diff --git a/assets/css/v2/style.css b/assets/css/v2/style.css
index f5baff09..79fc21aa 100644
--- a/assets/css/v2/style.css
+++ b/assets/css/v2/style.css
@@ -6,7 +6,7 @@
   font-feature-settings: "liga" on, "calt" on;
 
   /* fallback to slightly thinner font on browsers without variable 'wght' support */
-  font-weight: 400;
+  font-weight: 350;
 
   /* base rem = 16px by default, left as percentage for screen readers */
   font-size: 100%;
@@ -120,12 +120,19 @@ p {
 ul,
 ol {
   padding: 0;
-  margin: 0;
+  margin: 0.5rem 0 0.5rem 0;
 }
 
 ul li,
 ol li {
-  margin-bottom: 0.5rem;
+  margin: 0.5rem 0 0.5rem 0;
+}
+
+ul ul,
+ul ol,
+ol ul,
+ol ol {
+  padding: 0 0 0 1rem;
 }
 
 ul li:last-child,
@@ -963,7 +970,7 @@ table hr {
 blockquote {
   border: 1px solid var(--color-foreground);
   padding: 1rem;
-  margin: 1rem -1rem;
+  margin: 0 -1rem;
 
   /* solid 3px drop shadow */
   box-shadow: 3px 3px 0px var(--color-shadow);
@@ -1140,6 +1147,10 @@ blockquote ul {
   }
 }
 
+.tab-content > div > * {
+  margin: 0 0 var(--flow-gap) 0;
+}
+
 /* Codeblocks */
 .highlight {
   padding: 0 1rem 0 1rem;
diff --git a/exampleSite/content/test-product/_index.md b/exampleSite/content/test-product/_index.md
index 325c5e10..0561b347 100644
--- a/exampleSite/content/test-product/_index.md
+++ b/exampleSite/content/test-product/_index.md
@@ -2,5 +2,4 @@
 description: Test pages for nginx-hugo-theme
 title: Test pages for nginx-hugo-theme
 weight: 100
-toc: true
 ---
diff --git a/exampleSite/content/test-product/code-blocks/code-blocks.md b/exampleSite/content/test-product/code-blocks/code-blocks-root-non-root.md
similarity index 88%
rename from exampleSite/content/test-product/code-blocks/code-blocks.md
rename to exampleSite/content/test-product/code-blocks/code-blocks-root-non-root.md
index 04688a41..dcdbfd13 100644
--- a/exampleSite/content/test-product/code-blocks/code-blocks.md
+++ b/exampleSite/content/test-product/code-blocks/code-blocks-root-non-root.md
@@ -1,6 +1,6 @@
 ---
-description: Code Blocks - with root and non-root
-title: Code Blocks - with root and non-root
+description: Code Blocks - With root and non-root
+title: Code Blocks - With root and non-root
 weight: 200
 ---
 
diff --git a/exampleSite/content/test-product/code-blocks/code-blocks-spacing.md b/exampleSite/content/test-product/code-blocks/code-blocks-spacing.md
index 5abc98b6..deb9fac6 100644
--- a/exampleSite/content/test-product/code-blocks/code-blocks-spacing.md
+++ b/exampleSite/content/test-product/code-blocks/code-blocks-spacing.md
@@ -64,4 +64,4 @@ sudo rm -rf /
     sslclientkey=/etc/ssl/nginx/nginx-repo.key
     gpgcheck=0
     enabled=1
-    ```
\ No newline at end of file
+    ```
diff --git a/exampleSite/content/test-product/code-blocks/code-blocks-stacked.md b/exampleSite/content/test-product/code-blocks/code-blocks-stacked.md
new file mode 100644
index 00000000..d5ffef45
--- /dev/null
+++ b/exampleSite/content/test-product/code-blocks/code-blocks-stacked.md
@@ -0,0 +1,21 @@
+---
+description: Code Blocks - Stacked
+title: Code Blocks - Stacked
+weight: 200
+---
+
+## Stacked Code Blocks
+
+```shell
+sudo yum install yum-utils procps
+```
+
+```shell
+sudo rm /etc/yum.repos.d/nginx*.repo
+sudo rm /etc/yum.repos.d/*app-protect*.repo
+```
+```js
+console.log("Hello World");
+console.warn("Hello... World");
+console.error("WORLD?! HELLO?!");
+```
diff --git a/exampleSite/content/test-product/lists/_index.md b/exampleSite/content/test-product/lists/_index.md
new file mode 100644
index 00000000..4a0f0124
--- /dev/null
+++ b/exampleSite/content/test-product/lists/_index.md
@@ -0,0 +1,4 @@
+---
+description: Lists
+title: Lists
+---
diff --git a/exampleSite/content/test-product/lists/ol.md b/exampleSite/content/test-product/lists/ol.md
new file mode 100644
index 00000000..a7bf4d7f
--- /dev/null
+++ b/exampleSite/content/test-product/lists/ol.md
@@ -0,0 +1,39 @@
+---
+description: List - OL
+title: List - OL
+---
+
+The following list describes the connections, preceeded by their types in parentheses. For brevity, the suffix "process" has been omitted from the process descriptions.
+
+1. (HTTPS)
+   - Read: _NGF_ reads the _Kubernetes API_ to get the latest versions of the resources in the cluster.
+   - Write: _NGF_ writes to the _Kubernetes API_ to update the handled resources' statuses and emit events. If there's more than one replica of _NGF_ and [leader election](https://github.com/nginx/nginx-gateway-fabric/tree/v/charts/nginx-gateway-fabric#configuration) is enabled, only the _NGF_ pod that is leading will write statuses to the _Kubernetes API_.
+1. (HTTP, HTTPS) _Prometheus_ fetches the `controller-runtime` and NGINX metrics via an HTTP endpoint that _NGF_ exposes (`:9113/metrics` by default). Prometheus is **not** required by NGINX Gateway Fabric, and its endpoint can be turned off.
+1. (File I/O)
+   - Write: _NGF_ generates NGINX _configuration_ based on the cluster resources and writes them as `.conf` files to the mounted `nginx-conf` volume, located at `/etc/nginx/conf.d`. It also writes _TLS certificates_ and _keys_ from [TLS secrets](https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets) referenced in the accepted Gateway resource to the `nginx-secrets` volume at the path `/etc/nginx/secrets`.
+   - Read: _NGF_ reads the PID file `nginx.pid` from the `nginx-run` volume, located at `/var/run/nginx`. _NGF_ extracts the PID of the nginx process from this file in order to send reload signals to _NGINX master_.
+1. (File I/O) _NGF_ writes logs to its _stdout_ and _stderr_, which are collected by the container runtime.
+1. (HTTP) _NGF_ fetches the NGINX metrics via the unix:/var/run/nginx/nginx-status.sock UNIX socket and converts it to _Prometheus_ format used in #2.
+1. (Signal) To reload NGINX, _NGF_ sends the [reload signal](https://nginx.org/en/docs/control.html) to the **NGINX master**.
+1. (File I/O)
+   - Write: The _NGINX master_ writes its PID to the `nginx.pid` file stored in the `nginx-run` volume.
+   - Read: The _NGINX master_ reads _configuration files_ and the _TLS cert and keys_ referenced in the configuration when it starts or during a reload. These files, certificates, and keys are stored in the `nginx-conf` and `nginx-secrets` volumes that are mounted to both the `nginx-gateway` and `nginx` containers.
+1. (File I/O)
+   - Write: The _NGINX master_ writes to the auxiliary Unix sockets folder, which is located in the `/var/run/nginx`
+     directory.
+   - Read: The _NGINX master_ reads the `nginx.conf` file from the `/etc/nginx` directory. This [file](https://github.com/nginx/nginx-gateway-fabric/blob/v/internal/mode/static/nginx/conf/nginx.conf) contains the global and http configuration settings for NGINX. In addition, _NGINX master_ reads the NJS modules referenced in the configuration when it starts or during a reload. NJS modules are stored in the `/usr/lib/nginx/modules` directory.
+1. (File I/O) The _NGINX master_ sends logs to its _stdout_ and _stderr_, which are collected by the container runtime.
+1. (File I/O) An _NGINX worker_ writes logs to its _stdout_ and _stderr_, which are collected by the container runtime.
+1. (Signal) The _NGINX master_ controls the [lifecycle of _NGINX workers_](https://nginx.org/en/docs/control.html#reconfiguration) it creates workers with the new configuration and shutdowns workers with the old configuration.
+1. (HTTP) To consider a configuration reload a success, _NGF_ ensures that at least one NGINX worker has the new configuration. To do that, _NGF_ checks a particular endpoint via the unix:/var/run/nginx/nginx-config-version.sock UNIX socket.
+1. (HTTP, HTTPS) A _client_ sends traffic to and receives traffic from any of the _NGINX workers_ on ports 80 and 443.
+1. (HTTP, HTTPS) An _NGINX worker_ sends traffic to and receives traffic from the _backends_.
+
+
+
+
+## Regular OL
+
+1. (File I/O) _NGF_ writes logs to its _stdout_ and _stderr_, which are collected by the container runtime.
+1. (HTTP) _NGF_ fetches the NGINX metrics via the unix:/var/run/nginx/nginx-status.sock UNIX socket and converts it to _Prometheus_ format used in #2.
+1. (Signal) To reload NGINX, _NGF_ sends the [reload signal](https://nginx.org/en/docs/control.html) to the **NGINX master**.
diff --git a/exampleSite/content/test-product/lists/ul.md b/exampleSite/content/test-product/lists/ul.md
new file mode 100644
index 00000000..224eb865
--- /dev/null
+++ b/exampleSite/content/test-product/lists/ul.md
@@ -0,0 +1,39 @@
+---
+description: List - UL
+title: List - UL
+---
+
+The following list describes the connections, preceeded by their types in parentheses. For brevity, the suffix "process" has been omitted from the process descriptions.
+
+- (HTTPS)
+   - Read: _NGF_ reads the _Kubernetes API_ to get the latest versions of the resources in the cluster.
+   - Write: _NGF_ writes to the _Kubernetes API_ to update the handled resources' statuses and emit events. If there's more than one replica of _NGF_ and [leader election](https://github.com/nginx/nginx-gateway-fabric/tree/v/charts/nginx-gateway-fabric#configuration) is enabled, only the _NGF_ pod that is leading will write statuses to the _Kubernetes API_.
+- (HTTP, HTTPS) _Prometheus_ fetches the `controller-runtime` and NGINX metrics via an HTTP endpoint that _NGF_ exposes (`:9113/metrics` by default). Prometheus is **not** required by NGINX Gateway Fabric, and its endpoint can be turned off.
+- (File I/O)
+   - Write: _NGF_ generates NGINX _configuration_ based on the cluster resources and writes them as `.conf` files to the mounted `nginx-conf` volume, located at `/etc/nginx/conf.d`. It also writes _TLS certificates_ and _keys_ from [TLS secrets](https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets) referenced in the accepted Gateway resource to the `nginx-secrets` volume at the path `/etc/nginx/secrets`.
+   - Read: _NGF_ reads the PID file `nginx.pid` from the `nginx-run` volume, located at `/var/run/nginx`. _NGF_ extracts the PID of the nginx process from this file in order to send reload signals to _NGINX master_.
+- (File I/O) _NGF_ writes logs to its _stdout_ and _stderr_, which are collected by the container runtime.
+- (HTTP) _NGF_ fetches the NGINX metrics via the unix:/var/run/nginx/nginx-status.sock UNIX socket and converts it to _Prometheus_ format used in #2.
+- (Signal) To reload NGINX, _NGF_ sends the [reload signal](https://nginx.org/en/docs/control.html) to the **NGINX master**.
+- (File I/O)
+   - Write: The _NGINX master_ writes its PID to the `nginx.pid` file stored in the `nginx-run` volume.
