From 8c08ce97e7c32e46386c565377a7bee7bb2f0593 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Tue, 14 Jan 2025 18:30:37 +0000
Subject: [PATCH] Link to new managed transform

---
 src/content/docs/waf/detections/malicious-uploads/index.mdx | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/content/docs/waf/detections/malicious-uploads/index.mdx b/src/content/docs/waf/detections/malicious-uploads/index.mdx
index 8058c6fda9434ca..dadeceb1882efc8 100644
--- a/src/content/docs/waf/detections/malicious-uploads/index.mdx
+++ b/src/content/docs/waf/detections/malicious-uploads/index.mdx
@@ -25,6 +25,8 @@ For every request with one or more detected content objects, the content scanner
 
 Cloudflare uses the same [anti-virus (AV) scanner used in Cloudflare Zero Trust](/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/) for WAF content scanning.
 
+In addition, content scanning provides a [managed transform](/rules/transform/managed-transforms/reference/#add-malicious-uploads-detection-header) that adds a `Malicious-Uploads-Detection` request header indicating the outcome of scanning uploaded content for malicious signatures. For example, if the request contains at least one malicious content object, the header value will be `1`.
+
 :::caution
 
 Content scanning will not apply any mitigation actions to requests with content objects considered malicious. It only provides a signal that you can use to define your attack mitigation strategy. You must create rules — [custom rules](/waf/custom-rules/) or [rate limiting rules](/waf/rate-limiting-rules/) — to perform actions based on detected signals.