Fill in Cf to origin and review titles and headings

RebeccaTamachiro · RebeccaTamachiro · commit 769a0df653d7 · 2024-11-19T10:09:01.000Z
diff --git a/src/content/docs/ssl/post-quantum-cryptography/index.mdx b/src/content/docs/ssl/post-quantum-cryptography/index.mdx
@@ -10,12 +10,12 @@ head: []
 description: Get an overview of how Cloudflare is implementing post-quantum cryptography to protect you against store now, decrypt later.
 ---
 
-For years, Cloudflare has been researching and [writing about post quantum](https://blog.cloudflare.com/tag/post-quantum/).
+For years, Cloudflare has been researching and [writing about post-quantum](https://blog.cloudflare.com/tag/post-quantum/).
 
-To protect you against the risk of [store now, decrypt later](https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later), and considering all the [connections](#three-connections-in-the-life-of-a-request) that take place when your website or application is on Cloudflare, we have deployed and are actively expanding the use of post-quantum hybrid key agreement.
+To protect you against the risk of [store now, decrypt later](https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later), and considering all the [connections](#three-connections-in-the-life-of-a-request) that take place when your website or application is on Cloudflare, we have deployed and are actively expanding the use of [post-quantum hybrid key agreement](#hybrid-key-agreement).
 
 :::caution[TLS 1.3]
-Post-quantum key agreements are only supported in protocols based on TLS 1.3 (including HTTP/3) and are disabled for websites in [FIPS mode](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#fips-compliance).
+Cloudflare post-quantum key agreements are only supported in protocols based on TLS 1.3 (including HTTP/3) and are disabled for websites in [FIPS mode](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#fips-compliance).
 :::
 
 ## Three building blocks of TLS
@@ -41,7 +41,7 @@ Cloudflare has deployed the following hybrid key agreements:
 - [X25519Kyber768Draft00](https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/) (Obsolete)
     - TLS identifier: `0x6399`
 
-A hybrid key agreement lays the groundwork as more and more [clients](#visitor-to-cloudflare) adopt post-quantum cryptography, while also maintaining the current security provided by X25519. It is a safer path in case of an unexpected breakthrough that renders all variants of ML-KEM insecure.
+A hybrid key agreement lays the groundwork as more and more [clients](#1-visitor-to-cloudflare) adopt post-quantum cryptography, while also maintaining the current security provided by X25519. It is a safer path in case of an unexpected breakthrough that renders all variants of ML-KEM insecure.
 
 ## Three connections in the life of a request
 
@@ -73,3 +73,6 @@ As announced in [September 2023](https://blog.cloudflare.com/post-quantum-crypto
 
 ### 3. Cloudflare to your origin
 
+Finally, Cloudflare also supports [hybrid key agreements](#hybrid-key-agreement) when connecting to origins. In this case, post-quantum secured connections will depend on the origin servers also supporting PQC.
+
+Refer to [Post-quantum cryptography between Cloudflare and origin servers](/ssl/post-quantum-cryptography/pqc-to-origin/) for details.
diff --git a/src/content/docs/ssl/post-quantum-cryptography/pqc-support.mdx b/src/content/docs/ssl/post-quantum-cryptography/pqc-support.mdx
@@ -2,22 +2,20 @@
 pcx_content_type: reference
 title: PQC support
 sidebar:
-  order: 3
+  order: 2
 head: []
 description: Consider information about post-quantum cryptography at Cloudflare - deployed key agreements and software support.
 ---
 
-Cloudflare's deployment of post-quantum hybrid key agreements is supported by the following [third-parties](#software-support) and is in use within the following [Cloudflare products](#cloudflare-products).
+Cloudflare's deployment of post-quantum hybrid key agreements is supported by different software as listed below.
 
-## Software support
-
-### X25519MLKEM768
+## X25519MLKEM768
 - Default for [Firefox 132+](https://www.mozilla.org/firefox/channel/desktop/) (Beta)
 - Default for [Chrome 131+](https://www.google.com/chrome/beta/) (Beta)
 - Cloudflare's [fork of Go](https://github.com/cloudflare/go)
 - [BoringSSL](https://boringssl.googlesource.com/boringssl/)
 
-### X25519Kyber768Draft00
+## X25519Kyber768Draft00
 
 - Default for [Chrome 124-130](https://www.google.com/chrome/) on Desktop
     - For older Chrome or on mobile, toggle _TLS 1.3 hybridized Kyber support_ (`enable-tls13-kyber`) in `chrome://flags`.
diff --git a/src/content/docs/ssl/post-quantum-cryptography/pqc-to-origin.mdx b/src/content/docs/ssl/post-quantum-cryptography/pqc-to-origin.mdx
@@ -1,9 +1,10 @@
 ---
 pcx_content_type: how-to
-title: Enable PQC to your origin
+title: Post-quantum between Cloudflare and origin servers
 sidebar:
-  order: 2
+  order: 3
   label: PQC to your origin
 head: []
 description: Learn how to enable post-quantum cryptography in connections from Cloudflare to your origin servers.
----
+---
+