+   - Read: The _NGINX master_ reads _configuration files_ and the _TLS cert and keys_ referenced in the configuration when it starts or during a reload. These files, certificates, and keys are stored in the `nginx-conf` and `nginx-secrets` volumes that are mounted to both the `nginx-gateway` and `nginx` containers.
+- (File I/O)
+   - Write: The _NGINX master_ writes to the auxiliary Unix sockets folder, which is located in the `/var/run/nginx`
+     directory.
+   - Read: The _NGINX master_ reads the `nginx.conf` file from the `/etc/nginx` directory. This [file](https://github.com/nginx/nginx-gateway-fabric/blob/v/internal/mode/static/nginx/conf/nginx.conf) contains the global and http configuration settings for NGINX. In addition, _NGINX master_ reads the NJS modules referenced in the configuration when it starts or during a reload. NJS modules are stored in the `/usr/lib/nginx/modules` directory.
+- (File I/O) The _NGINX master_ sends logs to its _stdout_ and _stderr_, which are collected by the container runtime.
+- (File I/O) An _NGINX worker_ writes logs to its _stdout_ and _stderr_, which are collected by the container runtime.
+- (Signal) The _NGINX master_ controls the [lifecycle of _NGINX workers_](https://nginx.org/en/docs/control.html#reconfiguration) it creates workers with the new configuration and shutdowns workers with the old configuration.
+- (HTTP) To consider a configuration reload a success, _NGF_ ensures that at least one NGINX worker has the new configuration. To do that, _NGF_ checks a particular endpoint via the unix:/var/run/nginx/nginx-config-version.sock UNIX socket.
+- (HTTP, HTTPS) A _client_ sends traffic to and receives traffic from any of the _NGINX workers_ on ports 80 and 443.
+- (HTTP, HTTPS) An _NGINX worker_ sends traffic to and receives traffic from the _backends_.
+
+
+
+
+## Regular OL
+
+- (File I/O) _NGF_ writes logs to its _stdout_ and _stderr_, which are collected by the container runtime.
+- (HTTP) _NGF_ fetches the NGINX metrics via the unix:/var/run/nginx/nginx-status.sock UNIX socket and converts it to _Prometheus_ format used in #2.
+- (Signal) To reload NGINX, _NGF_ sends the [reload signal](https://nginx.org/en/docs/control.html) to the **NGINX master**.
diff --git a/exampleSite/content/test-product/tab-group.md b/exampleSite/content/test-product/tab-group.md
deleted file mode 100644
index de30b854..00000000
--- a/exampleSite/content/test-product/tab-group.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-description: Tab Group
-title: Tab Group
-weight: 200
----
-
-## tab-group
-
-
-{{<tabs name="common_steps_for_nginx_oss_and_plus">}}
-
-{{%tab name="Ordered List With Code Block types"%}}
-
-1. Create the `/etc/ssl/nginx` directory:
-
-    ```shell
-    sudo mkdir -p /etc/ssl/nginx
-    ```
-
-2. Upload **nginx-repo.crt** and **nginx-repo.key** files to the `/etc/ssl/nginx/` directory.
-
-3. Install required dependencies:
-
-    ```shell
-    sudo yum install ca-certificates wget
-    ```
-
-4. Remove any previously downloaded NGINX repository files from `/etc/yum.repos.d`:
-
-    ```shell
-    sudo rm /etc/yum.repos.d/nginx*.repo
-    sudo rm /etc/yum.repos.d/*app-protect*.repo
-    ```
-
-{{%/tab%}}
-
-{{%tab name="Code Block"%}}
-
-```shell
-nginx -s reload
-```
-
-{{%/tab%}}
-{{</tabs>}}
\ No newline at end of file
diff --git a/exampleSite/content/test-product/tab-group/_index.md b/exampleSite/content/test-product/tab-group/_index.md
new file mode 100644
index 00000000..54b45e6e
--- /dev/null
+++ b/exampleSite/content/test-product/tab-group/_index.md
@@ -0,0 +1,5 @@
+---
+description: Tab Group
+title: Tab Group
+weight: 100
+---
diff --git a/exampleSite/content/test-product/tab-group/tab-group.md b/exampleSite/content/test-product/tab-group/tab-group.md
new file mode 100644
index 00000000..190e293c
--- /dev/null
+++ b/exampleSite/content/test-product/tab-group/tab-group.md
@@ -0,0 +1,102 @@
+---
+description: Tab Group
+title: Tab Group
+weight: 200
+---
+
+## tab-group
+
+{{<tabs name="common_steps_for_nginx_oss_and_plus">}}
+
+{{%tab name="Ordered List With Code Block types"%}}
+
+1. Create the `/etc/ssl/nginx` directory:
+
+    ```shell
+    sudo mkdir -p /etc/ssl/nginx
+    ```
+
+2. Upload **nginx-repo.crt** and **nginx-repo.key** files to the `/etc/ssl/nginx/` directory.
