Adding suggestions missed in previous PR

Author: dcpena

src/content/docs/cloudflare-one/traffic-policies/egress-policies/index.mdx

@@ -59,9 +59,9 @@ The following egress policy configures all traffic destined for a third-party ne
 Many SaaS providers (for example, Microsoft 365, Salesforce, or Workday) allow you to restrict access to connections from specific IP addresses. You can use dedicated egress IPs with Gateway to enforce this restriction:
 
 1. **Obtain dedicated egress IPs** from your account team and note the assigned IPv4 and IPv6 addresses.
-2. **Create an egress policy** that routes traffic destined for the SaaS provider through your dedicated egress IP. Use the Destination IP selector with the provider's published IP ranges, or the Application selector (Beta) to match the provider by name.
+2. **Create an egress policy** that routes traffic destined for the SaaS provider through your dedicated egress IP. Use the Destination IP selector with the published IP ranges of the provider. Alternatively, use the Application selector (Beta) to match the provider by name.
 3. **Add the egress IPs to the SaaS provider's allowlist** so the provider only accepts connections from your organization's IPs.
-4. **Pair with HTTP policies** to add deeper controls — for example, block file uploads to personal accounts, enforce DLP profiles to prevent sensitive data from leaving the organization, or require [device posture checks](/cloudflare-one/reusable-components/posture-checks/) before allowing access.
+4. **Pair with HTTP policies** to add deeper controls. For example, block file uploads to personal accounts, enforce DLP profiles to prevent sensitive data from leaving the organization, or require [device posture checks](/cloudflare-one/reusable-components/posture-checks/) before allowing access.
 
 This pattern ensures that access to the SaaS application is limited to traffic that passes through Gateway, where your security policies are enforced, and that the SaaS provider can verify traffic originates from your organization.
 

src/content/docs/cloudflare-one/traffic-policies/get-started/index.mdx

@@ -1,6 +1,6 @@
 ---
 pcx_content_type: get-started
-description: Set up Get started for Gateway.
+description: Best practices for deploying Cloudflare Gateway traffic policies in phases.
 products:
   - cloudflare-one
 title: Get started

src/content/docs/cloudflare-one/traffic-policies/index.mdx

@@ -1,6 +1,6 @@
 ---
 pcx_content_type: concept
-description: How Traffic policies works in Gateway.
+description: Filter DNS, network, and HTTP traffic with Cloudflare Gateway traffic policies.
 products:
   - cloudflare-one
 title: Traffic policies
@@ -18,7 +18,7 @@ A Secure Web Gateway (SWG) is a security service that sits between an organizati
 - **URL and domain filtering** – Controls which websites users can access.
 - **Anti-malware scanning** – Inspects files in transit for malicious code.
 - **Application control** – Manages which applications users can reach and what actions they can perform.
-- **Data Loss Prevention (DLP)** – Detects and blocks sensitive data before it leaves the network.
+- **Data Loss Prevention (DLP)** – Detects and blocks sensitive data before it leaves the network.fprotecting
 - **Traffic inspection** – Decrypts and examines encrypted (HTTPS) traffic for hidden threats.
 
 ## The need for an SWG
@@ -47,7 +47,7 @@ If you are familiar with traditional network security, Gateway's policy layers m
 - **Network policies** correspond to a Layer 4 stateful firewall, sometimes called Firewall-as-a-Service (FWaaS), filtering by IP address, port, and protocol.
 - **HTTP policies** correspond to a Layer 7 application firewall (forward proxy with TLS decryption and deep packet inspection).
 
-Unlike hardware firewalls that sit at a single network perimeter, Gateway enforces these policies across Cloudflare's global network, protecting 
+Unlike hardware firewalls that sit at a single network perimeter, Gateway enforces these policies across Cloudflare's global network, protecting traffic regardless of where users connect.
 
 Gateway supports several policy types because network traffic can be inspected at different layers — from raw packets up to full HTTP requests. Each policy type gives you control at a specific layer: