[ZT] WARP Client --> Cloudflare One Client (rename files) (#29027)

* [ZT] Rename WARP to Cloudflare One Client across cloudflare-one docs, partials, and cross-references

Applies WARP Client → Cloudflare One Client rename to ~241 files across
cloudflare-one docs (excluding already-done cloudflare-one-client/ and
warp-connector/), all partials, and cross-product references.

Preserves safe-list items: WARP tunnel, WARP Connector, warp-cli, warp-svc,
dashboard UI labels, API field names, code blocks, changelog prose,
WARP session/authentication feature names, and consumer WARP references.

* [ZT] Fix remaining standalone WARP references missed by initial pass

Updates ~40 additional standalone 'WARP' references across 30 files
that were missed by the automated regex pass. Includes headings,
descriptions, prose, and table entries. Safe-list items preserved
(Mermaid diagrams, code blocks, dashboard UI labels, WARP session
feature names, consumer WARP refs, changelog prose).

* [ZT] Fix broken anchor links from WARP heading renames

Updates 27 anchor references across 20 files to match new heading slugs
after WARP → Cloudflare One Client heading renames. Includes:
- #3-route-private-network-ips-through-warp (6 refs)
- #warp-client → #cloudflare-one-client (3 refs)
- #warp-client-block-notifications (3 refs)
- #warp-device-ips → #device-ips (3 refs)
- #enable-warp-to-warp → #enable-peer-to-peer (2 refs)
- #warp-split-tunnel-configuration (2 refs)
- 8 other individual anchor fixes

* [ZT] Fix grammar: 'the Cloudflare One Client devices' → 'Cloudflare One Client devices'

Remove unnecessary article 'the' before plural noun phrase in 6
instances across 5 files.

* [ZT] Fix phrasing: 'Cloudflare One Client-enabled device' → 'Cloudflare One Client device'

Updates 3 instances across 2 files. Also rewrites one awkward sentence
about routing traffic through the client.

* [ZT] Clarify WARP Check note in ZTNA design guide

Update the explanatory note to clarify that 'WARP' is the previous name
for the Cloudflare One Client, since the sentence references the
dashboard check name 'WARP Check (Mac OS)'.

* [ZT] Add glossary entry for Cloudflare One Client, update WARP client entry

- Add new 'Cloudflare One Client' glossary term (fixes build error from
  GlossaryTooltip references)
- Update 'WARP client' entry to indicate it is the previous name
- Update 'Cloudflare One Agent' entry to reference new product name

* [ZT] Revert client-checks URL paths to warp-client-checks

The warp-client-checks/ folder has not been renamed yet, so URL paths
must continue using /warp-client-checks/ to avoid broken links. The
folder rename will be handled in a separate structural change.

* [ZT] Rename WARP folders/files and update links + redirects

Structural renames for WARP Client → Cloudflare One Client:
- warp-client-checks/ → client-checks/ (16 files)
- warp-to-warp.mdx → peer-to-peer.mdx
- rdp-warp-to-tunnel.mdx → rdp-device-client.mdx
- ssh-warp-to-tunnel.mdx → ssh-device-client.mdx
- warp-on-headless-linux.mdx → deploy-client-headless-linux.mdx
- zero-trust/warp.mdx → zero-trust/cloudflare-one-client.mdx (×2)

Adds 8 new redirects (1 splat + 7 static) and updates 5 existing
redirect destinations. Updates ~100 internal link references across
~55 files.

* [ZT] Fix Render file= paths for zero-trust/warp partial

The partial file was not renamed (deferred), so Render references must
still use 'cloudflare-wan/zero-trust/warp', not the renamed page slug.

* [ZT] Fix broken link in changelog entry for ssh-warp-to-tunnel rename

Update URL path in changelog entry (prose unchanged) to point to the
renamed ssh-device-client page.

