[ZT] WARP Client --> Cloudflare One Client (#29022)

* [ZT] Rename WARP to Cloudflare One Client across cloudflare-one docs, partials, and cross-references

Applies WARP Client → Cloudflare One Client rename to ~241 files across
cloudflare-one docs (excluding already-done cloudflare-one-client/ and
warp-connector/), all partials, and cross-product references.

Preserves safe-list items: WARP tunnel, WARP Connector, warp-cli, warp-svc,
dashboard UI labels, API field names, code blocks, changelog prose,
WARP session/authentication feature names, and consumer WARP references.

* [ZT] Fix remaining standalone WARP references missed by initial pass

Updates ~40 additional standalone 'WARP' references across 30 files
that were missed by the automated regex pass. Includes headings,
descriptions, prose, and table entries. Safe-list items preserved
(Mermaid diagrams, code blocks, dashboard UI labels, WARP session
feature names, consumer WARP refs, changelog prose).

* [ZT] Fix broken anchor links from WARP heading renames

Updates 27 anchor references across 20 files to match new heading slugs
after WARP → Cloudflare One Client heading renames. Includes:
- #3-route-private-network-ips-through-warp (6 refs)
- #warp-client → #cloudflare-one-client (3 refs)
- #warp-client-block-notifications (3 refs)
- #warp-device-ips → #device-ips (3 refs)
- #enable-warp-to-warp → #enable-peer-to-peer (2 refs)
- #warp-split-tunnel-configuration (2 refs)
- 8 other individual anchor fixes

* [ZT] Fix grammar: 'the Cloudflare One Client devices' → 'Cloudflare One Client devices'

Remove unnecessary article 'the' before plural noun phrase in 6
instances across 5 files.

* [ZT] Fix phrasing: 'Cloudflare One Client-enabled device' → 'Cloudflare One Client device'

Updates 3 instances across 2 files. Also rewrites one awkward sentence
about routing traffic through the client.

* [ZT] Clarify WARP Check note in ZTNA design guide

Update the explanatory note to clarify that 'WARP' is the previous name
for the Cloudflare One Client, since the sentence references the
dashboard check name 'WARP Check (Mac OS)'.

* [ZT] Add glossary entry for Cloudflare One Client, update WARP client entry

- Add new 'Cloudflare One Client' glossary term (fixes build error from
  GlossaryTooltip references)
- Update 'WARP client' entry to indicate it is the previous name
- Update 'Cloudflare One Agent' entry to reference new product name

* [ZT] Revert client-checks URL paths to warp-client-checks

The warp-client-checks/ folder has not been renamed yet, so URL paths
must continue using /warp-client-checks/ to avoid broken links. The
folder rename will be handled in a separate structural change.

Author: ranbel

src/content/docs/china-network/concepts/global-acceleration.mdx

@@ -30,7 +30,7 @@ Global Acceleration can support the following scenarios:
 | Service                                                         | Scenario                                                            |
 | --------------------------------------------------------------- | ------------------------------------------------------------------- |
 | [CDN Global Acceleration](#cdn-global-acceleration)             | Elevated performance of global dynamic assets on China Network CDN. |
-| [WARP Global Acceleration](#warp-global-acceleration)           | WARP client used in Mainland China.                                 |
+| [WARP Global Acceleration](#warp-global-acceleration)           | Cloudflare One Client used in Mainland China.                                 |
 | [Cloudflare WAN Global Acceleration](#cloudflare-wan-global-acceleration) | Cloudflare WAN used in Mainland China.                                   |
 | [ICP](#icp-services)                                            | China Network prerequisite.                                         |
 | [MLPS](#mlps-services)                                          | MLPS certification services.                                        |
@@ -42,7 +42,7 @@ CDN Global Acceleration provides stable and reliable connections for dynamic con
 
 ## WARP Global Acceleration
 
-WARP Global Acceleration enables [WARP client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/) access within China, allowing remote employees to maintain secure and consistent connections.
+WARP Global Acceleration enables [Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/) access within China, allowing remote employees to maintain secure and consistent connections.
 
 ## Cloudflare WAN Global Acceleration
 
@@ -58,15 +58,15 @@ The Multi-Level Protection Scheme (MLPS) service add-on streamlines the certific
 
 ### Travel SIM
 
-Travel SIM offers temporary, seamless WARP access for individual employees traveling to China, ensuring uninterrupted connectivity during their visit.
+Travel SIM offers temporary, seamless Cloudflare One Client access for individual employees traveling to China, ensuring uninterrupted connectivity during their visit.
 
