diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go
index 1eb4b8c1bd..db38de9bd5 100644
--- a/cmd/nginx-ingress/main.go
+++ b/cmd/nginx-ingress/main.go
@@ -59,6 +59,7 @@ func main() {
 	fmt.Printf("NGINX Ingress Controller Version=%v Commit=%v Date=%v DirtyState=%v Arch=%v/%v Go=%v\n", version, commitHash, commitTime, dirtyBuild, runtime.GOOS, runtime.GOARCH, runtime.Version())
 
 	parseFlags()
+	parsedFlags := os.Args[1:]
 
 	config, kubeClient := createConfigAndKubeClient()
 
@@ -217,6 +218,7 @@ func main() {
 		TelemetryReportingEndpoint:   telemetryEndpoint,
 		NICVersion:                   version,
 		DynamicWeightChangesReload:   *enableDynamicWeightChangesReload,
+		InstallationFlags:            parsedFlags,
 	}
 
 	lbc := k8s.NewLoadBalancerController(lbcInput)
diff --git a/docs/content/configuration/global-configuration/globalconfiguration-resource.md b/docs/content/configuration/global-configuration/globalconfiguration-resource.md
index 51d9f8f48f..33830af896 100644
--- a/docs/content/configuration/global-configuration/globalconfiguration-resource.md
+++ b/docs/content/configuration/global-configuration/globalconfiguration-resource.md
@@ -77,15 +77,15 @@ You can use the usual `kubectl` commands to work with a GlobalConfiguration reso
 
 For example, the following command creates a GlobalConfiguration resource defined in `global-configuration.yaml` with the name `nginx-configuration`:
 
-```
-$ kubectl apply -f global-configuration.yaml
+```shell
+kubectl apply -f global-configuration.yaml
 globalconfiguration.k8s.nginx.org/nginx-configuration created
 ```
 
 Assuming the namespace of the resource is `nginx-ingress`, you can get the resource by running:
 
-```
-$ kubectl get globalconfiguration nginx-configuration -n nginx-ingress
+```shell
+kubectl get globalconfiguration nginx-configuration -n nginx-ingress
 NAME                  AGE
 nginx-configuration   13s
 ```
@@ -128,8 +128,8 @@ The Ingress Controller validates the fields of a GlobalConfiguration resource. I
 
 You can check if the Ingress Controller successfully applied the configuration for a GlobalConfiguration. For our  `nginx-configuration` GlobalConfiguration, we can run:
 
-```
-$ kubectl describe gc nginx-configuration -n nginx-ingress
+```shell
+kubectl describe gc nginx-configuration -n nginx-ingress
 . . .
 Events:
   Type     Reason    Age   From                      Message
@@ -141,8 +141,8 @@ Note how the events section includes a Normal event with the Updated reason that
 
 If you create a GlobalConfiguration `nginx-configuration` with two or more listeners that have the same protocol UDP and port 53, you will get:
 
-```
-$ kubectl describe gc nginx-configuration -n nginx-ingress
+```shell
+kubectl describe gc nginx-configuration -n nginx-ingress
 . . .
 Events:
   Type     Reason    Age   From                      Message
diff --git a/docs/content/configuration/global-configuration/reporting-resources-status.md b/docs/content/configuration/global-configuration/reporting-resources-status.md
index dad4f17fe6..4c75281d60 100644
--- a/docs/content/configuration/global-configuration/reporting-resources-status.md
+++ b/docs/content/configuration/global-configuration/reporting-resources-status.md
@@ -34,16 +34,16 @@ Notes: NGINX Ingress Controller does not clear the status of Ingress resources w
 A VirtualServer or VirtualServerRoute resource includes the status field with information about the state of the resource and the IP address, through which the hosts of that resource are publicly accessible.
 You can see the status in the output of the `kubectl get virtualservers` or `kubectl get virtualserverroutes` commands as shown below:
 
-```
-$ kubectl get virtualservers
+```shell
+kubectl get virtualservers
   NAME   STATE   HOST                   IP            PORTS      AGE
   cafe   Valid   cafe.example.com       12.13.23.123  [80,443]   34s
 ```
 
 To see an external hostname address associated with a VirtualServer resource, use the `-o wide` option:
 
-```
-$ kubectl get virtualservers -o wide
+```shell
+kubectl get virtualservers -o wide
   NAME   STATE   HOST               IP    EXTERNALHOSTNAME                                                         PORTS      AGE
   cafe   Valid   cafe.example.com         ae430f41a1a0042908655abcdefghijkl-12345678.eu-west-2.elb.amazonaws.com   [80,443]   106s
 ```
@@ -52,8 +52,8 @@ $ kubectl get virtualservers -o wide
 
 In order to see additional addresses or extra information about the `Status` of the resource, use the following command:
 
-```
-$ kubectl describe virtualserver <NAME>
+```shell
+kubectl describe virtualserver <NAME>
 . . .
 Status:
   External Endpoints:
@@ -110,16 +110,16 @@ Notes: The Ingress Controller does not clear the status of VirtualServer and Vir
 A Policy resource includes the status field with information about the state of the resource.
 You can see the status in the output of the `kubectl get policy` command as shown below:
 
-```
-$ kubectl get policy
+```shell
+kubectl get policy
   NAME              STATE   AGE
   webapp-policy     Valid   30s
 ```
 
 In order to see additional addresses or extra information about the `Status` of the resource, use the following command:
 
-```
-$ kubectl describe policy <NAME>
+```shell
+kubectl describe policy <NAME>
 . . .
 Status:
   Message:  Configuration for default/webapp-policy was added or updated
@@ -144,16 +144,16 @@ The following fields are reported in Policy status:
 A TransportServer resource includes the status field with information about the state of the resource.
 You can see the status in the output of the `kubectl get transportserver` command as shown below:
 
-```
-$ kubectl get transportserver
+```shell
+kubectl get transportserver
   NAME      STATE   REASON           AGE
   dns-tcp   Valid   AddedOrUpdated   47m
 ```
 
 In order to see additional addresses or extra information about the `Status` of the resource, use the following command:
 
-```
-$ kubectl describe transportserver <NAME>
+```shell
+kubectl describe transportserver <NAME>
 . . .
 Status:
   Message:  Configuration for default/dns-tcp was added or updated
diff --git a/docs/content/configuration/handling-host-and-listener-collisions.md b/docs/content/configuration/handling-host-and-listener-collisions.md
index 90963365d6..45ef42afd8 100644
--- a/docs/content/configuration/handling-host-and-listener-collisions.md
+++ b/docs/content/configuration/handling-host-and-listener-collisions.md
@@ -56,7 +56,7 @@ If a user creates both resources in the cluster, a host collision will occur. As
 
 In our example, if `cafe-virtual-server` was created first, it will win the host `cafe.example.com` and the Ingress Controller will reject `cafe-ingress`. This will be reflected in the events and in the resource's status field:
 
-```console
+```shell
 kubectl describe vs cafe-virtual-server
 
 . . .
@@ -130,7 +130,7 @@ If a user creates both resources in the cluster, a listener collision will occur
 
 In our example, if `tcp-1` was created first, it will win the listener `dns-tcp` and the Ingress Controller will reject `tcp-2`. This will be reflected in the events and in the resource's status field:
 
-```console
+```shell
 kubectl describe ts tcp-2
 
 . . .
diff --git a/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md b/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md
index 342e5342bf..bd28023273 100644
--- a/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md
+++ b/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md
@@ -57,7 +57,7 @@ NGINX Ingress Controller validates the annotations of Ingress resources. If an I
 
 You can check if the Ingress Controller successfully applied the configuration for an Ingress. For our example `cafe-ingress-with-annotations` Ingress, we can run:
 
-```console
+```shell
 kubectl describe ing cafe-ingress-with-annotations
 
 . . .
@@ -71,7 +71,7 @@ Note how the events section includes a Normal event with the AddedOrUpdated reas
 
 If you create an invalid Ingress, the Ingress Controller will reject it and emit a Rejected event. For example, if you create an Ingress `cafe-ingress-with-annotations`, with an annotation `nginx.org/redirect-to-https` set to `yes please` instead of `true`, you will get:
 
-```console
+```shell
 kubectl describe ing cafe-ingress-with-annotations
 
 . . .
diff --git a/docs/content/configuration/ingress-resources/advanced-configuration-with-snippets.md b/docs/content/configuration/ingress-resources/advanced-configuration-with-snippets.md
index fd83073a90..6001d18e4f 100644
--- a/docs/content/configuration/ingress-resources/advanced-configuration-with-snippets.md
+++ b/docs/content/configuration/ingress-resources/advanced-configuration-with-snippets.md
@@ -104,7 +104,7 @@ If a snippet includes an invalid NGINX configuration, the Ingress Controller wil
 
 An example of an error from the logs:
 
-```
+```shell
 [emerg] 31#31: unknown directive "badd_header" in /etc/nginx/conf.d/default-cafe-ingress-with-snippets.conf:54
 Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"cafe-ingress-with-snippets", UID:"f9656dc9-63a6-41dd-a499-525b0e0309bb", APIVersion:"extensions/v1beta1", ResourceVersion:"2322030", FieldPath:""}): type: 'Warning' reason: 'AddedOrUpdatedWithError' Configuration for default/cafe-ingress-with-snippets was added or updated, but not applied: Error reloading NGINX for default/cafe-ingress-with-snippets: nginx reload failed: Command /usr/sbin/nginx -s reload stdout: ""
 stderr: "nginx: [emerg] unknown directive \"badd_header\" in /etc/nginx/conf.d/default-cafe-ingress-with-snippets.conf:54\n"
@@ -113,7 +113,7 @@ finished with error: exit status 1
 
 An example of an event with an error (you can view events associated with the Ingress by running `kubectl describe -n nginx-ingress ingress nginx-ingress`):
 
-```
+```shell
 Events:
 Type     Reason                   Age                From                      Message
 ----     ------                   ----               ----                      -------
diff --git a/docs/content/configuration/ingress-resources/custom-annotations.md b/docs/content/configuration/ingress-resources/custom-annotations.md
index c1fefcb130..67738816b3 100644
--- a/docs/content/configuration/ingress-resources/custom-annotations.md
+++ b/docs/content/configuration/ingress-resources/custom-annotations.md
@@ -57,7 +57,7 @@ spec:
 
 Assuming that the Ingress Controller is using that customized template, it will generate a config for the Ingress resource that will include the following part, generated by our template excerpt:
 
-```
+```yaml
 # This is the configuration for cafe-ingress/default
 
 # Insert config for feature A if the annotation is set
diff --git a/docs/content/configuration/policy-resource.md b/docs/content/configuration/policy-resource.md
index a28b703cc8..5b96c58f27 100644
--- a/docs/content/configuration/policy-resource.md
+++ b/docs/content/configuration/policy-resource.md
@@ -502,7 +502,7 @@ You can use the usual `kubectl` commands to work with Policy resources, just as
 
 For example, the following command creates a Policy resource defined in `access-control-policy-allow.yaml` with the name `webapp-policy`:
 
-```console
+```shell
 kubectl apply -f access-control-policy-allow.yaml
 
 policy.k8s.nginx.org/webapp-policy configured
@@ -510,7 +510,7 @@ policy.k8s.nginx.org/webapp-policy configured
 
 You can get the resource by running:
 
-```console
+```shell
 kubectl get policy webapp-policy
 
 NAME            AGE
@@ -670,7 +670,7 @@ If you try to create (or update) a resource that violates the structural schema
 
 - Example of `kubectl` validation:
 
-    ```console
+    ```shell
     kubectl apply -f access-control-policy-allow.yaml
 
     error: error validating "access-control-policy-allow.yaml": error validating data: ValidationError(Policy.spec.accessControl.allow): invalid type for org.nginx.k8s.v1.Policy.spec.accessControl.allow: got "string", expected "array"; if you choose to ignore these errors, turn validation off with --validate=false
@@ -678,7 +678,7 @@ If you try to create (or update) a resource that violates the structural schema
 
 - Example of Kubernetes API server validation:
 
-    ```console
+    ```shell
     kubectl apply -f access-control-policy-allow.yaml --validate=false
 
     The Policy "webapp-policy" is invalid: spec.accessControl.allow: Invalid value: "string": spec.accessControl.allow in body must be of type array: "string"
@@ -692,7 +692,7 @@ NGINX Ingress Controller validates the fields of a Policy resource. If a resourc
 
 You can use `kubectl` to check whether or not NGINX Ingress Controller successfully applied a Policy configuration. For our example `webapp-policy` Policy, we can run:
 
-```console
+```shell
 kubectl describe pol webapp-policy
 
 . . .
@@ -706,7 +706,7 @@ Note how the events section includes a Normal event with the AddedOrUpdated reas
 
 If you create an invalid resource, NGINX Ingress Controller will reject it and emit a Rejected event. For example, if you create a Policy `webapp-policy` with an invalid IP `10.0.0.` in the `allow` field, you will get:
 
-```console
+```shell
 kubectl describe policy webapp-policy
 
 . . .
@@ -720,7 +720,7 @@ Note how the events section includes a Warning event with the Rejected reason.
 
 Additionally, this information is also available in the `status` field of the Policy resource. Note the Status section of the Policy:
 
-```console
+```shell
 kubectl describe pol webapp-policy
 
 . . .
diff --git a/docs/content/configuration/transportserver-resource.md b/docs/content/configuration/transportserver-resource.md
index c0d0d9d44d..2ef19d51f3 100644
--- a/docs/content/configuration/transportserver-resource.md
+++ b/docs/content/configuration/transportserver-resource.md
@@ -278,7 +278,7 @@ You can use the usual `kubectl` commands to work with TransportServer resources,
 
 For example, the following command creates a TransportServer resource defined in `transport-server-passthrough.yaml` with the name `secure-app`:
 
-```console
+```shell
 kubectl apply -f transport-server-passthrough.yaml
 
 transportserver.k8s.nginx.org/secure-app created
@@ -286,7 +286,7 @@ transportserver.k8s.nginx.org/secure-app created
 
 You can get the resource by running:
 
-```console
+```shell
 kubectl get transportserver secure-app
 
 NAME         AGE
@@ -363,7 +363,7 @@ If you try to create (or update) a resource that violates the structural schema
 
 - Example of `kubectl` validation:
 
-    ```console
+    ```shell
     kubectl apply -f transport-server-passthrough.yaml
 
       error: error validating "transport-server-passthrough.yaml": error validating data: ValidationError(TransportServer.spec.upstreams[0].port): invalid type for org.nginx.k8s.v1.TransportServer.spec.upstreams.port: got "string", expected "integer"; if you choose to ignore these errors, turn validation off with --validate=false
@@ -371,7 +371,7 @@ If you try to create (or update) a resource that violates the structural schema
 
 - Example of Kubernetes API server validation:
 
-    ```console
+    ```shell
     kubectl apply -f transport-server-passthrough.yaml --validate=false
 
       The TransportServer "secure-app" is invalid: []: Invalid value: map[string]interface {}{ ... }: validation failure list:
@@ -386,7 +386,7 @@ The Ingress Controller validates the fields of a TransportServer resource. If a
 
 You can check if the Ingress Controller successfully applied the configuration for a TransportServer. For our example `secure-app` TransportServer, we can run:
 
-```console
+```shell
 kubectl describe ts secure-app
 
 . . .
@@ -400,7 +400,7 @@ Note how the events section includes a Normal event with the AddedOrUpdated reas
 
 If you create an invalid resource, the Ingress Controller will reject it and emit a Rejected event. For example, if you create a TransportServer `secure-app` with a pass action that references a non-existing upstream, you will get  :
 
-```console
+```shell
 kubectl describe ts secure-app
 
 . . .
diff --git a/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md b/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md
index 209ca295d0..2cc77b556d 100644
--- a/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md
+++ b/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md
@@ -936,7 +936,7 @@ You can use the usual `kubectl` commands to work with VirtualServer and VirtualS
 
 For example, the following command creates a VirtualServer resource defined in `cafe-virtual-server.yaml` with the name `cafe`:
 
-```console
+```shell
 kubectl apply -f cafe-virtual-server.yaml
 
 virtualserver.k8s.nginx.org "cafe" created
@@ -944,7 +944,7 @@ virtualserver.k8s.nginx.org "cafe" created
 
 You can get the resource by running:
 
-```console
+```shell
 kubectl get virtualserver cafe
 
 NAME   STATE   HOST                   IP            PORTS      AGE
@@ -1024,7 +1024,7 @@ If you try to create (or update) a resource that violates the structural schema
 
 - Example of `kubectl` validation:
 
-    ```console
+    ```shell
     kubectl apply -f cafe-virtual-server.yaml
 
       error: error validating "cafe-virtual-server.yaml": error validating data: ValidationError(VirtualServer.spec.upstreams[0].port): invalid type for org.nginx.k8s.v1.VirtualServer.spec.upstreams.port: got "string", expected "integer"; if you choose to ignore these errors, turn validation off with --validate=false
@@ -1032,7 +1032,7 @@ If you try to create (or update) a resource that violates the structural schema
 
 - Example of Kubernetes API server validation:
 
-    ```console
+    ```shell
     kubectl apply -f cafe-virtual-server.yaml --validate=false
 
       The VirtualServer "cafe" is invalid: []: Invalid value: map[string]interface {}{ ... }: validation failure list:
@@ -1047,7 +1047,7 @@ The Ingress Controller validates the fields of the VirtualServer and VirtualServ
 
 You can check if the Ingress Controller successfully applied the configuration for a VirtualServer. For our example `cafe` VirtualServer, we can run:
 
-```console
+```shell
 kubectl describe vs cafe
 
 . . .
@@ -1061,7 +1061,7 @@ Note how the events section includes a Normal event with the AddedOrUpdated reas
 
 If you create an invalid resource, the Ingress Controller will reject it and emit a Rejected event. For example, if you create a VirtualServer `cafe` with two upstream with the same name `tea`, you will get:
 
-```console
+```shell
 kubectl describe vs cafe
 
 . . .
@@ -1075,7 +1075,7 @@ Note how the events section includes a Warning event with the Rejected reason.
 
 Additionally, this information is also available in the `status` field of the VirtualServer resource. Note the Status section of the VirtualServer:
 
-```console
+```shell
 kubectl describe vs cafe
 
 . . .
diff --git a/docs/content/installation/installing-nic/installation-with-helm.md b/docs/content/installation/installing-nic/installation-with-helm.md
index 6ce206d878..7a8ddbce7a 100644
--- a/docs/content/installation/installing-nic/installation-with-helm.md
+++ b/docs/content/installation/installing-nic/installation-with-helm.md
@@ -38,7 +38,7 @@ kubectl apply -f crds/
 
 Alternatively, CRDs can be upgraded without pulling the chart by running:
 
-```console
+```shell
 kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/deploy/crds.yaml
 ```
 
diff --git a/docs/content/installation/integrations/app-protect-dos/configuration.md b/docs/content/installation/integrations/app-protect-dos/configuration.md
index 600f416998..f7d96fadb6 100644
--- a/docs/content/installation/integrations/app-protect-dos/configuration.md
+++ b/docs/content/installation/integrations/app-protect-dos/configuration.md
@@ -32,7 +32,7 @@ spec:
       timeout: 5
   ```
 
-2. Enable App Protect DoS on an Ingress by adding an annotation on the Ingress. Set the value of the annotation to the qualified identifier(`namespace/name`) of a DosProtectedResource:
+2. Enable App Protect DoS for an Ingress resource by adding an annotation to the Ingress. Set the value of the annotation to the qualified identifier(`namespace/name`) of a DosProtectedResource:
 
   ```yaml
    apiVersion: networking.k8s.io/v1
@@ -43,7 +43,7 @@ spec:
          appprotectdos.f5.com/app-protect-dos-resource: "default/dos-protected"
   ```
 
-3. Enable App Protect DoS on a VirtualServer by setting the `dos` field value to the qualified identifier(`namespace/name`) of a DosProtectedResource:
+3. Enable App Protect DoS on a VirtualServer resource by setting the `dos` field value to the qualified identifier(`namespace/name`) of a DosProtectedResource:
 
   ```yaml
 apiVersion: k8s.nginx.org/v1
@@ -76,10 +76,10 @@ For example, say you want to use DoS Policy as shown below:
    bad_actors: "on",
    automation_tools_detection: "on",
    tls_fingerprint: "on",
-}
+   }
   ```
 
-You would create an `APDosPolicy` resource with the policy defined in the `spec`, as shown below:
+Create an `APDosPolicy` resource with the policy defined in the `spec`, as shown below:
 
   ```yaml
    apiVersion: appprotectdos.f5.com/v1beta1
diff --git a/docs/content/installation/integrations/app-protect-dos/dos-protected.md b/docs/content/installation/integrations/app-protect-dos/dos-protected.md
index 2c76cb2f2f..fcc42aff2d 100644
--- a/docs/content/installation/integrations/app-protect-dos/dos-protected.md
+++ b/docs/content/installation/integrations/app-protect-dos/dos-protected.md
@@ -2,20 +2,18 @@
 docs: DOCS-581
 doctypes:
 - ''
-title: DoS Protected Resource
+title: DoS protected resource specification
 toc: true
 weight: 300
 ---
 
-NGINX App Protect DoS Protected Resource Specification
+NGINX App Protect DoS protected resource specification
 
-> Note: This feature is only available in NGINX Plus with App Protect DoS.
+{{< note >}} This feature is only available using the NGINX Plus [NGINX App Protect DoS Module](/nginx-app-protect-dos/deployment-guide/learn-about-deployment/). {{< /note >}}
 
-> Note: The feature is implemented using the NGINX Plus [NGINX App Protect DoS Module](/nginx-app-protect-dos/deployment-guide/learn-about-deployment/).
+## DoS Protected resource specification
 
-## DoS Protected Resource Specification
-
-Below is an example of a dos protected resource.
+Below is an example of a DoS protected resource.
 