* [ZT] Update 'routing over WARP' and 'WARP-to-Tunnel' terminology

Replace 'routing over WARP' link text with 'the Cloudflare One Client'
in 4 tunnel use-case pages. Replace 'WARP-to-Tunnel' with
'the Cloudflare One Client' in SSH infrastructure access page and
local tunnel management page.

* Apply suggestion from @ranbel

* Apply suggestion from @ranbel

* Update ssh-infrastructure-access.mdx

Author: ranbel

public/__redirects

@@ -2287,7 +2287,7 @@
 /cloudflare-one/policies/zero-trust/common-configs/ /cloudflare-one/policies/access/ 301
 /cloudflare-one/applications/casb/troubleshooting/ /cloudflare-one/applications/casb/troubleshooting/troubleshoot-integrations/ 301
 /cloudflare-one/analytics/logs/activity-log/ /cloudflare-one/insights/logs/gateway-logs/ 301
-/cloudflare-one/identity/devices/os-version/ /cloudflare-one/identity/devices/warp-client-checks/os-version/ 301
+/cloudflare-one/identity/devices/os-version/ /cloudflare-one/reusable-components/posture-checks/client-checks/os-version/ 301
 /cloudflare-one/insights/dex/fleet-status/ /cloudflare-one/insights/dex/monitoring/ 301
 /cloudflare-one/policies/zero-trust/cors/ /cloudflare-one/access-controls/applications/http-apps/authorization-cookie/cors/ 301
 /cloudflare-one/identity/users/groups/ /cloudflare-one/policies/access/groups/ 301
@@ -2320,7 +2320,7 @@
 /cloudflare-one/tutorials/ssh/ /cloudflare-one/connections/connect-networks/use-cases/ssh/ 301
 /support/traffic/argo-tunnel/ /cloudflare-one/connections/connect-networks/ 301
 /cloudflare-one/faq/tunnel/ /cloudflare-one/faq/cloudflare-tunnels-faq/ 301
-/magic-wan/tutorials/warp/ /cloudflare-wan/zero-trust/warp/ 301
+/magic-wan/tutorials/warp/ /cloudflare-wan/zero-trust/cloudflare-one-client/ 301
 /cloudflare-one/examples/ /cloudflare-one/api-terraform/ 301
 /warp-client/teams/ /cloudflare-one/team-and-resources/devices/cloudflare-one-client/ 301
 /cloudflare-one/integrations/identity-providers/azuread/ /cloudflare-one/integrations/identity-providers/entra-id/ 301
@@ -2360,8 +2360,8 @@
 /cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/ /cloudflare-one/access-controls/service-credentials/mutual-tls-authentication/ 301
 /cloudflare-one/identity/devices/crowdstrike/ /cloudflare-one/integrations/service-providers/crowdstrike/ 301
 /cloudflare-one/identity/devices/microsoft/ /cloudflare-one/integrations/service-providers/microsoft/ 301
-/cloudflare-one/identity/devices/require-gateway/ /cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-gateway/ 301
-/cloudflare-one/identity/devices/require-warp/ /cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp/ 301
+/cloudflare-one/identity/devices/require-gateway/ /cloudflare-one/reusable-components/posture-checks/client-checks/require-gateway/ 301
+/cloudflare-one/identity/devices/require-warp/ /cloudflare-one/reusable-components/posture-checks/client-checks/require-warp/ 301
 /cloudflare-one/identity/devices/service-providers/custom/ /cloudflare-one/integrations/service-providers/custom/ 301
 /cloudflare-one/identity/devices/service-providers/ /cloudflare-one/integrations/service-providers/ 301
 /cloudflare-one/policies/data-loss-prevention/exact-data-match/ /cloudflare-one/data-loss-prevention/detection-entries/#exact-data-match 301
@@ -2377,7 +2377,7 @@
 /cloudflare-one/traffic-policies/initial-setup/network/ /cloudflare-one/traffic-policies/get-started/network/ 301
 
