diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings.mdx
index f6f3f0e7550e25..e9f3c5f446d3fa 100644
--- a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings.mdx
+++ b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings.mdx
@@ -3,12 +3,11 @@ pcx_content_type: reference
title: Profile settings
sidebar:
order: 4
-
---
-import { Badge } from "~/components"
+import { Badge } from "~/components";
-This page lists the advanced settings available when configuring a predefined or custom DLP profile.
+This page lists the advanced settings available when configuring a [predefined](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/) or [custom](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/#build-a-custom-profile) DLP profile.
## Match count
diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx
index 4b6a0d54f3e85d..4d2d34f1b1ea03 100644
--- a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx
+++ b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx
@@ -5,9 +5,11 @@ sidebar:
order: 2
---
+import { Render } from "~/components";
+
Cloudflare Zero Trust provides predefined DLP profiles for common types of sensitive data. Some profiles include built-in validation checks to increase detection granularity. Additionally, you can configure [advanced settings](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings/) for predefined profiles.
-## Credentials and secrets
+## Credentials and Secrets
The following secrets are validated with regex.
@@ -16,9 +18,14 @@ The following secrets are validated with regex.
- Azure API keys
- SSH keys
-## Financial information
+## Financial Information
+
+
-Credit card numbers begin with a six or eight-digit Issuer Identification Number (IIN) and are followed by up to 23 additional digits. CVVs are not validated.
+Credit card numbers begin with a six or eight-digit Issuer Identification Number (IIN) and are followed by up to 23 additional digits. Card verification values (CVVs) are not validated.
| Detection entry | Notes |
| -------------------------------- | --------------------------------------------------------------------------------- |
@@ -35,7 +42,7 @@ Credit card numbers begin with a six or eight-digit Issuer Identification Number
| United States ABA Routing Number | Validated algorithmically with checksum. |
| IBAN | Validated with checksum. |
-## Health information
+## Health Information
The following diagnosis and medication names are checked for surrounding ASCII characters to prevent false positives.
@@ -43,9 +50,14 @@ The following diagnosis and medication names are checked for surrounding ASCII c
- FDA drug names
- ICD-10 FY2023 short descriptions
-## National identifiers
+## Social Security, Insurance, Tax, and Identifier Numbers
+
+
-Detections are validated algorithmically when possible.
+The following national identifier detections are validated algorithmically when possible.
| Detection entry | Notes |
| ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -64,7 +76,7 @@ Detections are validated algorithmically when possible.
| United Kingdom NHS Number | Validated with checksum. |
| United Kingdom National Insurance Number | Validated with regex. |
-## Source code
+## Source Code
The following programming languages are validated with natural language processing (NLP).
diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx
index 1e416c4e0e4ea3..877ec0ba762697 100644
--- a/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx
@@ -7,19 +7,17 @@ sidebar:
import { GlossaryDefinition } from "~/components";
-:::note
+:::note[Availability]
Available as an add-on to Zero Trust Enterprise plans.
+
+Users on Zero Trust Free and Pay-as-you-go plans can use the [Financial Information](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/#financial-information) and [Social Security, Insurance, Tax, and Identifier Numbers](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/#social-security-insurance-tax-and-identifier-numbers) predefined profiles, [payload logging](/cloudflare-one/policies/data-loss-prevention/dlp-policies/payload-logging/), and [false positive reporting](/cloudflare-one/policies/data-loss-prevention/dlp-policies/#report-false-positives).
:::
## Data in transit
-:::note
-DLP requires [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) for visibility into data in transit. The depth of visibility varies for each site or application.
-:::
-
-Data Loss Prevention complements [Secure Web Gateway](/cloudflare-one/policies/gateway/) to detect sensitive data transferred in HTTP requests. DLP scans the entire HTTP body, which may include [uploaded or downloaded files](#supported-file-types), chat messages, forms, and other web content. DLP does not scan non-HTTP traffic such as email, nor does it scan any traffic that bypasses Cloudflare Gateway (for example, traffic that matches a [Do Not Inspect](/cloudflare-one/policies/gateway/http-policies/#do-not-inspect) policy.
+Data Loss Prevention complements [Secure Web Gateway](/cloudflare-one/policies/gateway/) to detect sensitive data transferred in HTTP requests. DLP scans the entire HTTP body, which may include [uploaded or downloaded files](#supported-file-types), chat messages, forms, and other web content. DLP does not scan non-HTTP traffic such as email, nor does it scan any traffic that bypasses Cloudflare Gateway (for example, traffic that matches a [Do Not Inspect](/cloudflare-one/policies/gateway/http-policies/#do-not-inspect) policy. The depth of visibility into data in transit varies for each site or application.
To get started, refer to [Scan HTTP traffic with DLP](/cloudflare-one/policies/data-loss-prevention/dlp-policies/).
diff --git a/src/content/partials/cloudflare-one/casb/data-loss-prevention.mdx b/src/content/partials/cloudflare-one/casb/data-loss-prevention.mdx
index 17531d4bb26a49..5f560329941481 100644
--- a/src/content/partials/cloudflare-one/casb/data-loss-prevention.mdx
+++ b/src/content/partials/cloudflare-one/casb/data-loss-prevention.mdx
@@ -1,10 +1,5 @@
---
{}
-
---
-
-
These findings will only appear if you [added DLP profiles](/cloudflare-one/applications/scan-apps/casb-dlp/) to your CASB integration.
-
-
diff --git a/src/content/partials/cloudflare-one/data-loss-prevention/predefined-profile.mdx b/src/content/partials/cloudflare-one/data-loss-prevention/predefined-profile.mdx
index df691e75cd5223..850bc2eb764325 100644
--- a/src/content/partials/cloudflare-one/data-loss-prevention/predefined-profile.mdx
+++ b/src/content/partials/cloudflare-one/data-loss-prevention/predefined-profile.mdx
@@ -1,6 +1,5 @@
---
{}
-
---
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DLP** > **DLP Profiles**.
diff --git a/src/content/partials/cloudflare-one/data-loss-prevention/profile-all-plans.mdx b/src/content/partials/cloudflare-one/data-loss-prevention/profile-all-plans.mdx
new file mode 100644
index 00000000000000..376087701d7a00
--- /dev/null
+++ b/src/content/partials/cloudflare-one/data-loss-prevention/profile-all-plans.mdx
@@ -0,0 +1,7 @@
+---
+{}
+---
+
+:::note[Availability]
+This predefined profile is available on all Zero Trust plans.
+:::