From e331aedd56c20d221f77dcc77cbbdf40616887cd Mon Sep 17 00:00:00 2001
From: Nic <123965403+ngayerie@users.noreply.github.com>
Date: Wed, 29 Jan 2025 14:53:18 +0100
Subject: [PATCH 1/3] Update http-headers.mdx

---
 src/content/docs/fundamentals/reference/http-headers.mdx | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/fundamentals/reference/http-headers.mdx b/src/content/docs/fundamentals/reference/http-headers.mdx
index 522a5b22e044b4..c7933ad4083e56 100644
--- a/src/content/docs/fundamentals/reference/http-headers.mdx
+++ b/src/content/docs/fundamentals/reference/http-headers.mdx
@@ -117,7 +117,7 @@ Currently, this header is a JSON object, containing only one key called `scheme`
 
 ### CF-Worker
 
-The `CF-Worker` request header is added to an edge Worker subrequest that identifies the host that spawned the subrequest. This is useful when you want to protect yourself against cross-zone Worker subrequests. For example: `CF-Worker: example.com`.
+The `CF-Worker` request header is added to an edge Worker subrequest that identifies the host that spawned the subrequest. For example: `CF-Worker: example.com`.
 
 You can add `CF-Worker` header on server logs similar to the way you add the [`CF-RAY`](/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#add-the-cf-ray-header-to-your-logs) header. To do that, add `$http_cf_worker` in the log format file: `log_format cf_custom "CF-Worker:$http_cf_worker"'`
 
@@ -131,6 +131,10 @@ The intended purpose of this header is to provide a means for recipients (for ex
 
 :::note
 When configuring WAF custom rules, do not match on this header. These rules are applied before Cloudflare adds the `CF-Worker` header. Instead, use the [`cf.worker.upstream_zone`](/ruleset-engine/rules-language/fields/reference/cf.worker.upstream_zone/) field, which contains the same value and exists for the same purpose.
+
+To block just the one worker, add a `Block` action triggered by the expression `cf.worker.upstream_zone eq "example.com"`.
+
+To block all worker subrequests except from your own zone worker, add a `Block` action triggered by the expression `not (cf.worker.upstream_zone in {"" "customer-zone.com"})`.
 :::
 
 ### Connection

From d52836260869f95fc9b8d06273a13f83caa662fd Mon Sep 17 00:00:00 2001
From: Nic <123965403+ngayerie@users.noreply.github.com>
Date: Fri, 31 Jan 2025 11:29:47 +0100
Subject: [PATCH 2/3] Update
 src/content/docs/fundamentals/reference/http-headers.mdx

Co-authored-by: ToriLindsay <tgalatro@cloudflare.com>
---
 src/content/docs/fundamentals/reference/http-headers.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/fundamentals/reference/http-headers.mdx b/src/content/docs/fundamentals/reference/http-headers.mdx
index c7933ad4083e56..b7836148842d9d 100644
--- a/src/content/docs/fundamentals/reference/http-headers.mdx
+++ b/src/content/docs/fundamentals/reference/http-headers.mdx
@@ -134,7 +134,7 @@ When configuring WAF custom rules, do not match on this header. These rules are
 
 To block just the one worker, add a `Block` action triggered by the expression `cf.worker.upstream_zone eq "example.com"`.
 
-To block all worker subrequests except from your own zone worker, add a `Block` action triggered by the expression `not (cf.worker.upstream_zone in {"" "customer-zone.com"})`.
+To block all Worker subrequests except those from your own zone's Worker, add a `Block` action triggered by the expression `not (cf.worker.upstream_zone in {"" "customer-zone.com"})`.
 :::
 
 ### Connection

From 1b0c13218b5d1780375878af0941b877ef37289a Mon Sep 17 00:00:00 2001
From: Nic <123965403+ngayerie@users.noreply.github.com>
Date: Fri, 31 Jan 2025 11:29:57 +0100
Subject: [PATCH 3/3] Update
 src/content/docs/fundamentals/reference/http-headers.mdx

Co-authored-by: ToriLindsay <tgalatro@cloudflare.com>
---
 src/content/docs/fundamentals/reference/http-headers.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/fundamentals/reference/http-headers.mdx b/src/content/docs/fundamentals/reference/http-headers.mdx
index b7836148842d9d..65bce54975689f 100644
--- a/src/content/docs/fundamentals/reference/http-headers.mdx
+++ b/src/content/docs/fundamentals/reference/http-headers.mdx
@@ -132,7 +132,7 @@ The intended purpose of this header is to provide a means for recipients (for ex
 :::note
 When configuring WAF custom rules, do not match on this header. These rules are applied before Cloudflare adds the `CF-Worker` header. Instead, use the [`cf.worker.upstream_zone`](/ruleset-engine/rules-language/fields/reference/cf.worker.upstream_zone/) field, which contains the same value and exists for the same purpose.
 
-To block just the one worker, add a `Block` action triggered by the expression `cf.worker.upstream_zone eq "example.com"`.
+To block a specific Worker, add a `Block` action triggered by the expression `cf.worker.upstream_zone eq "example.com"`.
 
 To block all Worker subrequests except those from your own zone's Worker, add a `Block` action triggered by the expression `not (cf.worker.upstream_zone in {"" "customer-zone.com"})`.
 :::