docs: remove duplicate body H1s + sentence-case headings across 10 pages

docs/install/fly.md

@@ -6,8 +6,6 @@ read_when:
   - Setting up Fly volumes, secrets, and first-run config
 ---
 
-# Fly.io Deployment
-
 **Goal:** OpenClaw Gateway running on a [Fly.io](https://fly.io) machine with persistent storage, automatic HTTPS, and Discord/channel access.
 
 ## What you need

docs/install/hetzner.md

@@ -8,8 +8,6 @@ read_when:
 title: "Hetzner"
 ---
 
-# OpenClaw on Hetzner (Docker, Production VPS Guide)
-
 ## Goal
 
 Run a persistent OpenClaw Gateway on a Hetzner VPS using Docker, with durable state, baked-in binaries, and safe restart behavior.

docs/nodes/audio.md

@@ -5,8 +5,6 @@ read_when:
 title: "Audio and voice notes"
 ---
 
-# Audio / Voice Notes (2026-01-17)
-
 ## What works
 
 - **Media understanding (audio)**: If audio understanding is enabled (or auto-detected), OpenClaw:

docs/nodes/images.md

@@ -5,8 +5,6 @@ read_when:
 title: "Image and media support"
 ---
 
-# Image & Media Support (2025-12-05)
-
 The WhatsApp channel runs via **Baileys Web**. This document captures the current media handling rules for send, gateway, and agent replies.
 
 ## Goals

docs/plugins/dependency-resolution.md

@@ -8,8 +8,6 @@ title: "Plugin dependency resolution"
 sidebarTitle: "Dependencies"
 ---
 
-# Plugin dependency resolution
-
 OpenClaw keeps plugin dependency work at install/update time. Runtime loading
 does not run package managers, repair dependency trees, or mutate the OpenClaw
 package directory.

docs/plugins/webhooks.md

@@ -6,8 +6,6 @@ read_when:
 title: "Webhooks plugin"
 ---
 
-# Webhooks (plugin)
-
 The Webhooks plugin adds authenticated HTTP routes that bind external
 automation to OpenClaw TaskFlows.
 

docs/plugins/zalouser.md

@@ -6,8 +6,6 @@ read_when:
 title: "Zalo personal plugin"
 ---
 
-# Zalo Personal (plugin)
-
 Zalo Personal support for OpenClaw via a plugin, using native `zca-js` to automate a normal Zalo user account.
 
 <Warning>

docs/security/CONTRIBUTING-THREAT-MODEL.md

@@ -6,13 +6,11 @@ read_when:
   - Reviewing or updating the threat model
 ---
 
-# Contributing to the OpenClaw Threat Model
-
 Thanks for helping make OpenClaw more secure. This threat model is a living document and we welcome contributions from anyone - you don't need to be a security expert.
 
-## Ways to Contribute
+## Ways to contribute
 
-### Add a Threat
+### Add a threat
 
 Spotted an attack vector or risk we haven't covered? Open an issue on [openclaw/trust](https://github.com/openclaw/trust/issues) and describe it in your own words. You don't need to know any frameworks or fill in every field - just describe the scenario.
 
@@ -27,25 +25,25 @@ We'll handle the ATLAS mapping, threat IDs, and risk assessment during review. I
 
 > **This is for adding to the threat model, not reporting live vulnerabilities.** If you've found an exploitable vulnerability, see our [Trust page](https://trust.openclaw.ai) for responsible disclosure instructions.
 
-### Suggest a Mitigation
+### Suggest a mitigation
 
 Have an idea for how to address an existing threat? Open an issue or PR referencing the threat. Useful mitigations are specific and actionable - for example, "per-sender rate limiting of 10 messages/minute at the gateway" is better than "implement rate limiting."
 
-### Propose an Attack Chain
+### Propose an attack chain
 
 Attack chains show how multiple threats combine into a realistic attack scenario. If you see a dangerous combination, describe the steps and how an attacker would chain them together. A short narrative of how the attack unfolds in practice is more valuable than a formal template.
 
-### Fix or Improve Existing Content
+### Fix or improve existing content
 
 Typos, clarifications, outdated info, better examples - PRs welcome, no issue needed.
 
 ## What we use
 
-### MITRE ATLAS
+### MITRE ATLAS framework
 
 This threat model is built on [MITRE ATLAS](https://atlas.mitre.org/) (Adversarial Threat Landscape for AI Systems), a framework designed specifically for AI/ML threats like prompt injection, tool misuse, and agent exploitation. You don't need to know ATLAS to contribute - we map submissions to the framework during review.
 
-### Threat IDs
+### Threat ids
 
 Each threat gets an ID like `T-EXEC-003`. The categories are:
 

docs/security/THREAT-MODEL-ATLAS.md

@@ -6,9 +6,7 @@ read_when:
   - Working on security features or audit responses
 ---
 
-# OpenClaw Threat Model v1.0
-
-## MITRE ATLAS Framework
+## MITRE ATLAS framework
 
 **Version:** 1.0-draft
 **Last Updated:** 2026-02-04

docs/security/network-proxy.md

@@ -6,13 +6,11 @@ read_when:
   - Configuring an external forward proxy for OpenClaw runtime traffic
 ---
 
-# Network Proxy
-
 OpenClaw can route runtime HTTP and WebSocket traffic through an operator-managed forward proxy. This is optional defense in depth for deployments that want central egress control, stronger SSRF protection, and better network auditability.
 
 OpenClaw does not ship, download, start, configure, or certify a proxy. You run the proxy technology that fits your environment, and OpenClaw routes normal process-local HTTP and WebSocket clients through it.
 
-## Why Use a Proxy?
+## Why use a proxy
 
 A proxy gives operators one network control point for outbound HTTP and WebSocket traffic. That can be useful even outside SSRF hardening:
 
@@ -25,7 +23,7 @@ A proxy gives operators one network control point for outbound HTTP and WebSocke
 
 Proxy routing is a process-level guardrail for normal HTTP and WebSocket egress. It gives operators a fail-closed path for routing supported JavaScript HTTP clients through their own filtering proxy, but it is not an OS-level network sandbox and does not make OpenClaw certify the proxy's destination policy.
 
-## How OpenClaw Routes Traffic
+## How OpenClaw routes traffic
 
 When `proxy.enabled=true` and a proxy URL is configured, protected runtime processes such as `openclaw gateway run`, `openclaw node run`, and `openclaw agent --local` route normal HTTP and WebSocket egress through the configured proxy:
 
@@ -51,7 +49,7 @@ While the proxy is active, OpenClaw clears `no_proxy`, `NO_PROXY`, and `GLOBAL_A
 
 On shutdown, OpenClaw restores the previous proxy environment and resets cached process routing state.
 
-## Related Proxy Terms
+## Related proxy terms
 
 - `proxy.enabled` / `proxy.proxyUrl`: outbound forward-proxy routing for OpenClaw runtime egress. This page documents that feature.
 - `gateway.auth.mode: "trusted-proxy"`: inbound identity-aware reverse-proxy authentication for Gateway access. See [Trusted proxy auth](/gateway/trusted-proxy-auth).