 # More specific redirects from nav revamp (before catch-alls)
-/cloudflare-one/identity/devices/access-integrations/tanium/ /cloudflare-one/reusable-components/posture-checks/warp-client-checks/tanium/ 301
+/cloudflare-one/identity/devices/access-integrations/tanium/ /cloudflare-one/reusable-components/posture-checks/client-checks/tanium/ 301
 /cloudflare-one/identity/authorization-cookie/application-token/ /cloudflare-one/access-controls/applications/http-apps/authorization-cookie/application-token/ 301
 /cloudflare-one/identity/authorization-cookie/validating-json/ /cloudflare-one/access-controls/applications/http-apps/authorization-cookie/validating-json/ 301
 /cloudflare-one/identity/authorization-cookie/ /cloudflare-one/access-controls/applications/http-apps/authorization-cookie/ 301
@@ -2410,7 +2410,13 @@
 /cloudflare-one/email-security/settings/trusted-domains/ /cloudflare-one/email-security/settings/detection-settings/trusted-domains/ 301
 /cloudflare-one/email-security/monitoring/search-email/ /cloudflare-one/email-security/investigation/search-email/ 301
 
-
+# WARP Client rename — file/folder slug renames
+/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-to-warp/ /cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/peer-to-peer/ 301
+/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-warp-to-tunnel/ /cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-device-client/ 301
+/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-warp-to-tunnel/ /cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-device-client/ 301
+/cloudflare-one/tutorials/warp-on-headless-linux/ /cloudflare-one/tutorials/deploy-client-headless-linux/ 301
+/cloudflare-wan/zero-trust/warp/ /cloudflare-wan/zero-trust/cloudflare-one-client/ 301
+/cloudflare-one/networks/connectors/cloudflare-wan/zero-trust/warp/ /cloudflare-one/networks/connectors/cloudflare-wan/zero-trust/cloudflare-one-client/ 301
 
 # ============================================================================
 # DYNAMIC REDIRECTS
@@ -2619,6 +2625,8 @@
 /magic-network-monitoring/* /network-flow/:splat 301
 
 # Cloudflare One Client (formerly WARP Client)
+# Splat redirect for renamed posture checks folder
+/cloudflare-one/reusable-components/posture-checks/warp-client-checks/* /cloudflare-one/reusable-components/posture-checks/client-checks/:splat 301
 # Splat redirects for renamed sub-folders (most specific first)
 /cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/* /cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/settings/:splat 301
 /cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/* /cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/modes/:splat 301

src/content/changelog/access/2024-10-01-ssh-with-access-for-infrastructure.mdx

@@ -8,7 +8,7 @@ products:
 
 Organizations can now eliminate long-lived credentials from their SSH setup and enable strong multi-factor authentication for SSH access, similar to other Access applications, all while generating access and command logs.
 
-SSH with [Access for Infrastructure](/cloudflare-one/access-controls/applications/non-http/infrastructure-apps/) uses short-lived SSH certificates from Cloudflare, eliminating SSH key management and reducing the security risks associated with lost or stolen keys. It also leverages a common deployment model for Cloudflare One customers: [WARP-to-Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-warp-to-tunnel/).
+SSH with [Access for Infrastructure](/cloudflare-one/access-controls/applications/non-http/infrastructure-apps/) uses short-lived SSH certificates from Cloudflare, eliminating SSH key management and reducing the security risks associated with lost or stolen keys. It also leverages a common deployment model for Cloudflare One customers: [WARP-to-Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-device-client/).
 