 ```yaml
 apiVersion: appprotectdos.f5.com/v1beta1
@@ -27,7 +25,6 @@ spec:
   name: "my-dos"
   apDosMonitor:
     uri: "webapp.example.com"
-
 ```
 
 {{% table %}}
@@ -53,51 +50,56 @@ The `apDosPolicy` is a reference (qualified identifier in the format `namespace/
 
 This is how NGINX App Protect DoS monitors the stress level of the protected object. The monitor requests are sent from localhost (127.0.0.1).
 
-### Invalid DoS Protected Resources
+### Invalid DoS Protected resources
 
-NGINX will treat a dos protected resource as invalid if one of the following conditions is met:
+NGINX will treat a DoS protected resource as invalid if one of the following conditions is met:
 
-- The dos protected resource doesn't pass the [comprehensive validation](#comprehensive-validation).
-- The dos protected resource isn't present in the cluster.
+- The DoS protected resource doesn't pass the [comprehensive validation](#comprehensive-validation).
+- The DoS protected resource isn't present in the cluster.
 
 ### Validation
 
-Two types of validation are available for the dos protected resource:
+Two types of validation are available for the DoS protected resource:
 
 - *Structural validation*, done by `kubectl` and the Kubernetes API server.
-- *Comprehensive validation*, done by the Ingress Controller.
+- *Comprehensive validation*, done by NGINX Ingress Controller.
 
-#### Structural Validation
+#### Structural validation
 
-The custom resource definition for the dos protected resource includes a structural OpenAPI schema, which describes the type of every field of the resource.
+The custom resource definition for the DoS protected resource includes a structural OpenAPI schema, which describes the type of every field of the resource.
 
 If you try to create (or update) a resource that violates the structural schema -- for example, the resource uses a string value instead of a bool in the `enable` field -- `kubectl` and the Kubernetes API server will reject the resource.
 
 - Example of `kubectl` validation:
 
+    ```shell
+    kubectl apply -f apdos-protected.yaml
     ```
-    $ kubectl apply -f apdos-protected.yaml
+    ```shell
     error: error validating "examples/app-protect-dos/apdos-protected.yaml": error validating data: ValidationError(DosProtectedResource.spec.enable): invalid type for com.f5.appprotectdos.v1beta1.DosProtectedResource.spec.enable: got "string", expected "boolean"; if you choose to ignore these errors, turn validation off with --validate=false
     ```
 
 - Example of Kubernetes API server validation:
 
+    ```shell
+    kubectl apply -f access-control-policy-allow.yaml --validate=false
     ```
-    $ kubectl apply -f access-control-policy-allow.yaml --validate=false
+    ```shell
     The DosProtectedResource "dos-protected" is invalid: spec.enable: Invalid value: "string": spec.enable in body must be of type boolean: "string"
     ```
 
-If a resource passes structural validation, then the Ingress Controller's comprehensive validation runs.
+If a resource passes structural validation, then NGINX Ingress Controller will start comprehensive validation.
 
-#### Comprehensive Validation
+#### Comprehensive validation
 
-The Ingress Controller validates the fields of a dos protected resource. If a resource is invalid, the Ingress Controller will reject it. The resource will continue to exist in the cluster, but the Ingress Controller will ignore it.
+NGINX Ingress Controller validates the fields of a DoS protected resource. If a resource is invalid, NGINX Ingress Controller will reject it. The resource will continue to exist in the cluster, but NGINX Ingress Controller will ignore it.
 
-You can use `kubectl` to check if the Ingress Controller successfully applied a dos protected resource configuration. For our example `dos-protected` dos protected resource, we can run:
+You can use `kubectl` to check if NGINX Ingress Controller successfully applied a DoS protected resource configuration. For our example `dos-protected` DoS protected resource, we can run:
 
+```shell
+kubectl describe dosprotectedresource dos-protected
 ```
-$ kubectl describe dosprotectedresource dos-protected
-. . .
+```shell
 Events:
   Type    Reason          Age                From                      Message
   ----    ------          ----               ----                      -------
@@ -106,17 +108,18 @@ Events:
 
 Note how the events section includes a Normal event with the AddedOrUpdated reason that informs us that the configuration was successfully applied.
 
-If you create an invalid resource, the Ingress Controller will reject it and emit a Rejected event. For example, if you create a dos protected resource `dos-protected` with an invalid URI `bad` in the `dosSecurityLog/dosLogDest` field, you will get:
+If you create an invalid resource, NGINX Ingress Controller will reject it and emit a Rejected event. For example, if you create a dos protected resource `dos-protected` with an invalid URI `bad` in the `dosSecurityLog/dosLogDest` field, you will get:
 
+```shell
+kubectl describe policy webapp-policy
 ```
-$ kubectl describe policy webapp-policy
-. . .
+```shell
 Events:
   Type     Reason    Age   From                      Message
   ----     ------    ----  ----                      -------
   Warning  Rejected  2s    nginx-ingress-controller  error validating DosProtectedResource: dos-protected invalid field: dosSecurityLog/dosLogDest err: invalid log destination: bad, must follow format: <ip-address | localhost | dns name>:<port> or stderr
 ```
 
-Note how the events section includes a Warning event with the Rejected reason.
+The events section has Warning event with the rejection error in the message.
 
-**Note**: If you make an existing resource invalid, the Ingress Controller will reject it.
+{{< warning >}} If you invalidate an existing resource, NGINX Ingress Controller will reject it. {{< /warning >}}
diff --git a/docs/content/installation/integrations/app-protect-dos/installation.md b/docs/content/installation/integrations/app-protect-dos/installation.md
index e76f04a166..dc699bdb66 100644
--- a/docs/content/installation/integrations/app-protect-dos/installation.md
+++ b/docs/content/installation/integrations/app-protect-dos/installation.md
@@ -2,7 +2,7 @@
 docs: DOCS-583
 doctypes:
 - ''
-title: Building NGINX Ingress Controller with NGINX App Protect DoS
+title: Build NGINX Ingress Controller with NGINX App Protect DoS
 toc: true
 weight: 100
 ---
diff --git a/docs/content/troubleshooting/troubleshooting-app-protect-dos.md b/docs/content/installation/integrations/app-protect-dos/troubleshooting-app-protect-dos.md
similarity index 92%
rename from docs/content/troubleshooting/troubleshooting-app-protect-dos.md
rename to docs/content/installation/integrations/app-protect-dos/troubleshooting-app-protect-dos.md
index ccb041f13a..ad8aee8705 100644
--- a/docs/content/troubleshooting/troubleshooting-app-protect-dos.md
+++ b/docs/content/installation/integrations/app-protect-dos/troubleshooting-app-protect-dos.md
@@ -2,18 +2,18 @@
 docs: DOCS-1456
 doctypes:
 - ''
-title: Troubleshooting with NGINX App Protect DoS
+title: Troubleshooting NGINX App Protect DoS
 toc: true
-weight: 600
+weight: 400
 ---
 
 This document describes how to troubleshoot problems when using NGINX Ingress Controller and the App Protect DoS module.
 
-To troubleshoot other parts of NGINX Ingress Controller, check the [troubleshooting]({{< relref "troubleshooting/troubleshoot-common" >}}) section of the documentation.
+To troubleshoot other parts of NGINX Ingress Controller, check the [troubleshooting]({{< relref "troubleshooting/troubleshoot-common.md" >}}) section of the documentation.
 
-## Potential Problems
+## Potential problems
 
-The table below categorizes some potential problems with NGINX Ingress Controller when the App Protect DoS module is enabled. It suggests how to troubleshoot those problems, using one or more methods from the next section.
+The table below outlines potential problems with NGINX Ingress Controller when the App Protect DoS module is enabled. It suggests how to troubleshoot those problems with methods explained in the next section.
 
 {{% table %}}
 |Problem area | Symptom | Troubleshooting method | Common cause |
@@ -22,7 +22,7 @@ The table below categorizes some potential problems with NGINX Ingress Controlle
 |DosProtectedResource, APDosLogConf, APDosPolicy or Ingress Resource. | The configuration is not applied. | Check the events of the DosProtectedResource, APDosLogConf, APDosPolicy and Ingress Resource, check the Ingress Controller logs. | DosProtectedResource, APDosLogConf or APDosPolicy is invalid. |
 {{% /table %}}
 
-## Troubleshooting Methods
+## Troubleshooting ethods
 
 ### Checking NGINX Ingress Controller and App Protect DoS logs
 
diff --git a/docs/content/installation/integrations/app-protect-waf/configuration.md b/docs/content/installation/integrations/app-protect-waf/configuration.md
index 0c0c3e91fb..944e2e5590 100644
--- a/docs/content/installation/integrations/app-protect-waf/configuration.md
+++ b/docs/content/installation/integrations/app-protect-waf/configuration.md
@@ -4,12 +4,12 @@ doctypes:
 - ''
 title: Configuration
 toc: true
-weight: 1900
+weight: 200
 ---
 
 This document explains how to use F5 NGINX Ingress Controller to configure NGINX App Protect WAF.
 
-> Check out the complete NGINX Ingress Controller with NGINX App Protect WAF example resources on GitHub [for VirtualServer resources](https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.1/examples/custom-resources/app-protect-waf) and [for Ingress resources](https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.1/examples/ingress-resources/app-protect-waf).
+{{< note >}} Check out the complete NGINX Ingress Controller with NGINX App Protect WAF example resources on GitHub [for VirtualServer resources](https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.1/examples/custom-resources/app-protect-waf) and [for Ingress resources](https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.1/examples/ingress-resources/app-protect-waf).{{< /note >}}
 
 ## Global Configuration
 
@@ -28,19 +28,19 @@ NGINX App Protect WAF can be enabled and configured for custom resources (Virtua
 NGINX App Protect WAF Policies can be created for VirtualServer, VirtualServerRoute, or Ingress resources by creating an `APPolicy` [custom resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). There are some caveats:
 
 - The fields `policy.signature-requirements[].minRevisionDatetime` and `policy.signature-requirements[].maxRevisionDatetime` are not supported.
-- [The Advanced gRPC Protection for Unary Traffic](/nginx-app-protect-waf/configuration-guide/configuration/#grpc-protection-for-unary-traffic) only supports providing an `idl-file` inline. The fields `policy.idl-files[].link`, `policy.idl-files[].$ref`, and
+- [The Advanced gRPC Protection for Unary Traffic](/nginx-app-protect-waf/v4/configuration-guide/configuration/#grpc-protection-for-unary-traffic) only supports providing an `idl-file` inline. The fields `policy.idl-files[].link`, `policy.idl-files[].$ref`, and
  `policy.idl-files[].file` are not supported. The IDL file should be provided in field `policy.idl-files[].contents`. The value of this field can be base64 encoded. In this case the field `policy.idl-files[].isBase64` should be set to `true`.
 
 {{<warning>}} External references are deprecated in NGINX Ingress Controller and will not be supported in future releases. {{</warning>}}
 
-To add an [NGINX App Protect WAF policy](/nginx-app-protect-waf/declarative-policy/policy/) to an Ingress resource:
+To add an [NGINX App Protect WAF policy](/nginx-app-protect-waf/v4/declarative-policy/policy/) to an Ingress resource:
 
 1. Create an `APPolicy` custom resource manifest.
 1. Add the policy to the `spec` field in the `APPolicy` resource.
 
 A resource specification and its Policy JSON **must** match. The fields must be identical in name and nesting level. If the resources are defined with YAML, the policy must also be represented in YAML.
 
-As an example, this is a [DataGuard policy](/nginx-app-protect-waf/declarative-policy/policy/#policy/data-guard):
+As an example, this is a [DataGuard policy](/nginx-app-protect-waf/v4/declarative-policy/policy/#policy/data-guard):
 
 ```json
 {
@@ -104,9 +104,9 @@ Notice that the fields match in name and nesting: NGINX Ingress Controller will
 
 Configuring
 
-You can set the [NGINX App Protect WAF log configurations](/nginx-app-protect-waf/logging-overview/logs-overview/) by creating an `APLogConf` [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/).
+You can set the [NGINX App Protect WAF log configurations](/nginx-app-protect-waf/v4/logging-overview/logs-overview/) by creating an `APLogConf` [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/).
 
-To add the [log configurations](/nginx-app-protect-waf/logging-overview/security-log/) to a VirtualServer or an Ingress resource:
+To add the [log configurations](/nginx-app-protect-waf/v4/logging-overview/security-log/) to a VirtualServer or an Ingress resource:
 
 1. Create an `APLogConf` Custom Resource manifest.
 1. Add the log configuration to the `spec` field in the `APLogConf` resource.
@@ -114,7 +114,7 @@ To add the [log configurations](/nginx-app-protect-waf/logging-overview/security
 
    > **Note**: The fields from the JSON must be presented in the YAML *exactly* the same, in name and level. NGINX Ingress Controller will transform the YAML into a valid JSON WAF log config.
 
-For example, say you want to [log state changing requests](/nginx-app-protect-waf/logging-overview/security-log/#security-log-configuration-file) for your VirtualServer or Ingress resources using NGINX App Protect WAF. The  log configuration looks like this:
+For example, say you want to [log state changing requests](/nginx-app-protect-waf/v4/logging-overview/security-log/#security-log-configuration-file) for your VirtualServer or Ingress resources using NGINX App Protect WAF. The  log configuration looks like this:
 
 ```json
 {
@@ -145,13 +145,13 @@ spec:
 
 ## NGINX App Protect WAF User Defined Signatures
 
-You can define NGINX App Protect WAF [User-Defined Signatures](/nginx-app-protect-waf/configuration-guide/configuration/#user-defined-signatures) for your VirtualServer or Ingress resources by creating an `APUserSig` [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/).
+You can define NGINX App Protect WAF [User-Defined Signatures](/nginx-app-protect-waf/v4/configuration-guide/configuration/#user-defined-signatures) for your VirtualServer or Ingress resources by creating an `APUserSig` [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/).
 
  > **Note**: The field `revisionDatetime` is not currently supported.
 
-> **Note**: `APUserSig` resources increase the reload time of NGINX Plus compared with `APPolicy` and `APLogConf` resources. Refer to [NGINX Fails to Start or Reload]({{< relref "troubleshooting/troubleshooting-app-protect-waf.md#nginx-fails-to-start-or-reload" >}}) for more information.
+> **Note**: `APUserSig` resources increase the reload time of NGINX Plus compared with `APPolicy` and `APLogConf` resources. Refer to [NGINX Fails to Start or Reload]({{< relref "installation/integrations/app-protect-waf/troubleshooting-app-protect-waf.md#nginx-fails-to-start-or-reload" >}}) for more information.
 
-To add the [User Defined Signatures](https://docs.nginx.com/nginx-app-protect-waf/configuration-guide/configuration/#user-defined-signatures) to a VirtualServer or Ingress resource:
+To add the [User Defined Signatures](/nginx-app-protect-waf/v4/configuration-guide/configuration/#user-defined-signatures) to a VirtualServer or Ingress resource:
 
 1. Create an `APUserSig` Custom resource manifest.
 2. Add the desired User defined signature to the `spec` field in the `APUserSig` resource.
@@ -266,7 +266,7 @@ It contains violations related to OpenAPI set to blocking (enforced).
 
 ### Types of OpenAPI References
 
-There are different ways of referencing OpenAPI Specification files. The configuration is similar to [External References](/nginx-app-protect-waf/configuration-guide/configuration/#external-references).
+There are different ways of referencing OpenAPI Specification files. The configuration is similar to [External References](/nginx-app-protect-waf/v4/configuration-guide/configuration/#external-references).
 
 **Note**: Any update of an OpenAPI Specification file referenced in the policy will not trigger a policy compilation. This action needs to be done actively by reloading the NGINX configuration.
 
@@ -274,7 +274,7 @@ There are different ways of referencing OpenAPI Specification files. The configu
 
 URL reference is the method of referencing an external source by providing its full URL.
 
-Make sure to configure certificates prior to using the HTTPS protocol - see the [External References](/nginx-app-protect-waf/configuration-guide/configuration/#types-of-references) for details.
+Make sure to configure certificates prior to using the HTTPS protocol - see the [External References](/nginx-app-protect-waf/v4/configuration-guide/configuration/#types-of-references) for details.
 
 ## Configuration in NGINX Ingress Controller
 
@@ -288,7 +288,7 @@ These are the typical steps to deploy an OpenAPI protection Policy in NGINX Ingr
 6. Create a `Policy` object which references the `APPolicy` Custom Resource as in [this example](https://github.com/nginxinc/kubernetes-ingress/blob/v3.5.1/examples/custom-resources/app-protect-waf/waf.yaml).
 7. Finally, attach the `Policy` object to a `VirtualServer` resource as in [this example](https://github.com/nginxinc/kubernetes-ingress/blob/v3.5.1/examples/custom-resources/app-protect-waf/virtual-server.yaml).
 
-**Note**:  You need to make sure that the server where the resource files are located is always available when you are compiling your policy.
+{{< note >}} You need to make sure that the server where the resource files are located is available while you are compiling your policy. {{< /note >}}
 
 ### Example Configuration
 
@@ -407,7 +407,7 @@ paths:
 
 In this case, the following request will trigger an `Illegal parameter data type` violation, as we expect to have an integer value in the `query_int` parameter:
 
-```
+```none
 http://localhost/query?query_int=abc
 ```
 
@@ -421,20 +421,20 @@ The `link` option is also available in the `openApiFileReference` property and i
 
 In this example we deploy NGINX Ingress Controller with NGINX Plus and NGINX App Protect WAF, deploy a simple web application, and then configure load balancing and WAF protection for that application using the VirtualServer resource.
 
-**Note:** You can find the example, and the files referenced, on [GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.1/examples/custom-resources/app-protect-waf).
+{{< note >}} You can find the example, and the files referenced, on [GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.1/examples/custom-resources/app-protect-waf).{{< /note >}}
 
 ## Prerequisites
 
-1. Follow the installation [instructions](https://docs.nginx.com/nginx-ingress-controller/installation) to deploy NGINX Ingress Controller with NGINX Plus and NGINX App Protect WAF.
+1. Follow the installation [instructions]({{< relref "installation/integrations/app-protect-waf/installation.md" >}}) to deploy NGINX Ingress Controller with NGINX Plus and NGINX App Protect WAF.
 2. Save the public IP address of NGINX Ingress Controller into a shell variable:
 
-   ```console
+   ```shell
     IC_IP=XXX.YYY.ZZZ.III
    ```
 
 3. Save the HTTP port of NGINX Ingress Controller into a shell variable:
 
-   ```console
+   ```shell
     IC_HTTP_PORT=<port number>
    ```
 
@@ -442,7 +442,7 @@ In this example we deploy NGINX Ingress Controller with NGINX Plus and NGINX App
 
 Create the application deployment and service:
 
-  ```console
+  ```shell
   kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/webapp.yaml
   ```
 
@@ -450,13 +450,13 @@ Create the application deployment and service:
 
 1. Create the syslog service and pod for the NGINX App Protect WAF security logs:
 
-   ```console
+   ```shell
    kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/syslog.yaml
    ```
 
 2. Create the User-Defined Signature, WAF policy, and log configuration:
 
-    ```console
+    ```shell
     kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/ap-apple-uds.yaml
     kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/ap-dataguard-alarm-policy.yaml
     kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/ap-logconf.yaml
@@ -466,7 +466,7 @@ Create the application deployment and service:
 
 Create the WAF policy
 
- ```console
+ ```shell
   kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/waf.yaml
  ```
 
@@ -476,7 +476,7 @@ Create the WAF policy
 
 1. Create the VirtualServer Resource:
 
-    ```console
+    ```shell
     kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/virtual-server.yaml
     ```
 
@@ -488,33 +488,39 @@ To access the application, curl the coffee and the tea services. We'll use the -
 
 1. Send a request to the application:
 
-   ```console
-    $ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT/
-    Server address: 10.12.0.18:80
-    Server name: webapp-7586895968-r26zn
-   ```
+  ```shell
+  curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT/
+  ```
+  ```shell
+  Server address: 10.12.0.18:80
+  Server name: webapp-7586895968-r26zn
+  ```
 
 2. Now, let's try to send a request with a suspicious URL:
 
-   ```console
-    $ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP "http://webapp.example.com:$IC_HTTP_PORT/<script>"
-    <html><head><title>Request Rejected</title></head><body>
-   ```
+  ```shell
+  curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP "http://webapp.example.com:$IC_HTTP_PORT/<script>"
+  ```
+  ```shell  
+  <html><head><title>Request Rejected</title></head><body>
+  ```
 
 3. Lastly, let's try to send some suspicious data that matches the user defined signature.
 
-    ```console
-    $ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP -X POST -d "apple" http://webapp.example.com:$IC_HTTP_PORT/
-    <html><head><title>Request Rejected</title></head><body>
-    ```
+  ```shell
+  curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP -X POST -d "apple" http://webapp.example.com:$IC_HTTP_PORT/
+  ```
+  ```shell
+  <html><head><title>Request Rejected</title></head><body>
+  ```
 
-    As you can see, the suspicious requests were blocked by NGINX App Protect WAF.
+  As you can see, the suspicious requests were blocked by NGINX App Protect WAF.
 
 4. To check the security logs in the syslog pod:
 
-    ```console
-    kubectl exec -it <SYSLOG_POD> -- cat /var/log/messages
-    ```
+  ```shell
+  kubectl exec -it <SYSLOG_POD> -- cat /var/log/messages
+  ```
 
 ### Configuration Example of Virtual Server
 
diff --git a/docs/content/installation/integrations/app-protect-waf/installation.md b/docs/content/installation/integrations/app-protect-waf/installation.md
index a15f7aa23b..aecff91f92 100644
--- a/docs/content/installation/integrations/app-protect-waf/installation.md
+++ b/docs/content/installation/integrations/app-protect-waf/installation.md
@@ -2,9 +2,9 @@
 docs: DOCS-579
 doctypes:
 - ''
-title: Building NGINX Ingress Controller with NGINX App Protect WAF
+title: Build NGINX Ingress Controller with NGINX App Protect WAF
 toc: true
-weight: 1800
+weight: 100
 ---
 
 This document explains how to build a F5 NGINX Ingress Controller image with F5 NGINX App Protect WAF from source code.
@@ -27,7 +27,7 @@ Get your system ready for building and pushing the NGINX Ingress Controller imag
 
 1. Clone the NGINX Ingress Controller repository:
 
