diff --git a/src/content/docs/cloudflare-one/policies/gateway/initial-setup/http.mdx b/src/content/docs/cloudflare-one/policies/gateway/initial-setup/http.mdx
index 2741e8dceaf771d..d924814c0977349 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/initial-setup/http.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/initial-setup/http.mdx
@@ -35,22 +35,9 @@ To filter HTTP requests from a device:
 	params={{ one: "HTTP", two: "requests" }}
 />
 
-## 3. Add recommended policies
+## 3. Create your first HTTP policy
 
-To create a new HTTP policy, go to **Gateway** > **Firewall policies** > **HTTP** in Zero Trust.
-We recommend adding the following policies:
-
-### Bypass inspection for incompatible applications
-
-Bypass HTTP inspection for applications which use [embedded certificates](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#inspection-limitations). This will help avoid any incompatibilities that may arise from an initial rollout. By the _Do Not Inspect_ app type, Gateway will filter any new applications when they are added to the group.
-
-<Render file="gateway/policies/do-not-inspect-applications" />
-
-### Block all security categories
-
-Block [known threats](/cloudflare-one/policies/gateway/domain-categories/#security-categories) such as Command & Control, Botnet and Malware based on Cloudflare's threat intelligence.
-
-<Render file="gateway/policies/block-security-categories" />
+<Render file="gateway/get-started/create-http-policy" />
 
 ## 4. Add optional policies
 
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/build-http-policies/create-policy.mdx b/src/content/docs/learning-paths/secure-internet-traffic/build-http-policies/create-policy.mdx
index 2b566ef29b4e199..43d81c2b197e158 100644
--- a/src/content/docs/learning-paths/secure-internet-traffic/build-http-policies/create-policy.mdx
+++ b/src/content/docs/learning-paths/secure-internet-traffic/build-http-policies/create-policy.mdx
@@ -13,26 +13,10 @@ Now that you have considered which devices and applications TLS inspection shoul
 
 Use a standard naming convention when building all policies. Policy names should be unique across the Cloudflare account, follow the same structure, and be as descriptive as possible.
 
-To create a new HTTP policy:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
-
-2. In the **HTTP** tab, select **Add a policy**.
-
-3. Name the policy.
-
-4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
-
-5. Choose an **Action** to take when traffic matches the logical expression. For example, if you have enabled TLS inspection, some applications that use [embedded certificates](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#inspection-limitations) may not support HTTP inspection, such as some Google products. You can create a policy to bypass inspection for these applications:
-
-   <Render
-   	file="gateway/policies/do-not-inspect-applications"
-   	product="cloudflare-one"
-   />
-
-6. Select **Create policy**.
-
-For more information, refer to [HTTP policies](/cloudflare-one/policies/gateway/http-policies/).
+<Render
+	file="gateway/get-started/create-http-policy"
+	product="cloudflare-one"
+/>
 
 ## Order your policies
 
diff --git a/src/content/partials/cloudflare-one/gateway/get-started/create-http-policy.mdx b/src/content/partials/cloudflare-one/gateway/get-started/create-http-policy.mdx
new file mode 100644
index 000000000000000..d146717bc39f976
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/get-started/create-http-policy.mdx
@@ -0,0 +1,29 @@
+---
+{}
+---
+
+import { Render } from "~/components";
+
+To create a new HTTP policy:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
+2. In the **HTTP** tab, select **Add a policy**.
+3. Name the policy.
+4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
+5. Choose an **Action** to take when traffic matches the logical expression. For example, if you have enabled TLS inspection, some applications that use [embedded certificates](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#inspection-limitations) may not support HTTP inspection, such as some Google products. You can create a policy to bypass inspection for these applications:
+
+   <Render
+   	file="gateway/policies/do-not-inspect-applications"
+   	product="cloudflare-one"
+   />
+
+   Cloudflare also recommends adding a policy to block [known threats](/cloudflare-one/policies/gateway/domain-categories/#security-categories) such as Command & Control, Botnet and Malware based on Cloudflare's threat intelligence:
+
+   <Render
+   	file="gateway/policies/block-security-categories"
+   	product="cloudflare-one"
+   />
+
+6. Select **Create policy**.
+
+For more information, refer to [HTTP policies](/cloudflare-one/policies/gateway/http-policies/).