 SSH with Access for Infrastructure enables you to:
 

src/content/docs/cloudflare-one/access-controls/policies/index.mdx

@@ -160,8 +160,8 @@ Non-identity attributes are polled continuously, meaning they are-evaluated with
 | SAML Group               | Checks a SAML attribute name / value pair. This selector only displays if you use a [generic SAML](/cloudflare-one/integrations/identity-providers/generic-saml/) identity provider.                                                             | ✅               | ❌                               | ✅                       |
 | OIDC Claim               | Checks an OIDC claim name / value pair. This selector only displays if you use a [generic OIDC](/cloudflare-one/integrations/identity-providers/generic-oidc/) identity provider.                                                                | ✅               | ❌                               | ✅                       |
 | Device posture           | Checks device posture signals from the Cloudflare One Client or a third-party service provider. This selector only displays after you create a [device posture check](/cloudflare-one/reusable-components/posture-checks/).                                                                                                           | ✅               | ✅                               | ❌                       |
-| Warp                     | Checks that the device is connected to the Cloudflare One Client, including the consumer version. This selector only displays after you enable the [WARP posture check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp/).                                                                                                                                                            | ✅               | ✅                               | ❌                       |
-| Gateway                  | Checks that the device is connected to your Zero Trust instance through the Cloudflare One Client. This selector only displays after you enable the [Gateway posture check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-gateway/).                                                                                           | ✅               | ✅                               | ❌                       |
+| Warp                     | Checks that the device is connected to the Cloudflare One Client, including the consumer version. This selector only displays after you enable the [WARP posture check](/cloudflare-one/reusable-components/posture-checks/client-checks/require-warp/).                                                                                                                                                            | ✅               | ✅                               | ❌                       |
+| Gateway                  | Checks that the device is connected to your Zero Trust instance through the Cloudflare One Client. This selector only displays after you enable the [Gateway posture check](/cloudflare-one/reusable-components/posture-checks/client-checks/require-gateway/).                                                                                           | ✅               | ✅                               | ❌                       |
 
 <sup>1</sup> For SaaS applications, Access can only enforce policies at the time
 of initial sign on and when reissuing the SaaS session. Once the user has

src/content/docs/cloudflare-one/data-loss-prevention/dlp-policies/common-policies.mdx

@@ -41,7 +41,7 @@ You can configure access on a per-user or group basis by adding [identity-based
 
 Many Android applications (such as Google Drive) use <GlossaryTooltip term="certificate pinning" link="/ssl/reference/certificate-pinning/">certificate pinning</GlossaryTooltip>, which is incompatible with Gateway inspection. If needed, you can create a [Do Not Inspect policy](/cloudflare-one/traffic-policies/http-policies/#do-not-inspect) so that the app can continue to function on Android:
 
-1. Set up an [OS version device posture check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version/) that checks for the Android operating system.
+1. Set up an [OS version device posture check](/cloudflare-one/reusable-components/posture-checks/client-checks/os-version/) that checks for the Android operating system.
 
 2. Create the following HTTP policy in Gateway:
 

src/content/docs/cloudflare-one/insights/logs/posture-logs.mdx

@@ -37,7 +37,7 @@ Enterprise users can generate more detailed logs with [Logpush](/cloudflare-one/
 | Field               | Description                                                                                                                                                         |
 | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | **Name**            | Name of the [device posture check](/cloudflare-one/reusable-components/posture-checks/).                                                                                               |
-| **Type**            | Type of [Cloudflare One Client check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/) or [service provider check](/cloudflare-one/integrations/service-providers/). |
+| **Type**            | Type of [Cloudflare One Client check](/cloudflare-one/reusable-components/posture-checks/client-checks/) or [service provider check](/cloudflare-one/integrations/service-providers/). |
 | **Rule ID**         | UUID of the device posture check.                                                                                                                                   |
 | **Conditions met**  | Whether the device passed or failed the posture check criteria. Evaluates to `true` if the **Received values** match the **Expected values**.                       |
 | **Expected values** | Values required to pass the device posture check.                                                                                                                   |

src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/connect-private-hostname.mdx

