Dynamic*
-* **Expression:** `concat("https://","www.example.com",http.request.uri.path)`
-* **Status code:** *301*
-
-
diff --git a/src/content/partials/fundamentals/redirect-subdomain-to-root.mdx b/src/content/partials/fundamentals/redirect-subdomain-to-root.mdx
deleted file mode 100644
index 374f79ebb2a9a5d..000000000000000
--- a/src/content/partials/fundamentals/redirect-subdomain-to-root.mdx
+++ /dev/null
@@ -1,31 +0,0 @@
----
-{}
-
----
-
-import { Example } from "~/components"
-
-Sometimes, you might want all traffic to a subdomain (`www.example.com`) to actually go to your apex domain (`example.com`).
-
-1. Create a [proxied DNS A record](/dns/manage-dns-records/how-to/create-dns-records/) for your subdomain. This record can point to any IP address since all traffic will be redirected prior to reaching the address.
-
- | **Type** | **Name** | **IPv4 address** | **Proxy status** |
- | -------- | -------- | ---------------- | ---------------- |
- | A | `www` | `192.0.2.1` | Proxied |
-
-2. Create a [Single Redirect](/rules/url-forwarding/single-redirects/create-dashboard/) to forward traffic from your subdomain to your apex domain.
-
-
-
-**When incoming requests match**
-
-Using the Expression Editor:
-`(http.request.full_uri contains "www.example.com")`
-
-**Then**
-
-* **Type:** *Dynamic*
-* **Expression:** `concat("https://","example.com",http.request.uri.path)`
-* **Status code:** *301*
-
-
diff --git a/src/content/partials/fundamentals/support-ticket-information.mdx b/src/content/partials/fundamentals/support-ticket-information.mdx
deleted file mode 100644
index 7ee205d0de9a325..000000000000000
--- a/src/content/partials/fundamentals/support-ticket-information.mdx
+++ /dev/null
@@ -1,28 +0,0 @@
----
-{}
-
----
-
-import { Markdown } from "~/components"
-
-### **For WAF/CDN customers:**
-
-* {props.one} origin region
-* {props.one} duration
-* {props.one} window (UTC)
-* {props.one} method
-* Traffic estimate in both requests per second (rps) and bandwidth (Gbps/Mbps/MBps)
-* Target IPs, ports, ranges, zones, hostnames, full URLs
-* Contact in case of emergency
-
-### **For Magic Transit and Spectrum customers:**
-
-* {props.one} origin region
-* {props.one} duration
-* {props.one} date & timeframe
-* {props.one} method
-* Target IPs, ports, ranges, zones, hostnames, full URLs
-* Protocol
-* Traffic estimate in both requests per second (rps) and bandwidth (Gbps/Mbps/MBps)
-* Max packet/bit rate
-* Contact in case of emergency
diff --git a/src/content/partials/fundamentals/traffic-flow-cf.mdx b/src/content/partials/fundamentals/traffic-flow-cf.mdx
deleted file mode 100644
index b81ac0cf24bf1d8..000000000000000
--- a/src/content/partials/fundamentals/traffic-flow-cf.mdx
+++ /dev/null
@@ -1,57 +0,0 @@
----
-{}
-
----
-
-Internet traffic is made up of people, services, and agents requesting online resources from wherever they are hosted. Your resources may be publicly available, like a website or application that anyone on the Internet can access. Or your resources may be privately available, like an internal app or network that only your employees and partners should be able to access.
-
-Both public and private resources can be connected to the Cloudflare network to ensure only good actors can access what they are supposed to be able to access with high performance.
-
-For example, you may not always want the direct traffic because it can come from malicious sources, like hackers, or in the form of [DDoS attacks](https://www.cloudflare.com/learning/ddos/ddos-attack-tools/how-to-ddos/). Additionally, depending on the location where the request originated, you want to ensure the traffic is [routed through the most efficient and fastest path](/argo-smart-routing/).
-
-## Cloudflare's network
-
-[Cloudflare's global network](https://www.cloudflare.com/network/), coupled with [Anycast](https://www.cloudflare.com/learning/dns/what-is-anycast-dns/) IP addressing, ensures that requests are handled by a Cloudflare server that is as close to the source as possible.
-
-If you want to protect your traffic and ensure it travels efficiently, you need to configure Cloudflare to be in front of whatever you are trying to protect, such as your application, service, or server. How you put your resources behind Cloudflare's network will depend on the type of traffic and how you want to control it.
-
-## On-ramp and off-ramp traffic
-
-Traffic that enters Cloudflare's network is referred to as "on-ramping," and traffic that exits Cloudflare's network is referred to as "off-ramping." You may also know this as ingress and egress or "routing your traffic" through a network.
-
-### On-ramp traffic to Cloudflare
-
-When you on-ramp traffic to Cloudflare, this allows Cloudflare to act on, secure, and increase performance of that traffic.
-
-One example of on-ramping traffic to Cloudflare is updating your public website to use Cloudflare as the primary authoritative [DNS provider](/fundamentals/concepts/how-cloudflare-works/#cloudflare-as-a-dns-provider) for your domain.
-
-However, maybe you need to protect a private application that is not directly available on the Internet. In this scenario, you can:
-
-* Connect your private application to Cloudflare using [secure tunnels](/cloudflare-one/connections/connect-networks/), and use a [device agent](/cloudflare-one/connections/connect-devices/warp/) to connect as a user.
-* For users already connected to a private company network, connect the entire network to Cloudflare using secure tunnels, and any request from a user device will access the private application through those tunnels.
-
-With these options, any request from a user device can access internal private applications via the secure private tunnels.
-
-Refer to the list below for products you can use to on-ramp traffic to Cloudflare.
-
-* [Anycast routing](https://www.cloudflare.com/learning/cdn/glossary/anycast-network/) uses Anycast IP addressing to route traffic to the nearest Cloudflare data center. Selective routing allows an Anycast network to be resilient in the face of high traffic volume, network congestion, and[ DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/).
-* [DNS-based](/fundamentals/concepts/how-cloudflare-works/#cloudflare-as-a-dns-provider) traffic resolves domains onboarded to [Cloudflare's CDN](/fundamentals/concepts/how-cloudflare-works/). Cloudflare's DNS directs traffic to Cloudflare's global network of servers instead of a website's origin server.
-* [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/) connects your resources to Cloudflare without a publicly routable IP address so that your origins can serve traffic through Cloudflare without being vulnerable to attacks that bypass Cloudflare.
-* [Magic Transit](/magic-transit/about/) offers DDoS protection, traffic acceleration, and more for on-premise, cloud-hosted, and hybrid networks by accepting IP packets destined for your network, processing them, and outputting the packets to your origin infrastructure.
-* The [Cloudflare WARP client](/cloudflare-one/connections/connect-devices/warp/) securely and privately sends traffic from corporate devices to Cloudflare's global network while also applying advanced Zero Trust policies that check for a device's health before it connects to corporate applications.
-
-### Off-ramp traffic from Cloudflare
-
-If you need to ensure traffic leaves Cloudflare's network in a specific way, you can manage how traffic is off-ramped.
-
-For example, if you need to adhere to [regional laws](/data-localization/regional-services/) that dictate user traffic and require data never leaves your country, you can configure off-ramp and on-ramp traffic on servers in the same geographical area.
-
-Or maybe you want to force traffic to off-ramp in a certain country to maintain your user's experience. For example, if you have employees in India who travel frequently, you can configure the off-ramp traffic to always appear to come from India so websites they visit maintain their language and preferences.
-
-You can also utilize [caching](/cache/) to help with performance. Instead of off-ramp traffic going to a server across the globe, Cloudflare can cache that content locally for the user to reduce the overall time for their request.
-
-Refer to the list below for products you can use to off-ramp traffic from Cloudflare.
-
-* [Argo Smart Routing](/argo-smart-routing/) detects real-time network issues and routes your web traffic across the most efficient network path, avoiding congestion.
-* [Cache](/cache/) works with cached content to avoid off-ramping to origin servers and instead serving directly from Cloudflare's global network.
-* [Regional services](/data-localization/regional-services/) lets you choose which subset of data centers decrypt and service HTTPS traffic, which can help customers who have to meet regional compliance or have preferences for maintaining regional control over their data.
\ No newline at end of file
diff --git a/src/content/partials/fundamentals/verify-email-address.mdx b/src/content/partials/fundamentals/verify-email-address.mdx
deleted file mode 100644
index 05a2130cc20e75a..000000000000000
--- a/src/content/partials/fundamentals/verify-email-address.mdx
+++ /dev/null
@@ -1,49 +0,0 @@
----
-{}
----
-
-For security reasons, Cloudflare attempts to verify the email address associated with your account. You cannot perform certain tasks within the Cloudflare dashboard -- for example, [adding a new member](/fundamentals/manage-members/manage/#add-account-members), [changing your email address](/fundamentals/user-profiles/change-password-or-email/#change-email-address) or [updating your communication preferences](/fundamentals/user-profiles/customize-account/#notifications) -- without verifying your email.
-
-## When creating your account
-
-When you first [create an account](/fundamentals/account/create-account/), Cloudflare automatically sends a message to the email address you provided for your account.
-
-To verify your email:
-
-1. Log in to your email provider and find your recent message from Cloudflare. If you cannot find the message, check your Spam folder.
-2. Go to the link in the email.
-3. Log in to Cloudflare to verify the email address associated with your account.
-
-:::note
-
-
-If someone else used your email to sign up for a Cloudflare account, you can remove this account by going to our [unintended registration](https://dash.cloudflare.com/unintended-registration) page and entering the information at the end of your confirmation email.
-
-
-:::
-
-***
-
-## Resend verification emails
-
-If you cannot find your verification email or your email has expired, request another verification email:
-
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com).
-2. Go to **My Profile**.
-3. For **Email Address**, select **Send verification email** (if this option is not available, your email has already been verified).
-
-***
-
-## Verification issues
-
-If you experience issues with your verification link, you might have already verified your email address.
-
-To check your verification:
-
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com).
-2. Go to **My Profile**.
-3. For **Email Address**, your email address will have `(verified)` added after it.
-
-If your email is still not verified, try clicking the verification link in a different browser or a private window.
-
-If this still does not work, try [resending](#resend-verification-emails) the verification email to get a new verification link.