diff --git a/.stats.yml b/.stats.yml
index db0943d3d7..d1202adc94 100644
--- a/.stats.yml
+++ b/.stats.yml
@@ -1,2 +1,2 @@
 configured_endpoints: 1348
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-36a9d717773ebb507fd0744af578aa64b697030857c602c77458156a911fcab9.yml
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-a4ad69b707d0e14c7a716a22c876ab03c40d8aefa59eec101c5c52260cb860f3.yml
diff --git a/src/resources/zero-trust/gateway/configurations.ts b/src/resources/zero-trust/gateway/configurations.ts
index f297cc6b20..8918b4bd21 100644
--- a/src/resources/zero-trust/gateway/configurations.ts
+++ b/src/resources/zero-trust/gateway/configurations.ts
@@ -25,8 +25,8 @@ export class Configurations extends APIResource {
    * Patches the current Zero Trust account configuration. This endpoint can update a
    * single subcollection of settings such as `antivirus`, `tls_decrypt`,
    * `activity_log`, `block_page`, `browser_isolation`, `fips`, `body_scanning`, or
-   * `certificate`, without updating the entire configuration object. Returns an
-   * error if any collection of settings is not properly configured.
+   * `custom_certificate`, without updating the entire configuration object. Returns
+   * an error if any collection of settings is not properly configured.
    */
   edit(
     params: ConfigurationEditParams,
@@ -280,8 +280,7 @@ export interface BrowserIsolationSettingsParam {
 }
 
 /**
- * @deprecated: Custom certificate settings for BYO-PKI. (deprecated and replaced
- * by `certificate`)
+ * Custom certificate settings for BYO-PKI.
  */
 export interface CustomCertificateSettings {
   /**
@@ -303,8 +302,7 @@ export interface CustomCertificateSettings {
 }
 
 /**
- * @deprecated: Custom certificate settings for BYO-PKI. (deprecated and replaced
- * by `certificate`)
+ * Custom certificate settings for BYO-PKI.
  */
 export interface CustomCertificateSettingsParam {
   /**
@@ -390,14 +388,7 @@ export interface GatewayConfigurationSettings {
   browser_isolation?: BrowserIsolationSettings;
 
   /**
-   * Certificate settings for Gateway TLS interception. If not specified, the
-   * Cloudflare Root CA will be used.
-   */
-  certificate?: GatewayConfigurationSettings.Certificate;
-
-  /**
-   * @deprecated: Custom certificate settings for BYO-PKI. (deprecated and replaced
-   * by `certificate`)
+   * Custom certificate settings for BYO-PKI.
    */
   custom_certificate?: CustomCertificateSettings;
 
@@ -422,19 +413,6 @@ export interface GatewayConfigurationSettings {
   tls_decrypt?: TLSSettings;
 }
 
-export namespace GatewayConfigurationSettings {
-  /**
-   * Certificate settings for Gateway TLS interception. If not specified, the
-   * Cloudflare Root CA will be used.
-   */
-  export interface Certificate {
-    /**
-     * UUID of certificate to be used for interception.
-     */
-    id: string;
-  }
-}
-
 /**
  * account settings.
  */
@@ -465,14 +443,7 @@ export interface GatewayConfigurationSettingsParam {
   browser_isolation?: BrowserIsolationSettingsParam;
 
   /**
-   * Certificate settings for Gateway TLS interception. If not specified, the
-   * Cloudflare Root CA will be used.
-   */
-  certificate?: GatewayConfigurationSettingsParam.Certificate;
-
-  /**
-   * @deprecated: Custom certificate settings for BYO-PKI. (deprecated and replaced
-   * by `certificate`)
+   * Custom certificate settings for BYO-PKI.
    */
   custom_certificate?: CustomCertificateSettingsParam;
 
@@ -497,19 +468,6 @@ export interface GatewayConfigurationSettingsParam {
   tls_decrypt?: TLSSettingsParam;
 }
 