-    ```console
+    ```shell
     git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v3.5.1
     cd kubernetes-ingress
     ```
@@ -81,7 +81,7 @@ Follow these steps to build the NGINX Controller Image with NGINX App Protect WA
 
 {{<see-also>}} For the complete list of _Makefile_ targets and customizable variables, see the [Building NGINX Ingress Controller]({{< relref "installation/building-nginx-ingress-controller.md#makefile-details" >}}) guide. {{</see-also>}}
 
-If you intend to use [external references](/nginx-app-protect-waf/configuration/#external-references) in NGINX App Protect WAF policies, you may want to provide a custom CA certificate to authenticate with the hosting server.
+If you intend to use [external references](/nginx-app-protect-waf/v4/configuration/#external-references) in NGINX App Protect WAF policies, you may want to provide a custom CA certificate to authenticate with the hosting server.
 
 To do so, place the `*.crt` file in the build folder and uncomment the lines following this comment:
 `#Uncomment the lines below if you want to install a custom CA certificate`
@@ -216,7 +216,7 @@ To enable the NGINX App Protect DoS Module:
 
 {{< include "installation/manifests/verify-pods-are-running.md" >}}
 
-For more information, see the [Configuration guide]({{< relref "installation/integrations/app-protect-waf/configuration.md" >}}) and the NGINX Ingress Controller with App Protect example resources on GitHub [for VirtualServer resources](https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.1/examples/custom-resources/app-protect-waf) and [for Ingress resources](https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.1/examples/ingress-resources/app-protect-waf" >}}).
+For more information, see the [Configuration guide]({{< relref "installation/integrations/app-protect-waf/configuration.md" >}}) and the NGINX Ingress Controller with App Protect example resources on GitHub [for VirtualServer resources](https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.1/examples/custom-resources/app-protect-waf) and [for Ingress resources](https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.1/examples/ingress-resources/app-protect-waf").
 
 ---
 
diff --git a/docs/content/troubleshooting/troubleshooting-app-protect-waf.md b/docs/content/installation/integrations/app-protect-waf/troubleshooting-app-protect-waf.md
similarity index 83%
rename from docs/content/troubleshooting/troubleshooting-app-protect-waf.md
rename to docs/content/installation/integrations/app-protect-waf/troubleshooting-app-protect-waf.md
index 8ff24a3bd6..dc9d238715 100644
--- a/docs/content/troubleshooting/troubleshooting-app-protect-waf.md
+++ b/docs/content/installation/integrations/app-protect-waf/troubleshooting-app-protect-waf.md
@@ -2,18 +2,18 @@
 docs: DOCS-1460
 doctypes:
 - ''
-title: Troubleshooting with NGINX App Protect WAF
+title: Troubleshooting NGINX App Protect WAF
 toc: true
-weight: 700
+weight: 300
 ---
 
 This document describes how to troubleshoot problems when using NGINX Ingress Controller and the NGINX App Protect WAF module.
 
 For general troubleshooting of NGINX Ingress Controller, check the general [troubleshooting]({{< relref "troubleshooting/troubleshoot-common" >}}) documentation.
 
-{{< see-also >}} You can find more troubleshooting tips in the NGINX App Protect WAF [troubleshooting guide](/nginx-app-protect/troubleshooting/) {{< /see-also >}}.
+{{< see-also >}} You can find more troubleshooting tips in the NGINX App Protect WAF [troubleshooting guide](/nginx-app-protect/v4/troubleshooting/) {{< /see-also >}}.
 
-## Potential Problems
+## Potential problems
 
 The table below categorizes some potential problems with the Ingress Controller when App Protect WAF module is enabled. It suggests how to troubleshoot those problems, using one or more methods from the next section.
 
@@ -33,15 +33,15 @@ App Protect logs are part of NGINX Ingress Controller logs when the module is en
 
 For App Protect specific logs, look for messages starting with `APP_PROTECT`, for example:
 
-```
+```shell
 2020/07/10 11:13:20 [notice] 17#17: APP_PROTECT { "event": "configuration_load_success", "software_version": "2.52.1", "completed_successfully":true,"attack_signatures_package":{"revision_datetime":"2020-06-18T10:11:32Z","version":"2020.06.18"}}
 ```
 
-### Check events of an Ingress Resource
+### Check Ingress resource events
 
-Follow the steps of [Checking the Events of an Ingress Resource]({{< relref "troubleshooting/troubleshoot-ingress" >}}).
+Read the topic [Troubleshooting Ingress resources]({{< relref "troubleshooting/troubleshoot-ingress" >}}).
 
-### Check events of APLogConf
+### Check APLogConf events
 
 After you create or update an APLogConf, you can immediately check if the NGINX configuration was successfully applied by NGINX:
 
@@ -58,7 +58,7 @@ Events:
 
 Note that in the events section, we have a `Normal` event with the `AddedOrUpdated` reason, which informs us that the configuration was successfully applied.
 
-### Check events of APPolicy
+### Check APPolicy events
 
 After you create or update an APPolicy, you can immediately check if the NGINX configuration was successfully applied by NGINX:
 
@@ -77,7 +77,7 @@ The events section has a *Normal* event with the *AddedOrUpdated reason*, indica
 
 ### Replace the Policy
 
-NOTE: This method only applies if using [external references](/nginx-app-protect/configuration/#external-references)
+NOTE: This method only applies if using [external references](/nginx-app-protect/v4/configuration/#external-references)
 If items on the external reference change but the spec of the APPolicy remains unchanged (even when re-applying the policy), Kubernetes will not detect the update.
 In this case you can force-replace the resource. This will remove the resource and add it again, triggering a reload. For example:
 
@@ -85,9 +85,9 @@ In this case you can force-replace the resource. This will remove the resource a
 kubectl replace appolicy -f your-policy-manifest.yaml --force
 ```
 
-### Check the Availability of APPolicy External References
+### Check the availability of APPolicy external references
 
-NOTE: This method only applies if you're using [external references](/nginx-app-protect/configuration/#external-references) in NGINX App Protect policies.
+NOTE: This method only applies if you're using [external references](/nginx-app-protect/v4/configuration/#external-references) in NGINX App Protect policies.
 
 To check what servers host the external references of a policy:
 
@@ -102,21 +102,21 @@ You can check the total time a http request takes, in multiple ways eg. using cu
 curl -w '%{time_total}' http://192.168.100.100/resources/headersettings.txt
 ```
 
-## Run App Protect in Debug Mode
+## Run App Protect in debug mode
 
-When you set NGINX Ingress Controller to use debug mode, the setting also applies to the App Protect WAF module.  See  [Running NGINX in the Debug Mode]({{< relref "troubleshooting/troubleshoot-common.md#running-nginx-in-the-debug-mode" >}}) for instructions.
+When you set NGINX Ingress Controller to use debug mode, the setting also applies to the App Protect WAF module.  See  [Running NGINX in the Debug Mode]({{< relref "troubleshooting/troubleshoot-common.md#enable-debugging-for-nginx-ingress-controller" >}}) for instructions.
 
-## Known Issues
+## Known issues
 
 When using NGINX Ingress Controller with the App Protect WAF module, the following issues have been reported. The occurrence of these issues is commonly related to a higher number of Ingress Resources with App Protect being enabled in a cluster.
 
-When you make a change that requires NGINX to apply a new configuration, the Ingress Controller reloads NGINX automatically. Without the App Protect WAF module enabled, usual reload times are around 150ms. If App Protect WAF module is enabled and is being used by any number of Ingress Resources, these reloads might take a few seconds instead.
+When you make a change that requires NGINX to apply a new configuration, NGINX Ingress Controller reloads NGINX automatically. Without the App Protect WAF module enabled, usual reload times are around 150ms. If App Protect WAF module is enabled and is being used by any number of Ingress Resources, these reloads might take a few seconds instead.
 
 ### NGINX Configuration Skew
 
-If you are running more than one instance of the Ingress Controller, the extended reload time may cause the NGINX configuration of your instances to be out of sync. This can occur because there is no order imposed on how the Ingress Controller processes the Kubernetes Resources. The configurations will be the same after all instances have completed the reload.
+If you are running more than one instance of NGINX Ingress Controller, the extended reload time may cause the NGINX configuration of your instances to be out of sync. This can occur because there is no order imposed on how NGINX Ingress Controller processes the Kubernetes Resources. The configurations will be the same after all instances have completed the reload.
 
-In order to reduce these inconsistencies, we advise that you do not apply changes to multiple resources handled by the Ingress Controller at the same time.
+In order to reduce these inconsistencies, we advise that you do not apply changes to multiple resources handled by NGINX Ingress Controller at the same time.
 
 ### NGINX Fails to Start or Reload
 
diff --git a/docs/content/logging-and-monitoring/logging.md b/docs/content/logging-and-monitoring/logging.md
index 75ed4ea89d..fba0c1e12c 100644
--- a/docs/content/logging-and-monitoring/logging.md
+++ b/docs/content/logging-and-monitoring/logging.md
@@ -11,7 +11,7 @@ This document gives an overview of logging provided by NGINX Ingress Controller.
 
 NGINX Ingress Controller exposes the logs of the Ingress Controller process (the process that generates NGINX configuration and reloads NGINX to apply it) and NGINX access and error logs. All logs are sent to the standard output and error of the Ingress Controller process. To view the logs, you can execute the `kubectl logs` command for an Ingress Controller pod. For example:
 
-```
+```shell
 kubectl logs <nginx-ingress-pod> -n nginx-ingress
 ```
 
diff --git a/docs/content/overview/design.md b/docs/content/overview/design.md
index 93958119a6..dafb7dc8c4 100644
--- a/docs/content/overview/design.md
+++ b/docs/content/overview/design.md
@@ -277,7 +277,7 @@ NGINX reloads take roughly 200ms. The factors affecting reload time are configur
 
 Most of the time, if `nginx -s reload` executes, the reload will also succeed. In the rare case a reload fails, the NGINX master process will print the an error message. This is an example:
 
-```
+```shell
 2022/07/09 00:56:42 [emerg] 1353#1353: limit_req "one" uses the "$remote_addr" key while previously it used the "$binary_remote_addr" key
 ```
 
diff --git a/docs/content/overview/product-telemetry.md b/docs/content/overview/product-telemetry.md
index c93e283a15..c461b127f9 100644
--- a/docs/content/overview/product-telemetry.md
+++ b/docs/content/overview/product-telemetry.md
@@ -49,6 +49,7 @@ These are the data points collected and reported by NGINX Ingress Controller:
 - **GlobalConfiguration** Represents the use of a GlobalConfiguration resource.
 - **AppProtectVersion** The AppProtect version
 - **IsPlus** Represents whether NGINX is Plus or OSS
+- **InstallationFlags** List of command line arguments configured for NGINX Ingress Controller
 
 ## Opt out
 
diff --git a/docs/content/troubleshooting/troubleshoot-common.md b/docs/content/troubleshooting/troubleshoot-common.md
index 8c47c47514..a85547871c 100644
--- a/docs/content/troubleshooting/troubleshoot-common.md
+++ b/docs/content/troubleshooting/troubleshoot-common.md
@@ -5,36 +5,38 @@ doctypes:
 draft: false
 tags:
 - docs
-title: Troubleshooting Common Issues
+title: Troubleshooting common issues
 toc: true
 weight: 100
 ---
 
-This page describes how to troubleshoot common problems with NGINX Ingress Controller.
+This page describes how to troubleshoot common issues with NGINX Ingress Controller. Instruction for specific resources is available in the [Troubleshooting]({{< relref "troubleshooting/" >}}) section.
 