+
+3. Install required dependencies:
+
+    ```shell
+    sudo yum install ca-certificates wget
+    ```
+
+4. Remove any previously downloaded NGINX repository files from `/etc/yum.repos.d`:
+
+    ```shell
+    sudo rm /etc/yum.repos.d/nginx*.repo
+    sudo rm /etc/yum.repos.d/*app-protect*.repo
+    ```
+
+{{%/tab%}}
+
+{{%tab name="Code Block"%}}
+
+```shell
+nginx -s reload
+```
+
+{{%/tab%}}
+{{</tabs>}}
+
+
+## Much nested tab group
+To configure a CA cert and/or client certificate and key, a few extra steps are needed.
+
+First, you need to create two Secrets in the `nginx-gateway` namespace. The CA must live under the key `ca.crt`:
+
+```shell
+kubectl -n nginx-gateway create secret generic nim-ca --from-file ca.crt
+```
+
+The client cert and key must be added to a TLS Secret:
+
+```shell
+kubectl -n nginx-gateway create secret tls nim-client --cert /path/to/cert --key /path/to/key
+```
+
+{{<tabs name="nim-secret-install">}}
+
+{{%tab name="Manifests"%}}
+
+Specify the CA Secret name in the `--usage-report-ca-secret` command-line flag on the `nginx-gateway` container. Specify the client Secret name in the `--usage-report-client-ssl-secret` command-line flag on the `nginx-gateway` container.
+
+You also need to define the proper volume mount to mount the Secrets to the nginx container. Add the following volume to the Deployment:
+
+```yaml
+- name: nginx-plus-usage-certs
+  projected:
+    sources:
+      - secret:
+          name: nim-ca
+      - secret:
+          name: nim-client
+```
+
+and the following volume mounts to the `nginx` container:
+
+```yaml
+- mountPath: /etc/nginx/certs-bootstrap/
+  name: nginx-plus-usage-certs
+```
+
+Finally, in the `nginx-includes-bootstrap` ConfigMap, add the following lines to the `mgmt` block:
+
+```text
+ssl_trusted_certificate /etc/nginx/certs-bootstrap/ca.crt;
+ssl_certificate        /etc/nginx/certs-bootstrap/tls.crt;
+ssl_certificate_key    /etc/nginx/certs-bootstrap/tls.key;
+```
+
+{{% /tab %}}
+
+{{%tab name="Helm"%}}
+
+Specify the CA Secret name using the `nginx.usage.caSecretName` helm value. Specify the client Secret name using the `nginx.usage.clientSSLSecretName` helm value.
+
+{{% /tab %}}
+
+{{</tabs>}}
diff --git a/layouts/shortcodes/tabs.html b/layouts/shortcodes/tabs.html
index 093f5dbf..26a9cf88 100644
--- a/layouts/shortcodes/tabs.html
+++ b/layouts/shortcodes/tabs.html
@@ -22,7 +22,6 @@
 {{ else }}
   <div id="{{ $id }}" class="tab-pane" role="tabpanel" aria-labelledby="{{ $id }}">
 {{ end }}
-<p>
 	{{- with .content -}}
 		{{- . -}}
 	{{- else -}}