@@ -36,7 +36,7 @@ Private hostname routing only works for applications connected with `cloudflared
 | Connector                                                                                  | Compatibility | Minimum version |
 | ------------------------------------------------------------------------------------------ | ------------- | -- |
 | [cloudflared](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/)                        | ✅            | 2025.7.0 |
-| [Peer-to-peer](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-to-warp/)              | ❌             | |
+| [Peer-to-peer](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/peer-to-peer/)              | ❌             | |
 | [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/) | ❌             | |
 | [Cloudflare WAN](/cloudflare-wan/zero-trust/cloudflare-gateway/)                                                             | ❌             | |
 

src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/index.mdx

@@ -18,6 +18,6 @@ Administrators can optionally set [Gateway network policies](/cloudflare-one/tra
 Here are the different ways you can connect your private network to Cloudflare:
 
 - [**cloudflared**](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/) installs on a server in your private network to create a secure, outbound tunnel to Cloudflare. Cloudflare Tunnel using `cloudflared` only proxies traffic initiated from a user to a server. Any service or application running behind the tunnel will use the server's default routing table for server-initiated connectivity.
-- [**Peer-to-peer**](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-to-warp/) uses the [Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/) to establish peer-to-peer connectivity between two or more devices. Each device running the Cloudflare One Client can access services on any other device running the Cloudflare One Client via an assigned virtual IP address.
+- [**Peer-to-peer**](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/peer-to-peer/) uses the [Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/) to establish peer-to-peer connectivity between two or more devices. Each device running the Cloudflare One Client can access services on any other device running the Cloudflare One Client via an assigned virtual IP address.
 - [**WARP Connector**](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/) installs on a Linux server in your private network to establish site-to-site, bidirectional, and mesh networking connectivity. The WARP Connector acts as a subnet router to relay client-initiated and server-initiated traffic between all devices on a private network and Cloudflare.
 - [**Cloudflare WAN**](/cloudflare-one/networks/connectors/cloudflare-wan/) relies on configuring legacy networking equipment to establish anycast GRE or IPsec tunnels between an entire network location and Cloudflare.

…lare-tunnel/private-net/warp-to-warp.mdx …lare-tunnel/private-net/peer-to-peer.mdxsrc/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-to-warp.mdx renamed to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/peer-to-peer.mdx src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-to-warp.mdx renamed to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/peer-to-peer.mdx

@@ -13,5 +13,5 @@ With Cloudflare Zero Trust, you can make your RDP server available over the Inte
 Cloudflare offers three ways to secure RDP:
 
 - [Browser-based RDP](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/)
-- [RDP with Cloudflare One Client](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-warp-to-tunnel/)
+- [RDP with Cloudflare One Client](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-device-client/)
 - [RDP with client-side cloudflared](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-cloudflared-authentication/)

src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/index.mdx

@@ -17,7 +17,7 @@ There are two ways for users to [reach the RDP server in their browser](#4-conne
 - **App Launcher (recommended)**: Users can log in to the [Access App Launcher](/cloudflare-one/access-controls/access-settings/app-launcher/) with their Cloudflare Access credentials and then initiate an RDP connection within the browser to their Windows machine. Users will authenticate to the Windows machine using their pre-configured Windows username and password. Cloudflare does not manage any credentials on the Windows server.
 - **Direct URL**: A user may also navigate directly to the Windows server at `https://<app-domain>/rdp/<vnet-id>/<target-ip>/<port>`, where `vnet-id` is the <GlossaryTooltip term="Virtual network">virtual network</GlossaryTooltip> assigned to the Cloudflare Tunnel route. The authentication flow is the same as for the App Launcher; first users must log in to Cloudflare Access and then use their Windows credentials to authenticate to the Windows machine.
 
-Browser-based RDP can be used in conjunction with [routing over WARP](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-warp-to-tunnel/) so that there are multiple ways to connect to the server. You can reuse the same Cloudflare Tunnel when configuring each connection method.
+Browser-based RDP can be used in conjunction with [the Cloudflare One Client](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-device-client/) so that there are multiple ways to connect to the server. You can reuse the same Cloudflare Tunnel when configuring each connection method.
 
 ## Prerequisites