-## Common Problems
-
-The table below shows common problems with NGINX Ingress Controller you may encounter and how to address them. The following section explains how to gather additional information, and there is instruction available on fixing specific issues within the troubleshooting section of documentation.
+## Common issues
 
 {{% table %}}
 | Problem Area | Symptom | Troubleshooting Method | Common Cause |
 |-----|-----|-----|-----|
 | Startup | NGINX Ingress Controller fails to start. | Check the logs. | Misconfigured RBAC, a missing default server TLS Secret.|
-| Ingress Resource and Annotations | The configuration is not applied | Check the events of the Ingress resource, check the logs, check the generated config. | Invalid values of annotations. |
-| VirtualServer and VirtualServerRoute Resources | The configuration is not applied. | Check the events of the VirtualServer and VirtualServerRoutes, check the logs, check the generated config. | VirtualServer or VirtualServerRoute is invalid. |
-| Policy Resource | The configuration is not applied. | Check the events of the Policy resource as well as the events of the VirtualServers that reference that policy, check the logs, check the generated config. | Policy is invalid. |
-| ConfigMap Keys | The configuration is not applied. | Check the events of the ConfigMap, check the logs, check the generated config.  | Invalid values of ConfigMap keys. |
+| Ingress resource and annotations | The configuration is not applied | Check the events of the Ingress resource, check the logs, check the generated config. | Invalid values of annotations. |
+| VirtualServer and VirtualServerRoute resources | The configuration is not applied. | Check the events of the VirtualServer and VirtualServerRoutes, check the logs, check the generated config. | VirtualServer or VirtualServerRoute is invalid. |
+| Policy resource | The configuration is not applied. | Check the events of the Policy resource as well as the events of the VirtualServers that reference that policy, check the logs, check the generated config. | Policy is invalid. |
+| ConfigMap keys | The configuration is not applied. | Check the events of the ConfigMap, check the logs, check the generated config.  | Invalid values of ConfigMap keys. |
 | NGINX | NGINX responds with unexpected responses. | Check the logs, check the generated config, check the live activity dashboard (NGINX Plus only), run NGINX in the debug mode. | Unhealthy backend pods, a misconfigured backend service. |
 {{% /table %}}
 
+---
+
 ## Troubleshooting Methods
 
-The commands in the next sections make the following assumptions:
+This section explains how to gather additional information for troubleshooting.
+
+The commands examples make the following assumptions:
 
 - That NGINX Ingress Controller is deployed in the namespace `nginx-ingress`.
 - `<nginx-ingress-pod>` is the name of one of the NGINX Ingress Controller pods.
 
-### Checking NGINX Ingress Controller Logs
+### Check NGINX Ingress Controller logs
 
 To check NGINX Ingress Controller logs, which include both information from NGINX Ingress Controller and NGINX's access and error logs, run the following command:
 
@@ -42,7 +44,7 @@ To check NGINX Ingress Controller logs, which include both information from NGIN
 kubectl logs <nginx-ingress-pod> -n nginx-ingress
 ```
 
-### Checking the Generated Config
+### Check the generated configuration files
 
 For each Ingress/VirtualServer resource, NGINX Ingress Controller generates a corresponding NGINX configuration file in the `/etc/nginx/conf.d folder`.
 
@@ -64,26 +66,26 @@ kubectl exec <nginx-ingress-pod> -n nginx-ingress -- nginx -T
 
 However, this command will fail if any of the configuration files is not valid.
 
-### Checking the Live Activity Monitoring Dashboard
+### Check the Live Activity Monitoring Dashboard
 
-The live activity monitoring dashboard shows the real-time information about NGINX Plus and the applications it is load balancing, which is helpful for troubleshooting. To access the dashboard, follow the steps from [here](/nginx-ingress-controller/logging-and-monitoring/status-page).
+The live activity monitoring dashboard shows the real-time information about NGINX Plus and the applications it is load balancing, which is helpful for troubleshooting. To access the dashboard, read the [Status Page]({{< relref "logging-and-monitoring/status-page.md" >}}) topic.
 
-### Enabling debugging for NGINX Ingress Controller
+### Enable debugging for NGINX Ingress Controller
 
 For additional NGINX Ingress Controller debugging, you can enable debug settings to get more verbose logging.
 
 Increasing the debug log levels for NGINX Ingress Controller will also apply to NGINX itself.
 
-There are two settings that need to be set to enable more verbose logging for NGINX Ingress Controller:
+There are two places to configure more verbose logging for NGINX Ingress Controller:
 
-1. Command Line Arguments
-2. Configmap Settings
+1. Command line arguments
+2. Configmap settings
 
-**Command Line Arguments**
+**Command line arguments**
 
 When using `manifest` for deployment, use the command line argument `-nginx-debug` in your deployment or daemonset.
 
-If you want to increase the verbosity of the NGINX Ingress Controller process, you can also add the `-v` parameter.
+You can add the `-v` parameter to increase the verbosity of the NGINX Ingress Controller process.
 
 Here is a small snippet of setting these command line arguments in the `args` section of a deployment:
 
@@ -95,8 +97,8 @@ args:
   - -v=3
 ```
 
-**ConfigMap Settings**
-You can configure `error-log-level` in the NGINX Ingress Controller `configMap`:
+**ConfigMap settings**  
+You can configure `error-log-level` in NGINX Ingress Controller `configMap`:
 
 ```yaml
 kind: ConfigMap
@@ -112,7 +114,7 @@ data:
 
 If you are using `helm`, you can adjust these two settings:
 
-```
+```none
 controller.nginxDebug = true or false
 controller.loglevel = 1 to 3 value
 ```
@@ -127,7 +129,7 @@ For example, if using a `values.yaml` file:
   logLevel: 3
 ```
 
-This is a more complete `values.yaml` file when using `helm`:
+This is a more complete example `values.yaml` file:
 
 ```yaml
 controller:
@@ -157,9 +159,9 @@ controller:
   ingressClass: nginx
 ```
 
-By enabling the `nginx-debug` CLI argument and changing the `error-log-level` to `debug`, you can capture more output to use for debugging.
+Enable the `nginx-debug` CLI argument and change the `error-log-level` to `debug` to capture more output for debugging.
 
-**NOTE**: It is recommended to only enable `nginx-debug` CLI and the `error-log-level` for debugging purposes.
+{{< note >}} It is recommended to only enable `nginx-debug` CLI and the `error-log-level` when debugging. {{< /note >}}
 
 #### Example debug NGINX Ingress Controller Output
 
diff --git a/docs/content/troubleshooting/troubleshoot-configmap-policy.md b/docs/content/troubleshooting/troubleshoot-configmap-policy.md
index 1b9ba4894e..8c5227b26f 100644
--- a/docs/content/troubleshooting/troubleshoot-configmap-policy.md
+++ b/docs/content/troubleshooting/troubleshoot-configmap-policy.md
@@ -2,7 +2,7 @@
 docs: DOCS-1457
 doctypes:
 - ''
-title: Troubleshooting Policy Resources
+title: Troubleshooting Policy resources
 toc: true
 weight: 200
 ---
@@ -15,7 +15,8 @@ After you create or update a Policy resource, you can use `kubectl describe` to
 
 ```shell
 kubectl describe pol webapp-policy
-
+```
+```shell
 Events:
   Type    Reason          Age   From                      Message
   ----    ------          ----  ----                      -------
@@ -26,7 +27,7 @@ The events section has a *Normal* event with the *AddedOrUpdated reason*, indica
 
 However, the fact that a policy was accepted doesn’t guarantee that the NGINX configuration was successfully applied.
 
-To verify the configuration applied, check the events of the [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/troubleshooting/troubleshoot-virtualserver) that reference the policy.
+To verify the configuration applied, check the events of the [VirtualServer and VirtualServerRoute resources]({{< relref "troubleshooting/troubleshoot-virtualserver.md" >}}) that reference the policy.
 
 ## ConfigMap Resources
 
diff --git a/docs/content/troubleshooting/troubleshoot-ingress.md b/docs/content/troubleshooting/troubleshoot-ingress.md
index 725dd3f030..e970b25484 100644
--- a/docs/content/troubleshooting/troubleshoot-ingress.md
+++ b/docs/content/troubleshooting/troubleshoot-ingress.md
@@ -2,19 +2,21 @@
 docs: DOCS-1458
 doctypes:
 - ''
-title: Troubleshooting Ingress Resources
+title: Troubleshooting Ingress resources
 toc: true
 weight: 300
 ---
 
 This page describes how to troubleshoot NGINX Ingress Controller Policy Resources.
 
-## Ingress Resources
+## Ingress resources
 
 After you create or update an Ingress resource, you can immediately check if the NGINX configuration for that Ingress resource was successfully applied by NGINX:
 
 ```shell
 kubectl describe ing cafe-ingress
+```
+```shell
 Name:             cafe-ingress
 Namespace:        default
 
diff --git a/docs/content/troubleshooting/troubleshoot-virtualserver.md b/docs/content/troubleshooting/troubleshoot-virtualserver.md
index a297601bf2..8d6b74e834 100644
--- a/docs/content/troubleshooting/troubleshoot-virtualserver.md
+++ b/docs/content/troubleshooting/troubleshoot-virtualserver.md
@@ -2,20 +2,21 @@
 docs: DOCS-1461
 doctypes:
 - ''
-title: Troubleshooting VirtualServer Resources
+title: Troubleshooting VirtualServer resources
 toc: true
 weight: 500
 ---
 
-This page describes how to troubleshoot VirtualServer and VirtualServer Resource Events.
+This page describes how to troubleshoot VirtualServer and VirtualServer resource events.
 
-## Inspecting VirtualServer and VirtualServerRoute Resource Events
+## Inspecting VirtualServer and VirtualServerRoute resource events
 
 After creating or updating a VirtualServer resource, you can immediately check if the NGINX configuration for that resource was successfully by using `kubectl describe vs <resource-name>`:
 
 ```shell
 kubectl describe vs cafe
-
+```
+```shell
 Events:
   Type    Reason          Age   From                      Message
   ----    ------          ----  ----                      -------
@@ -28,7 +29,8 @@ Checking the events of a VirtualServerRoute is similar:
 
 ```shell
 kubectl describe vsr coffee
-
+```
+```shell
 Events:
   Type     Reason                 Age   From                      Message
   ----     ------                 ----  ----                      -------
diff --git a/docs/content/tutorials/custom-listen-ports.md b/docs/content/tutorials/custom-listen-ports.md
index 3e60733683..6f5d22d032 100644
--- a/docs/content/tutorials/custom-listen-ports.md
+++ b/docs/content/tutorials/custom-listen-ports.md
@@ -141,7 +141,7 @@ If you view the `NGINX` configuration .conf file using `nginx -T`, you should se
 
 Here is an example output of the `NGINX` configuration that has been generated:
 
-```console
+```shell
 kubectl exec -it -n nginx-ingress nginx-ingress-54bffd78d9-v7bns -- nginx -T
 ```
 
diff --git a/docs/content/tutorials/nginx-ingress-istio.md b/docs/content/tutorials/nginx-ingress-istio.md
index 15fd0bd319..63ab47ff51 100644
--- a/docs/content/tutorials/nginx-ingress-istio.md
+++ b/docs/content/tutorials/nginx-ingress-istio.md
@@ -30,26 +30,25 @@ It is crucial to make sure you install Istio **BEFORE** installing NGINX Ingress
 
 You can install Istio by your preferred method (helm, operator, etc.). In this case, I ran the following command to install Istio into my cluster:
 
-```console
+```shell
 istioctl install --set profile=minimal
 ```
 
 We need to ensure that Istio injects sidecar proxies into our namespace for testing. To do so, we need to tell Istio what namespaces to inject sidecars into. We can do that with the following command:
 
-```console
-
+```shell
 kubectl label ns <namespace_specified> istio-injection=enabled
 ```
 
 Before proceeding, and before installing NGINX Ingress Controller you need to tell Istio that it will be injecting sidecars with the NGINX Ingress controller pods as they are deployed.
 