 ---
 
 ## General process
 
 ### 1. Validate prerequisites
 
-Ensure that you have a Cloudflare [Enterprise plan](https://www.cloudflare.com/plans/enterprise/) and [China Network](/china-network/), if you want CDN Global Acceleration. WARP and Cloudflare WAN licenses are required for WARP Connection or Cloudflare WAN Global Acceleration.
+Ensure that you have a Cloudflare [Enterprise plan](https://www.cloudflare.com/plans/enterprise/) and [China Network](/china-network/), if you want CDN Global Acceleration. the Cloudflare One Client and Cloudflare WAN licenses are required for the Cloudflare One Client Connection or Cloudflare WAN Global Acceleration.
 
 ### 2. Sign contract
 

src/content/docs/cloudflare-one/access-controls/access-settings/session-management.mdx

@@ -84,7 +84,7 @@ Users who match a policy configured with a _Same as application session timeout_
 
 ### WARP session duration
 
-When [WARP authentication identity](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/client-sessions/#configure-warp-sessions-in-access) is enabled for an Access application, the WARP session duration overrides the application and policy session durations. If the global session expires but the user already has a valid WARP session, the user will not need to reauthenticate with the IdP until the WARP session expires, given the user is running WARP.
+When [WARP authentication identity](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/client-sessions/#configure-warp-sessions-in-access) is enabled for an Access application, the WARP session duration overrides the application and policy session durations. If the global session expires but the user already has a valid WARP session, the user will not need to reauthenticate with the IdP until the WARP session expires, given the user is running the Cloudflare One Client.
 
 ### Order of enforcement
 

src/content/docs/cloudflare-one/access-controls/applications/http-apps/authorization-cookie/application-token.mdx

@@ -99,8 +99,8 @@ Access will return a JSON structure containing the following data:
 | service_token_id     | The Client ID of the service token used for authentication.                 |
 | service_token_status | True if authentication was through a service token instead of an IdP.       |
 | is_warp              | True if the user enabled WARP.                                              |
-| is_gateway           | True if the user enabled WARP and authenticated to a Zero Trust team.       |
-| gateway_account_id   | An ID generated by the WARP client when authenticated to a Zero Trust team. |
+| is_gateway           | True if the user enabled the Cloudflare One Client and authenticated to a Zero Trust team.       |
+| gateway_account_id   | An ID generated by the Cloudflare One Client when authenticated to a Zero Trust team. |
 | device_id            | The ID of the device used for authentication.                               |
 | version              | The version of the `get-identity` object.                                   |
 | device_sessions      | A list of all sessions initiated by the user.                               |

src/content/docs/cloudflare-one/access-controls/applications/http-apps/index.mdx

@@ -17,7 +17,7 @@ You can protect the following types of web applications:
 
 - **Self-hosted applications** consist of internal applications that you host in your own environment. These can be the data center versions of tools like the Atlassian suite or applications created by your own team. Setup requirements for a self-hosted application depend on whether the application is publicly accessible on the Internet or restricted to users on a private network.
   - [**Public hostname applications**](/cloudflare-one/access-controls/applications/http-apps/self-hosted-public-app/) are web applications that have public DNS records. Anyone on the Internet can access the application by entering the URL in their browser and authenticating through Cloudflare Access. Securing access to a public website requires a Cloudflare DNS [full setup](/dns/zone-setups/full-setup/) or [partial CNAME setup](/dns/zone-setups/partial-setup/).
-  - [**Private network applications**](/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app/) do not have public DNS records, meaning they are not reachable from the public Internet. To connect using a private IP or private hostname, the user's traffic must route through Cloudflare Gateway. The preferred method is to install the WARP client on the user's device, but you could also forward device traffic from a [network location](/cloudflare-wan/) or use an agentless option such as [PAC files](/cloudflare-one/networks/resolvers-and-proxies/proxy-endpoints/) or [Clientless Web Isolation](/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation/).
+  - [**Private network applications**](/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app/) do not have public DNS records, meaning they are not reachable from the public Internet. To connect using a private IP or private hostname, the user's traffic must route through Cloudflare Gateway. The preferred method is to install the Cloudflare One Client on the user's device, but you could also forward device traffic from a [network location](/cloudflare-wan/) or use an agentless option such as [PAC files](/cloudflare-one/networks/resolvers-and-proxies/proxy-endpoints/) or [Clientless Web Isolation](/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation/).
 
 - [**Model Context Protocol (MCP) servers**](/cloudflare-one/access-controls/ai-controls/) are web applications that enable generative AI tools to read and write data within your business applications. For example, Salesforce provides an [MCP server](https://github.com/salesforcecli/mcp) for developers to interact with resources in their Salesforce tenant using GitHub Copilot or other AI code editors.
 

src/content/docs/cloudflare-one/access-controls/applications/non-http/cloudflared-authentication/index.mdx

@@ -6,7 +6,7 @@ sidebar:
 tableOfContents: false
 ---
 
-With Cloudflare Zero Trust, users can connect to non-HTTP applications via a public hostname without installing the WARP client. This method requires you to onboard a domain to Cloudflare and install `cloudflared` on both the server and the user's device.
+With Cloudflare Zero Trust, users can connect to non-HTTP applications via a public hostname without installing the Cloudflare One Client. This method requires you to onboard a domain to Cloudflare and install `cloudflared` on both the server and the user's device.
 
