From c6b42e7cb4955d2b63ad4e3bea8c544880ed2bd1 Mon Sep 17 00:00:00 2001
From: Nic <123965403+ngayerie@users.noreply.github.com>
Date: Mon, 30 Sep 2024 17:09:14 +0200
Subject: [PATCH 1/3] [SSL] Update zone-level.mdx

PCX-13840 / CUSTESC-42471
---
 .../authenticated-origin-pull/set-up/zone-level.mdx         | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx
index bbc2d95e082a4c..31a7d7e4e5647a 100644
--- a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx
+++ b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx
@@ -17,6 +17,12 @@ When you enable Authenticated Origin Pulls for a zone, all proxied traffic to yo
 
 Make sure your zone is using an [SSL/TLS encryption mode](/ssl/origin-configuration/ssl-modes/) of **Full** or higher.
 
+:::caution
+
+In the Cloudflare for SaaS context you'll need to use [Per-hostname AOP](/ssl/origin-configuration/authenticated-origin-pull/set-up/per-hostname/) as otherwise the same zone-level certificate will be used for all your configured custom hostnames and custom origins!
+
+:::
+
 ## 1. Upload certificate to origin
 
 First, upload a certificate to your origin.

From 5adb868efce9c72179aeba47665db5228be0f80c Mon Sep 17 00:00:00 2001
From: Nic <123965403+ngayerie@users.noreply.github.com>
Date: Mon, 30 Sep 2024 18:25:00 +0200
Subject: [PATCH 2/3] Update zone-level.mdx

---
 .../authenticated-origin-pull/set-up/zone-level.mdx            | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx
index 31a7d7e4e5647a..b57a8518744c3a 100644
--- a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx
+++ b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx
@@ -19,7 +19,8 @@ Make sure your zone is using an [SSL/TLS encryption mode](/ssl/origin-configurat
 
 :::caution
 
-In the Cloudflare for SaaS context you'll need to use [Per-hostname AOP](/ssl/origin-configuration/authenticated-origin-pull/set-up/per-hostname/) as otherwise the same zone-level certificate will be used for all your configured custom hostnames and custom origins!
+Zone level AOP certificates are also applied to custom hostnames configured on a Cloudflare for SaaS zone. 
+If you need a different AOP certificate to apply to different custom hostnames then you will need to use [Per-hostname AOP](/ssl/origin-configuration/authenticated-origin-pull/set-up/per-hostname/).
 
 :::
 

From f79f37b0071959a721e7852115189e24d9063dcf Mon Sep 17 00:00:00 2001
From: Rebecca Tamachiro <rtamachiro@cloudflare.com>
Date: Fri, 18 Oct 2024 16:14:08 +0100
Subject: [PATCH 3/3] Introduce AOP acronym and link out to custom hostnames
 docs

---
 .../authenticated-origin-pull/index.mdx                     | 2 +-
 .../authenticated-origin-pull/set-up/zone-level.mdx         | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/index.mdx b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/index.mdx
index e08968f5edba45..de6cae9d4f8c14 100644
--- a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/index.mdx
+++ b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/index.mdx
@@ -11,7 +11,7 @@ description: Authenticated Origin Pulls helps ensure requests to your origin
 
 import { FeatureTable } from "~/components"
 
-Authenticated Origin Pulls helps ensure requests to your origin server come from the Cloudflare network, which provides an additional layer of security on top of [Full](/ssl/origin-configuration/ssl-modes/full/) or [Full (strict)](/ssl/origin-configuration/ssl-modes/full-strict/) encryption modes.
+Authenticated Origin Pulls (AOP) helps ensure requests to your origin server come from the Cloudflare network, which provides an additional layer of security on top of [Full](/ssl/origin-configuration/ssl-modes/full/) or [Full (strict)](/ssl/origin-configuration/ssl-modes/full-strict/) encryption modes.
 
 This authentication becomes particularly important with the [Cloudflare Web Application Firewall (WAF)](/waf/). Together with the WAF, you can make sure that **all traffic** is evaluated before receiving a response from your origin server.
 
diff --git a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx
index b57a8518744c3a..b6f293472638d1 100644
--- a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx
+++ b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx
@@ -11,7 +11,7 @@ head:
 
 import { AvailableNotifications, Render } from "~/components"
 
-When you enable Authenticated Origin Pulls for a zone, all proxied traffic to your zone is authenticated at the origin web server.
+When you enable Authenticated Origin Pulls (AOP) for a zone, all proxied traffic to your zone is authenticated at the origin web server.
 
 ## Before you begin
 
@@ -19,8 +19,8 @@ Make sure your zone is using an [SSL/TLS encryption mode](/ssl/origin-configurat
 
 :::caution
 
-Zone level AOP certificates are also applied to custom hostnames configured on a Cloudflare for SaaS zone. 
-If you need a different AOP certificate to apply to different custom hostnames then you will need to use [Per-hostname AOP](/ssl/origin-configuration/authenticated-origin-pull/set-up/per-hostname/).
+Zone-level AOP certificates are also applied to [custom hostnames](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/) configured on a Cloudflare for SaaS zone.
+If you need a different AOP certificate to apply to different custom hostnames, use [Per-hostname AOP](/ssl/origin-configuration/authenticated-origin-pull/set-up/per-hostname/).
 
 :::