-```console
+```shell
 kubectl label namespace nginx-ingress istio-injection=enabled
 ```
 
 Using `kubectl`, we can see that the namespace for our demo (nginx-ingress) now has `istio-injection=enabled` specified:
 
-```console
+```shell
 kubectl get namespaces -A --show-labels
 
 
@@ -116,7 +115,7 @@ spec:
 
 We can now see that after configuring Istio, an Istio sidecar proxy has been installed into the same pod as NGINX Ingress Controller. Now, there are two containers in the same pod for NGINX Ingress Controller: the NGINX Ingress controller container and the Istio sidecar proxy container.
 
-```console
+```shell
 kubectl get pods -A
 
 NAMESPACE       NAME                                      READY   STATUS    RESTARTS   AGE
@@ -190,7 +189,7 @@ NGINX Ingress `upstreams` will be populated with the `Service/cluster IP`. In th
 
 Now we can test our NGINX Ingress with Istio setup with a simple curl request to our application.
 
-```console
+```shell
 curl -kI https://cafe.example.com/coffee
 
 HTTP/1.1 200 OK
diff --git a/docs/content/tutorials/nginx-ingress-osm.md b/docs/content/tutorials/nginx-ingress-osm.md
index 778f99e999..5b5b2513ba 100644
--- a/docs/content/tutorials/nginx-ingress-osm.md
+++ b/docs/content/tutorials/nginx-ingress-osm.md
@@ -26,7 +26,7 @@ There are two ways to integrate NGINX Ingress Controller with Open Service Mesh
 
 Install OSM in the cluster
 
-```console
+```shell
 osm install --mesh-name osm-nginx --osm-namespace osm-system
 ```
 
@@ -37,13 +37,13 @@ osm install --mesh-name osm-nginx --osm-namespace osm-system
 Next thing we need to do is install OSM into the `NGINX Ingress controller` namespace so that the `envoy` sidecar will be injected into NGINX Ingress controller.
 First, create the `nginx-ingress` namespace:
 
-```console
+```shell
 kubectl create ns nginx-ingress
 ```
 
 Then "mark" the `nginx-ingress` namespace for OSM to deploy a sidecar.
 
-```console
+```shell
 osm namespace add nginx-ingress --mesh-name osm-nginx
 ```
 
@@ -73,7 +73,7 @@ pod:
 
 You can also use the `set` command available with `helm` to set these at install time.
 
-```console
+```shell
 helm install nic01 nginx-stable/nginx-ingress -n nginx-ingress --create-namespace --set controller.pod.annotations.'openservicemesh\.io/inbound\-port\-exclusion\-list=\{ "80"\, "443"\ }'
 ```
 
@@ -118,7 +118,7 @@ To test the integration, we will use the `httpbin` sample application from the [
 
 The following three commands will create the namespace for the application, add the namespace to OSM for monitoring, then install the application.
 
-```console
+```shell
 kubectl create ns httpbin
 osm namespace add httpbin --mesh-name osm-nginx
 kubectl apply -f https://raw.githubusercontent.com/openservicemesh/osm-docs/release-v1.2/manifests/samples/httpbin/httpbin.yaml -n httpbin
@@ -126,7 +126,7 @@ kubectl apply -f https://raw.githubusercontent.com/openservicemesh/osm-docs/rele
 
 ### Verify that the envoy sidecar has been *injected* into NGINX Ingress Controller
 
-```console
+```shell
 kubectl get pods -n nginx-ingress
 NAME                             READY   STATUS    RESTARTS       AGE
 nginx-ingress-7b9557ddc6-zw7l5   2/2     Running   1 (5m8s ago)   5m19s
@@ -164,7 +164,7 @@ spec:
 
 Test your configuration:
 
-```console
+```shell
  curl  http://httpbin.example.com/get -v
 *   Trying 172.19.0.2:80...
 * TCP_NODELAY set
@@ -209,14 +209,14 @@ Test your configuration:
 Install OSM into the cluster.
 By running the following command, you will install OSM into the cluster with the mesh name `osm-nginx` using the `osm-system` namespace.
 
-```console
+```shell
 osm install --mesh-name osm-nginx --osm-namespace osm-system
 ```
 
 Once OSM has been installed, this next command will mark NGINX Ingress Controller as part of the OSM mesh, while also disabling sidecar injection.
 *NOTE*: The nginx-ingress name can be created as part of the NGINX Ingress install process, or manually. If you are creating it manually, the namespace must created before you "add" the namespace to Open Service Mesh.
 
-```console
+```shell
 osm namespace add nginx-ingress --mesh-name osm-nginx --disable-sidecar-injection
 ```
 
@@ -235,7 +235,7 @@ To test the integration, we will use the `httpbin` sample application from the [
 
 The following three commands will create the namespace for the application, add the namespace to OSM for monitoring, then install the application.
 
-```console
+```shell
 kubectl create ns httpbin
 osm namespace add httpbin --mesh-name osm-nginx
 kubectl apply -f https://raw.githubusercontent.com/openservicemesh/osm-docs/release-v1.2/manifests/samples/httpbin/httpbin.yaml -n httpbin
@@ -247,7 +247,7 @@ To enable mTLS for NGINX Ingress Controller and OSM, you need to configure the `
 
 To begin, edit the `osm-mesh-config` resource:
 
-```console
+```shell
 kubectl edit meshconfig osm-mesh-config -n osm-system
 ```
 
@@ -268,14 +268,14 @@ spec:
 This will generate a new client certificate (osm-nginx-client-cert) that NGINX Ingress controller will use for mTLS.
 The *SAN*, `subjectAltNames`, is the following form:
 
-```console
+```shell
 <service_account>.<namespace>.cluster.local
 ```
 
 With the above OSM mesh config changed, that secret will be created in the `osm-system` namespace.
 There will also be the `osm-ca-bundle` secret as well, which is autogenerated by OSM.
 
-```console
+```shell
 kubectl get secrets -n osm-system
 NAME                              TYPE                 DATA   AGE
 osm-ca-bundle                     Opaque               2      37m
@@ -284,7 +284,7 @@ osm-nginx-client-cert             kubernetes.io/tls    3      17m
 
 Now, we need to "export" out these certificates in order to use them with NGINX Ingress Controller.
 
-```console
+```shell
 kubectl get secret osm-ca-bundle -n osm-system -o yaml > osm-ca-bundle-secret.yaml
 kubectl get secret osm-nginx-client-cert -n osm-system -o yaml > osm-nginx-client-cert.yaml
 ```
@@ -329,15 +329,14 @@ data:
 
 Then apply these two secrets to the cluster.
 
-```console
+```shell
 kubectl apply -f osm-ca-bundle-secret.yaml
 kubectl apply -f osm-nginx-client-cert.yaml
-
 ```
 
 Ensure the secrets exist in the `nginx-ingress` namespace:
 
-```console
+```shell
 kubectl get secrets -n nginx-ingress
 NAME                    TYPE                DATA   AGE
 osm-nginx-client-cert   kubernetes.io/tls   2      23m
@@ -412,7 +411,7 @@ spec:
 
 Once these are applied, verify they are valid (virtualServer) and committed (ingressBackend):
 
-```console
+```shell
 kubectl get vs,ingressbackend -A
 NAMESPACE   NAME                                  STATE   HOST                  IP    PORTS   AGE
 httpbin     virtualserver.k8s.nginx.org/httpbin   Valid   httpbin.example.com                 26m
@@ -423,7 +422,7 @@ httpbin     ingressbackend.policy.openservicemesh.io/httpbin   committed
 
 You can now send traffic through NGINX Ingress Controller with open service mesh.
 
-```console
+```shell
 curl http://httpbin.example.com/get -v
 *   Trying 172.18.0.2:80...
 * TCP_NODELAY set
diff --git a/docs/content/tutorials/oidc-custom-configuration.md b/docs/content/tutorials/oidc-custom-configuration.md
index 57698b369e..f88b22f892 100644
--- a/docs/content/tutorials/oidc-custom-configuration.md
+++ b/docs/content/tutorials/oidc-custom-configuration.md
@@ -26,13 +26,13 @@ This setup will allow the custom configuration in your ConfigMap to override the
 Run the below command to generate a ConfigMap with the contents of the `oidc.conf` file.
 **NOTE** The ConfigMap must be deployed in the same `namespace` as the F5 NGINX Ingress Controller.
 
-```console
+```shell
 kubectl create configmap oidc-config-map --from-literal=oidc.conf="$(curl -k https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/internal/configs/oidc/oidc.conf)"
 ```
 
 Use the `kubectl describe` command to confirm the contents of the ConfigMap are correct.
 