-export namespace GatewayConfigurationSettingsParam {
-  /**
-   * Certificate settings for Gateway TLS interception. If not specified, the
-   * Cloudflare Root CA will be used.
-   */
-  export interface Certificate {
-    /**
-     * UUID of certificate to be used for interception.
-     */
-    id: string;
-  }
-}
-
 /**
  * Configure a message to display on the user's device when an antivirus search is
  * performed.
diff --git a/src/resources/zero-trust/gateway/lists/lists.ts b/src/resources/zero-trust/gateway/lists/lists.ts
index a1552de861..716fcd5834 100644
--- a/src/resources/zero-trust/gateway/lists/lists.ts
+++ b/src/resources/zero-trust/gateway/lists/lists.ts
@@ -45,11 +45,8 @@ export class Lists extends APIResource {
     params: ListListParams,
     options?: Core.RequestOptions,
   ): Core.PagePromise<GatewayListsSinglePage, GatewayList> {
-    const { account_id, ...query } = params;
-    return this._client.getAPIList(`/accounts/${account_id}/gateway/lists`, GatewayListsSinglePage, {
-      query,
-      ...options,
-    });
+    const { account_id } = params;
+    return this._client.getAPIList(`/accounts/${account_id}/gateway/lists`, GatewayListsSinglePage, options);
   }
 
   /**
@@ -106,8 +103,6 @@ export interface GatewayItem {
 }
 
 export interface GatewayItemParam {
-  created_at?: string;
-
   /**
    * The value of the item in a list.
    */
@@ -223,15 +218,7 @@ export interface ListUpdateParams {
 }
 
 export interface ListListParams {
-  /**
-   * Path param:
-   */
   account_id: string;
-
-  /**
-   * Query param: The type of list.
-   */
-  type?: 'SERIAL' | 'URL' | 'DOMAIN' | 'EMAIL' | 'IP';
 }
 
 export interface ListDeleteParams {
diff --git a/src/resources/zero-trust/gateway/rules.ts b/src/resources/zero-trust/gateway/rules.ts
index fcb0347e7d..dd28917ea9 100644
--- a/src/resources/zero-trust/gateway/rules.ts
+++ b/src/resources/zero-trust/gateway/rules.ts
@@ -335,13 +335,6 @@ export interface RuleSetting {
    */
   egress?: RuleSetting.Egress;
 
-  /**
-   * Set to true, to ignore the category matches at CNAME domains in a response. If
-   * unchecked, the categories in this rule will be checked against all the CNAME
-   * domain categories in a response.
-   */
-  ignore_cname_category_matches?: boolean;
-
   /**
    * INSECURE - disable DNSSEC validation (for Allow actions).
    */
@@ -414,27 +407,27 @@ export namespace RuleSetting {
    */
   export interface BisoAdminControls {
     /**
-     * Set to false to enable copy-pasting.
+     * Set to true to enable copy-pasting.
      */
     dcp?: boolean;
 
     /**
-     * Set to false to enable downloading.
+     * Set to true to enable downloading.
      */
     dd?: boolean;
 
     /**
-     * Set to false to enable keyboard usage.
+     * Set to true to enable keyboard usage.
      */
     dk?: boolean;
 
     /**
-     * Set to false to enable printing.
+     * Set to true to enable printing.
      */
     dp?: boolean;
 
     /**
-     * Set to false to enable uploading.
+     * Set to true to enable uploading.
      */
     du?: boolean;
   }
@@ -610,13 +603,6 @@ export interface RuleSettingParam {
    */
   egress?: RuleSettingParam.Egress;
 
-  /**
-   * Set to true, to ignore the category matches at CNAME domains in a response. If
-   * unchecked, the categories in this rule will be checked against all the CNAME
-   * domain categories in a response.
-   */
-  ignore_cname_category_matches?: boolean;
-
   /**
    * INSECURE - disable DNSSEC validation (for Allow actions).
    */
@@ -689,27 +675,27 @@ export namespace RuleSettingParam {
    */
   export interface BisoAdminControls {
     /**
-     * Set to false to enable copy-pasting.
+     * Set to true to enable copy-pasting.
      */
     dcp?: boolean;
 
     /**
-     * Set to false to enable downloading.
+     * Set to true to enable downloading.
      */
     dd?: boolean;
 
     /**
-     * Set to false to enable keyboard usage.
+     * Set to true to enable keyboard usage.
      */
     dk?: boolean;
 
     /**
-     * Set to false to enable printing.
+     * Set to true to enable printing.
      */
     dp?: boolean;
 
