[SSL] Add link to blog on alternatives to certificate pinning (#24384)

RebeccaTamachiro · web-flow · commit 79016c997c7b · 2025-08-13T11:12:12.000+01:00
diff --git a/src/content/docs/ssl/reference/certificate-pinning.mdx b/src/content/docs/ssl/reference/certificate-pinning.mdx
@@ -14,7 +14,7 @@ Cloudflare does not support HTTP public key pinning (HPKP)[^1] for Universal, Ad
 
 This is because Cloudflare regularly changes the edge certificates provisioned for your domain and - if you had HPKP enabled - your domain would go offline. Additionally, [industry experts](https://scotthelme.co.uk/im-giving-up-on-hpkp/) discourage using HPKP.
 
-For a better solution to the problem that HPKP is trying to solve - preventing certificate misissuance - use [Certificate Transparency Monitoring](/ssl/edge-certificates/additional-options/certificate-transparency-monitoring/).
+For a better solution to the problem that HPKP is trying to solve - preventing certificate misissuance - use [Certificate Transparency Monitoring](/ssl/edge-certificates/additional-options/certificate-transparency-monitoring/). Also consider Cloudflare's blog post on [modern alternatives to certificate pinning practices](https://blog.cloudflare.com/why-certificate-pinning-is-outdated/).
 
 To avoid downtime when pinning your certificates, use [custom certificates](/ssl/edge-certificates/custom-certificates/) and select [**user-defined** bundle method](/ssl/edge-certificates/custom-certificates/bundling-methodologies/#user-defined). This way you can control which CA, intermediate, and certificate will be used after renewal.
 