 Users log in to the application by running a `cloudflared access` command in their terminal. `cloudflared` will launch a browser window and prompt the user to authenticate with your identity provider.
 

src/content/docs/cloudflare-one/access-controls/applications/non-http/index.mdx

@@ -19,9 +19,9 @@ Non-HTTP applications require [connecting your private network](/cloudflare-one/
 	thumbnail="https://imagedelivery.net/xDOJvHcv1KwTQn6S-BGFIw/205bdeb4-3e37-4b04-f430-8b5c06a9b300/public"
 />
 
-## WARP client
+## Cloudflare One Client
 
-Users can connect by installing the Cloudflare WARP client on their device and enrolling in your Zero Trust organization. Remote devices connect to your applications as if they were on your private network. By default, all devices enrolled in your organization can access any private route unless they are protected by an Access policy or Gateway firewall rule. To secure the application, you can [create a self-hosted application](/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app/) for a private IP range, port range, and/or hostname and build [Access policies](/cloudflare-one/access-controls/policies/) that allow or block specific users.
+Users can connect by installing the Cloudflare One Client on their device and enrolling in your Zero Trust organization. Remote devices connect to your applications as if they were on your private network. By default, all devices enrolled in your organization can access any private route unless they are protected by an Access policy or Gateway firewall rule. To secure the application, you can [create a self-hosted application](/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app/) for a private IP range, port range, and/or hostname and build [Access policies](/cloudflare-one/access-controls/policies/) that allow or block specific users.
 
 If you would like to define how users access specific infrastructure servers within your network, [create an infrastructure application](/cloudflare-one/access-controls/applications/non-http/infrastructure-apps/) in Access for Infrastructure. Access for Infrastructure provides an additional layer of control and visibility over how users access non-HTTP applications, including:
 
@@ -31,7 +31,7 @@ If you would like to define how users access specific infrastructure servers wit
 
 ## Clientless access
 
-Clientless access methods are suited for organizations that cannot deploy the WARP client or need to support third-party contractors where installing a client is not possible. Clientless access requires onboarding a domain to Cloudflare and configuring a public hostname in order to make the server reachable. Command logging is not supported.
+Clientless access methods are suited for organizations that cannot deploy the Cloudflare One Client or need to support third-party contractors where installing a client is not possible. Clientless access requires onboarding a domain to Cloudflare and configuring a public hostname in order to make the server reachable. Command logging is not supported.
 
 ### Browser-rendered terminal
 

src/content/docs/cloudflare-one/access-controls/applications/non-http/infrastructure-apps.mdx

@@ -9,7 +9,7 @@ import { Badge, Details, Tabs, TabItem, Render } from "~/components";
 
 <Details header="Feature availability">
 
-| [WARP modes](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
+| [Client modes](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
 | ---------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
 | <ul><li> Traffic and DNS mode</li><li> Traffic only mode </li></ul>  | All plans                                                     |
 
@@ -33,7 +33,7 @@ Access for Infrastructure currently only supports [SSH](/cloudflare-one/networks
 ## Prerequisites
 
 - [Connect your infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/) to Cloudflare using `cloudflared` or WARP Connector.
-- [Deploy the WARP client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/deployment/) on user devices in Traffic and DNS mode.
+- [Deploy the Cloudflare One Client](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/deployment/) on user devices in Traffic and DNS mode.
 
 ## 1. Add a target
 
@@ -63,11 +63,11 @@ Certain protocols require configuring the server to trust connections through Ac
 
 ## 5. Connect as a user
 
-Users connect to the target's IP address using their preferred client software. The user must be logged into WARP on their device, but no other system configuration is required. You can optionally configure a [private DNS resolver](/cloudflare-one/traffic-policies/resolver-policies/) to allow connections to the target's private hostname.
+Users connect to the target's IP address using their preferred client software. The user must be logged into the Cloudflare One Client on their device, but no other system configuration is required. You can optionally configure a [private DNS resolver](/cloudflare-one/traffic-policies/resolver-policies/) to allow connections to the target's private hostname.
 
 ### Connect to different VNET
 
-To connect to targets that are in different VNETS, users will need to [switch their connected virtual network](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks/#connect-to-a-virtual-network) in the WARP client.
+To connect to targets that are in different VNETS, users will need to [switch their connected virtual network](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks/#connect-to-a-virtual-network) in the Cloudflare One Client.
 