     /**
-     * Set to false to enable uploading.
+     * Set to true to enable uploading.
      */
     du?: boolean;
   }
diff --git a/tests/api-resources/zero-trust/gateway/configurations.test.ts b/tests/api-resources/zero-trust/gateway/configurations.test.ts
index b6f70c8bd3..bbe8b139a3 100644
--- a/tests/api-resources/zero-trust/gateway/configurations.test.ts
+++ b/tests/api-resources/zero-trust/gateway/configurations.test.ts
@@ -47,7 +47,6 @@ describe('resource configurations', () => {
         },
         body_scanning: { inspection_mode: 'deep' },
         browser_isolation: { non_identity_enabled: true, url_browser_isolation_enabled: true },
-        certificate: { id: 'd1b364c5-1311-466e-a194-f0e943e0799f' },
         custom_certificate: { enabled: true, id: 'd1b364c5-1311-466e-a194-f0e943e0799f' },
         extended_email_matching: { enabled: true },
         fips: { tls: true },
@@ -94,7 +93,6 @@ describe('resource configurations', () => {
         },
         body_scanning: { inspection_mode: 'deep' },
         browser_isolation: { non_identity_enabled: true, url_browser_isolation_enabled: true },
-        certificate: { id: 'd1b364c5-1311-466e-a194-f0e943e0799f' },
         custom_certificate: { enabled: true, id: 'd1b364c5-1311-466e-a194-f0e943e0799f' },
         extended_email_matching: { enabled: true },
         fips: { tls: true },
diff --git a/tests/api-resources/zero-trust/gateway/lists/lists.test.ts b/tests/api-resources/zero-trust/gateway/lists/lists.test.ts
index a7c35b838f..94bd368d9c 100644
--- a/tests/api-resources/zero-trust/gateway/lists/lists.test.ts
+++ b/tests/api-resources/zero-trust/gateway/lists/lists.test.ts
@@ -31,11 +31,7 @@ describe('resource lists', () => {
       name: 'Admin Serial Numbers',
       type: 'SERIAL',
       description: 'The serial numbers for administrators',
-      items: [
-        { created_at: '2014-01-01T05:20:00.12345Z', value: '8GE8721REF' },
-        { created_at: '2014-01-01T05:20:00.12345Z', value: '8GE8721REF' },
-        { created_at: '2014-01-01T05:20:00.12345Z', value: '8GE8721REF' },
-      ],
+      items: [{ value: '8GE8721REF' }, { value: '8GE8721REF' }, { value: '8GE8721REF' }],
     });
   });
 
@@ -77,7 +73,6 @@ describe('resource lists', () => {
   test('list: required and optional params', async () => {
     const response = await cloudflare.zeroTrust.gateway.lists.list({
       account_id: '699d98642c564d2e855e9661899b7252',
-      type: 'SERIAL',
     });
   });
 
@@ -117,11 +112,7 @@ describe('resource lists', () => {
   test('edit: required and optional params', async () => {
     const response = await cloudflare.zeroTrust.gateway.lists.edit('f174e90a-fafe-4643-bbbc-4a0ed4fc8415', {
       account_id: '699d98642c564d2e855e9661899b7252',
-      append: [
-        { created_at: '2014-01-01T05:20:00.12345Z', value: '8GE8721REF' },
-        { created_at: '2014-01-01T05:20:00.12345Z', value: '8GE8721REF' },
-        { created_at: '2014-01-01T05:20:00.12345Z', value: '8GE8721REF' },
-      ],
+      append: [{ value: '8GE8721REF' }, { value: '8GE8721REF' }, { value: '8GE8721REF' }],
       remove: ['8GE8721REF', '8GE8721REF', '8GE8721REF'],
     });
   });
diff --git a/tests/api-resources/zero-trust/gateway/rules.test.ts b/tests/api-resources/zero-trust/gateway/rules.test.ts
index f883ea6515..c0823a69db 100644
--- a/tests/api-resources/zero-trust/gateway/rules.test.ts
+++ b/tests/api-resources/zero-trust/gateway/rules.test.ts
@@ -88,7 +88,6 @@ describe('resource rules', () => {
           ],
         },
         egress: { ipv4: '192.0.2.2', ipv4_fallback: '192.0.2.3', ipv6: '2001:DB8::/64' },
-        ignore_cname_category_matches: true,
         insecure_disable_dnssec_validation: false,
         ip_categories: true,
         ip_indicator_feeds: true,
@@ -192,7 +191,6 @@ describe('resource rules', () => {
           ],
         },
         egress: { ipv4: '192.0.2.2', ipv4_fallback: '192.0.2.3', ipv6: '2001:DB8::/64' },
-        ignore_cname_category_matches: true,
         insecure_disable_dnssec_validation: false,
         ip_categories: true,
         ip_indicator_feeds: true,