CodeShellDev · CodeShellDev · Oct 27, 2025 · Oct 27, 2025
diff --git a/docs/configuration/field-policies.md b/docs/configuration/field-policies.md
@@ -0,0 +1,23 @@
+---
+title: Field Policies
+---
+
+# Field Policies
+
+An extra layer of security for ensuring no unwanted values are passed through a request.
+
+**Field Policies** allow for blocking or specifically allowing certain fields with set values from being used in the requests body or headers.
+
+Configure them by using `access.fieldPolicies` like so:
+
+```yaml
+settings:
+  access:
+    fieldPolicies:
+      "@number": { value: "+123400002", action: block }
+```
+
+Set the wanted action on encounter, available options are `block` and `allow`.
+
+> [!IMPORTANT]
+> Use `@` for Body Keys and `#` for Headers ([formatting](../usage/formatting)).
diff --git a/docs/features/features.md b/docs/features/features.md
@@ -62,3 +62,12 @@ Go hand in hand for restricting unauthorized access and for ensuring least privi
 [Let's start blocking then!](./configuration/endpoints)
 
 ---
+
+## Field Policies
+
+**Field Policies** are a great way to disallow specific fields or even disallowing fields with unwanted values.
+This is really helpful when trying to block certain numbers from using certain tokens, and therefor mitigating risks of unwanted use of an token.
+
+Find more about this feature [here](./configuration/field-policies).
+
+---
diff --git a/docs/usage/formatting.md b/docs/usage/formatting.md
@@ -18,6 +18,17 @@ Which means that any valid Go template string will also work in Secured Signal A
 
 But you will mostly be using `{{.VAR}}`.
 
+### Keys
+
+`{{.VAR}}` might be the most common, but there is also `{{@data.key}}` (Body Keys) and `{{#Content_Type}}` (Headers), that can be used,
+when using any of these keys make sure that you understand how each key will be parsed and transformed:
+
+| Type                                   | Example             | Note             |
+| :------------------------------------- | :------------------ | :--------------- |
+| Body                                   | `{{@data.key}}`     |                  |
+| Header                                 | `{{#Content_Type}}` | `-` becomes `_`  |
+| [Variable](../configuration/variables) | `{{.VAR}}`          | always uppercase |
+
 ## String to Type
 
 > [!TIP]