diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx
index 1f47f26d6fdb3d..17002d04882a51 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx
@@ -2,12 +2,12 @@
 pcx_content_type: concept
 title: HTTP/3
 sidebar:
-  order: 2
+  order: 3
 ---
 
 import { Details } from "~/components";
 
-Gateway supports inspection of HTTP/3 traffic, which uses the QUIC protocol over UDP. HTTP/3 inspection requires traffic to be proxied over UDP.
+Gateway supports inspection of HTTP/3 traffic, which uses the QUIC protocol over UDP. HTTP/3 inspection requires a [user-side certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) to be deployed and traffic to be proxied over UDP with [TLS version 1.3](/cloudflare-one/policies/gateway/http-policies/tls-decryption/).
 
 Gateway applies HTTP policies to HTTP/3 traffic last. For more information, refer to the [order of enforcement](/cloudflare-one/policies/gateway/order-of-enforcement/#http3-traffic).
 
diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
index f8c7bbf2175056..a7864c52ec457e 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: concept
 title: TLS decryption
 sidebar:
-  order: 3
+  order: 2
 ---
 
 import {
@@ -19,6 +19,8 @@ When you enable TLS decryption, Gateway will decrypt all traffic sent over HTTPS
 
 Cloudflare prevents interference by decrypting, inspecting, and re-encrypting HTTPS requests in its data centers in memory only. Gateway only stores eligible cache content at rest. All cache disks are encrypted at rest. You can configure where TLS decryption takes place with [Regional Services](/data-localization/regional-services/) in the [Cloudflare Data Localization Suite (DLS)](/data-localization/).
 
+Cloudflare supports connections from users to Gateway over TLS 1.1, 1.2, and 1.3.
+
 ## Enable TLS decryption
 
 <Render file="gateway/enable-tls-decryption" product="cloudflare-one" />
@@ -51,7 +53,7 @@ Google Chrome can automatically upgrade HTTP requests to HTTPS requests, even wh
 
 You can turn off automatic HTTPS upgrades via a Gateway pass through policy, a Chrome browser flag, or a Chrome Enterprise policy.
 
-<Tabs> <TabItem label="pass through policy">
+<Tabs> <TabItem label="Pass through policy">
 
 To disable automatic HTTPS upgrades for a URL across your Zero Trust organization, create a Gateway pass through policy.
 
@@ -69,11 +71,11 @@ To disable automatic HTTPS upgrades for a URL across your Zero Trust organizatio
 
 The pass through policy will bypass insecure connection upgrades for any device connected to your Zero Trust organization. For more information, refer to [Untrusted certificates](/cloudflare-one/policies/gateway/http-policies/#untrusted-certificates).
 
-</TabItem> <TabItem label="chrome browser flag">
+</TabItem> <TabItem label="Chrome browser flag">
 
 To disable automatic HTTPS upgrades on a per-browser basis, go to [Chrome flags](chrome://flags/#https-upgrades) and turn off **HTTPS Upgrades**.
 
-</TabItem> <TabItem label="chrome enterprise policy">
+</TabItem> <TabItem label="Chrome enterprise policy">
 
 Chrome Enterprise users can turn off automatic HTTPS upgrades for all URLs with a [`HttpsUpgradesEnabled` management policy](https://chromeenterprise.google/policies/#HttpsUpgradesEnabled).