-```console
+```shell
 kubectl describe configmap oidc-config-map
 ```
 
@@ -65,7 +65,7 @@ Once the contents of the `oidc.conf` file has been added to the ConfigMap, you a
 This example demonstrates adding a comment to the top of the file. The comment will be shown at the top of the `oidc.conf` file.
 This comment will be `# >> Custom Comment for my OIDC file <<`
 
-```console
+```shell
 kubectl edit configmap oidc-config-map
 ```
 
@@ -144,7 +144,7 @@ Once the `Volume` and `VolumeMount` has been added the manifest file, apply the
 
 Confirm the `oidc.conf` file has been updated:
 
-```console
+```shell
 kubectl exec -it -n <ic-namespace> <ingess-controller-pod> -- cat /etc/nginx/oidc/oidc.conf
 ```
 
@@ -159,13 +159,13 @@ The `VolumeMount`must be added the `spec.template.spec.containers` section.
 
 For Deployments:
 
-```console
+```shell
 kubectl edit deployments <name-of-deployment> -n <ic-namespace>
 ```
 
 For Daemonsets:
 
-```console
+```shell
 kubectl edit daemonset <name-of-daemonset> -n <ic-namespace>
 ```
 
@@ -202,6 +202,6 @@ Once the Deployment/Daemonset has been edited, save the file and exit.
 
 Confirm the `oidc.conf` file has been updated:
 
-```console
+```shell
 kubectl exec -it -n <ic-namespace> <ingess-controller-pod> -- cat /etc/nginx/oidc/oidc.conf
 ```
diff --git a/docs/content/usage-reporting.md b/docs/content/usage-reporting.md
index e398fcd4b6..08e8237ab7 100644
--- a/docs/content/usage-reporting.md
+++ b/docs/content/usage-reporting.md
@@ -47,7 +47,7 @@ Usage Reporting needs a user account to send usage data to NGINX Instance Manage
 
 1. Create the Kubernetes namespace `nginx-cluster-connector` for Usage Reporting:
 
-    ```console
+    ```shell
     kubectl create namespace nginx-cluster-connector
     ```
 
@@ -57,7 +57,7 @@ To make the credential available to Usage Reporting, we need to create a Kuberne
 
 2. The username and password created in the previous section are required to connect the NGINX Management Suite API. Both the username and password are stored in the Kubernetes Secret and need to be converted to base64. In this example the username will be `foo` and the password will be `bar`. To obtain the base64 representation of a string, use the following command:
 
-    ```console
+    ```shell
     echo -n 'foo' | base64
     # Zm9v
     echo -n 'bar' | base64
@@ -84,7 +84,7 @@ To make the credential available to Usage Reporting, we need to create a Kuberne
 
 4. Deploy the Kubernetes secret created in step 5 to the Kubernetes cluster:
 
-    ```console
+    ```shell
     kubectl apply -f nms-basic-auth.yaml
     ```
 
@@ -104,7 +104,7 @@ For more information, read the [Command-line Arguments](#command-line-arguments)
 
 6. To deploy Usage Reporting, run the following command to deploy it to your Kubernetes cluster:
 
-   ```console
+   ```shell
    kubectl apply -f cluster-connector.yaml
    ```
 
@@ -201,7 +201,7 @@ curl --user "foo:bar" https://nms.example.com/api/platform/v1/k8s-usage/d290f1ee
 
 To remove Usage Reporting from your Kubernetes cluster, run the following command:
 
-```console
+```shell
 kubectl delete -f cluster-connector.yaml
 ```
 
diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go
index e3761ea3fa..a4a5f4d499 100644
--- a/internal/k8s/controller.go
+++ b/internal/k8s/controller.go
@@ -218,6 +218,7 @@ type NewLoadBalancerControllerInput struct {
 	TelemetryReportingEndpoint   string
 	NICVersion                   string
 	DynamicWeightChangesReload   bool
+	InstallationFlags            []string
 }
 
 // NewLoadBalancerController creates a controller
@@ -366,6 +367,7 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc
 			K8sClientReader:     input.KubeClient,
 			Version:             input.NICVersion,
 			AppProtectVersion:   input.AppProtectVersion,
+			InstallationFlags:   input.InstallationFlags,
 			GlobalConfiguration: lbc.watchGlobalConfiguration,
 			Configurator:        lbc.configurator,
 			SecretStore:         lbc.secretStore,
diff --git a/internal/telemetry/cluster.go b/internal/telemetry/cluster.go
index 4e3af5167f..191694a509 100644
--- a/internal/telemetry/cluster.go
+++ b/internal/telemetry/cluster.go
@@ -202,6 +202,11 @@ func (c *Collector) IsPlusEnabled() bool {
 	return c.Config.IsPlus
 }
 
+// InstallationFlags returns the list of all set flags
+func (c *Collector) InstallationFlags() []string {
+	return c.Config.InstallationFlags
+}
+
 // lookupPlatform takes a string representing a K8s PlatformID
 // retrieved from a cluster node and returns a string
 // representing the platform name.
diff --git a/internal/telemetry/cluster_test.go b/internal/telemetry/cluster_test.go
index 5ba851741a..fb88ba7004 100644
--- a/internal/telemetry/cluster_test.go
+++ b/internal/telemetry/cluster_test.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"testing"
 
+	"github.com/google/go-cmp/cmp"
+
 	"github.com/nginxinc/kubernetes-ingress/internal/telemetry"
 	appsV1 "k8s.io/api/apps/v1"
 	apiCoreV1 "k8s.io/api/core/v1"
@@ -436,6 +438,27 @@ func TestInstallationIDFailsOnMissingDaemonSet(t *testing.T) {
 	}
 }
 
+func TestGetInstallationFlags(t *testing.T) {
+	t.Parallel()
+
+	c, err := telemetry.NewCollector(
+		telemetry.CollectorConfig{
+			InstallationFlags: []string{
+				"-nginx-plus=true",
+			},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	got := c.InstallationFlags()
+	want := []string{"-nginx-plus=true"}
+	if !cmp.Equal(want, got) {
+		t.Error(cmp.Diff(want, got))
+	}
+}
+
 // newTestCollectorForClusterWithNodes returns a telemetry collector configured
 // to simulate collecting data on a cluser with provided nodes.
 func newTestCollectorForClusterWithNodes(t *testing.T, nodes ...runtime.Object) *telemetry.Collector {
diff --git a/internal/telemetry/collector.go b/internal/telemetry/collector.go
index 7621d54bba..5fa5249e46 100644
--- a/internal/telemetry/collector.go
+++ b/internal/telemetry/collector.go
@@ -77,6 +77,9 @@ type CollectorConfig struct {
 
 	// IsPlus represents whether NGINX is Plus or OSS
 	IsPlus bool
+
+	// InstallationFlags represents the list of set flags managed by NIC
+	InstallationFlags []string
 }
 
 // NewCollector takes 0 or more options and creates a new TraceReporter.
@@ -141,6 +144,7 @@ func (c *Collector) Collect(ctx context.Context) {
 			IngressAnnotations:    report.IngressAnnotations,
 			AppProtectVersion:     report.AppProtectVersion,
 			IsPlus:                report.IsPlus,
+			InstallationFlags:     report.InstallationFlags,
 		},
 	}
 
@@ -183,6 +187,7 @@ type Report struct {
 	IngressAnnotations  []string
 	AppProtectVersion   string
 	IsPlus              bool
+	InstallationFlags   []string
 }
 
 // BuildReport takes context, collects telemetry data and builds the report.
@@ -255,6 +260,8 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) {
 
 	isPlus := c.IsPlusEnabled()
 
+	installationFlags := c.InstallationFlags()
+
 	return Report{
 		Name:                "NIC",
 		Version:             c.Config.Version,
@@ -284,5 +291,6 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) {
 		IngressAnnotations:  ingressAnnotations,
 		AppProtectVersion:   appProtectVersion,
 		IsPlus:              isPlus,
+		InstallationFlags:   installationFlags,
 	}, err
 }
diff --git a/internal/telemetry/collector_test.go b/internal/telemetry/collector_test.go
index 308fba89ab..69aea3c5ee 100644
--- a/internal/telemetry/collector_test.go
+++ b/internal/telemetry/collector_test.go
@@ -876,6 +876,103 @@ func TestCollectInvalidAppProtectVersion(t *testing.T) {
 	}
 }
 
+func TestCollectInstallationFlags(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		name      string
+		setFlags  []string
+		wantFlags []string
+	}{
+		{
+			name: "first flag",
+			setFlags: []string{
+				"nginx-plus=true",
+			},
+			wantFlags: []string{
+				"nginx-plus=true",
+			},
+		},
+		{
+			name: "second flag",
+			setFlags: []string{
+				"-v=3",
+			},
+			wantFlags: []string{
+				"-v=3",
+			},
+		},
+		{
+			name: "multiple flags",
+			setFlags: []string{
+				"nginx-plus=true",
+				"-v=3",
+			},
+			wantFlags: []string{
+				"nginx-plus=true",
+				"-v=3",
+			},
+		},
+		{
+			name:      "no flags",
+			setFlags:  []string{},
+			wantFlags: []string{},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			buf := &bytes.Buffer{}
+			exp := &telemetry.StdoutExporter{Endpoint: buf}
+
+			configurator := newConfigurator(t)
+
+			cfg := telemetry.CollectorConfig{
+				Configurator:      configurator,
+				K8sClientReader:   newTestClientset(node1, kubeNS),
+				Version:           telemetryNICData.ProjectVersion,
+				InstallationFlags: tc.setFlags,
+			}
+
+			c, err := telemetry.NewCollector(cfg, telemetry.WithExporter(exp))
+			if err != nil {
+				t.Fatal(err)
+			}
+			c.Collect(context.Background())
+
+			telData := tel.Data{
+				ProjectName:         telemetryNICData.ProjectName,
+				ProjectVersion:      telemetryNICData.ProjectVersion,
+				ProjectArchitecture: telemetryNICData.ProjectArchitecture,
+				ClusterNodeCount:    1,
+				ClusterID:           telemetryNICData.ClusterID,
+				ClusterVersion:      telemetryNICData.ClusterVersion,
+				ClusterPlatform:     "other",
+			}
+
+			nicResourceCounts := telemetry.NICResourceCounts{
+				VirtualServers:      0,
+				VirtualServerRoutes: 0,
+				TransportServers:    0,
+				Ingresses:           0,
+				InstallationFlags:   tc.wantFlags,
+			}
+
+			td := telemetry.Data{
+				Data:              telData,
+				NICResourceCounts: nicResourceCounts,
+			}
+
+			want := fmt.Sprintf("%+v", &td)
+
+			got := buf.String()
+			if !cmp.Equal(want, got) {
+				t.Error(cmp.Diff(got, want))
+			}
+		})
+	}
+}
+
 func TestCountVirtualServers(t *testing.T) {
 	t.Parallel()
 
diff --git a/internal/telemetry/data.avdl b/internal/telemetry/data.avdl
index 23c17f4fa1..36c46b4484 100644
--- a/internal/telemetry/data.avdl
+++ b/internal/telemetry/data.avdl
@@ -93,5 +93,8 @@ It is the UID of the `kube-system` Namespace. */
 		/** IsPlus represents whether NGINX is Plus or OSS */
 		boolean? IsPlus = null;
 
+		/** InstallationFlags is the list of command line arguments configured for NGINX Ingress Controller */
+		union {null, array<string>} InstallationFlags = null;
+
 	}
 }
diff --git a/internal/telemetry/exporter.go b/internal/telemetry/exporter.go
index ce2dc11e3e..ccdf703664 100644
--- a/internal/telemetry/exporter.go
+++ b/internal/telemetry/exporter.go
@@ -105,4 +105,6 @@ type NICResourceCounts struct {
 	AppProtectVersion string
 	// IsPlus represents whether NGINX is Plus or OSS
 	IsPlus bool
+	// InstallationFlags is the list of command line arguments configured for NGINX Ingress Controller
+	InstallationFlags []string
 }
diff --git a/internal/telemetry/nicresourcecounts_attributes_generated.go b/internal/telemetry/nicresourcecounts_attributes_generated.go
index f215145ad4..6d11eab24f 100644
--- a/internal/telemetry/nicresourcecounts_attributes_generated.go
+++ b/internal/telemetry/nicresourcecounts_attributes_generated.go
@@ -33,6 +33,7 @@ func (d *NICResourceCounts) Attributes() []attribute.KeyValue {
 	attrs = append(attrs, attribute.StringSlice("IngressAnnotations", d.IngressAnnotations))
 	attrs = append(attrs, attribute.String("AppProtectVersion", d.AppProtectVersion))
 	attrs = append(attrs, attribute.Bool("IsPlus", d.IsPlus))
+	attrs = append(attrs, attribute.StringSlice("InstallationFlags", d.InstallationFlags))
 
 	return attrs
 }