 :::note
 If a user is connected to a target in VNET-A and needs to connect to a target in VNET-B, switching their VNET will not break any existing connections to targets within VNET-A. At present, connections are maintained between VNETs.
@@ -77,7 +77,7 @@ If a user is connected to a target in VNET-A and needs to connect to a target in
 
 <Details header="Feature availability">
 
-| System   | Availability | Minimum WARP version |
+| System   | Availability | Minimum client version |
 | -------- | ------------ | -------------------- |
 | Windows  | ✅           | 2024.9.346.0         |
 | macOS    | ✅           | 2024.9.346.0         |
@@ -88,7 +88,7 @@ If a user is connected to a target in VNET-A and needs to connect to a target in
 
 </Details>
 
-Users can use `warp-cli` to display a list of targets they can access. On the WARP device, open a terminal and run the following command:
+Users can use `warp-cli` to display a list of targets they can access. On the device, open a terminal and run the following command:
 
 <Render file="tunnel/warp-cli-target-list" product="cloudflare-one" />
 

src/content/docs/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app.mdx

@@ -18,7 +18,7 @@ This feature replaces the legacy [private network app type](/cloudflare-one/acce
 
 ## Prerequisites
 
-- Private IPs and hostnames are reachable over Cloudflare WARP, Cloudflare WAN (formerly Magic WAN) or Browser Isolation. For more details, refer to [Connect a private network](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/).
+- Private IPs and hostnames are reachable over the Cloudflare One Client, Cloudflare WAN (formerly Magic WAN) or Browser Isolation. For more details, refer to [Connect a private network](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/).
 - Private hostnames route to your custom DNS resolver through [Local Domain Fallback](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/route-traffic/local-domains/) or [Gateway resolver policies](/cloudflare-one/traffic-policies/resolver-policies/).
 - Public IPs and hostnames can be used to define a private application, however the IP or hostname must route through Cloudflare via [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/), [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/), or [Cloudflare WAN](/cloudflare-wan/configuration/manually/how-to/configure-routes/).
 - (Optional) Turn on [Gateway TLS decryption](/cloudflare-one/traffic-policies/http-policies/tls-decryption/) if you want to use Access JWTs to manage [HTTPS application sessions](#https-applications).
@@ -63,7 +63,7 @@ This feature replaces the legacy [private network app type](/cloudflare-one/acce
 
 11. (Optional) Configure [App Launcher settings](/cloudflare-one/access-controls/access-settings/app-launcher/) for the application.
 
-12. (Optional) Turn on **Allow clientless access** to allow users to access this private hostname or IP without the WARP client. Users who pass your Access policies will see a tile in their App Launcher which points to a prefixed URL such as `https://<your-teamname>.cloudflareaccess.com/browser/https://wiki.internal.local/`. The link will route traffic to the application through [Clientless Web Isolation](/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation/). This setting is useful for users on unmanaged devices or contractors who cannot install a device client.
+12. (Optional) Turn on **Allow clientless access** to allow users to access this private hostname or IP without the Cloudflare One Client. Users who pass your Access policies will see a tile in their App Launcher which points to a prefixed URL such as `https://<your-teamname>.cloudflareaccess.com/browser/https://wiki.internal.local/`. The link will route traffic to the application through [Clientless Web Isolation](/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation/). This setting is useful for users on unmanaged devices or contractors who cannot install a device client.
 
 	:::note
 	Ensure your [remote browser permissions](/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation/) allow users of this application to open Clientless Web Isolation links.
@@ -90,11 +90,11 @@ Users can now connect to your private application after authenticating with Clou
 
 If [Gateway TLS decryption](/cloudflare-one/traffic-policies/http-policies/tls-decryption/) is turned on and a user is accessing an HTTPS application on port `443`, Cloudflare Access will present a login page in the browser and issue an [application token](/cloudflare-one/access-controls/applications/http-apps/authorization-cookie/application-token/) to your origin. This is the same cookie-based authentication flow used by [self-hosted public apps](/cloudflare-one/access-controls/applications/http-apps/self-hosted-public-app/).
 
-If [Gateway TLS decryption](/cloudflare-one/traffic-policies/http-policies/tls-decryption/) is turned off, session management is [handled in the WARP client](#non-https-applications) instead of in the browser.
+If [Gateway TLS decryption](/cloudflare-one/traffic-policies/http-policies/tls-decryption/) is turned off, session management is [handled in the Cloudflare One Client](#non-https-applications) instead of in the browser.
 
 ### Non-HTTPS applications
 
-The WARP client manages sessions for all non-HTTPS applications. Users will receive an `Authentication required` pop-up notification from the WARP client. When the user selects the notification, WARP will open a browser window with your Access login page.
+The Cloudflare One Client manages sessions for all non-HTTPS applications. Users will receive an `Authentication required` pop-up notification from the Cloudflare One Client. When the user selects the notification, the Cloudflare One Client will open a browser window with your Access login page.
 
 <Render file="gateway/client-notifications-os" product="cloudflare-one" />