diff --git a/src/content/docs/dns/proxy-status/index.mdx b/src/content/docs/dns/proxy-status/index.mdx
index 77b005f539d385d..78a343090f7a547 100644
--- a/src/content/docs/dns/proxy-status/index.mdx
+++ b/src/content/docs/dns/proxy-status/index.mdx
@@ -10,7 +10,7 @@ sidebar:
 
 import { Render, Example, Details, GlossaryTooltip } from "~/components";
 
-While your [DNS records](/dns/manage-dns-records/) make your website or application available to visitors and other web services, the **Proxy status** of a DNS record defines how Cloudflare treats incoming DNS queries for that record.
+While your [DNS records](/dns/manage-dns-records/) make your website or application available to visitors and other web services, the proxy status of a DNS record defines how Cloudflare treats incoming DNS queries for that record.
 
 The records you can proxy through Cloudflare are [records used for IP address resolution](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) — meaning A, AAAA, or CNAME records.
 
diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
index 686ec9403cdd3b6..05a0e9d69003f08 100644
--- a/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
+++ b/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
@@ -14,6 +14,10 @@ import { GlossaryTooltip } from "~/components"
 
 Universal SSL certificates present some limitations.
 
+## Proxy status
+
+Cloudflare can only serve an SSL/TLS certificate for a DNS record when you set the record's [proxy status](/dns/proxy-status/) to **Proxied**. If you do not do this, the origin server your record points to will be responsible for supporting SSL/TLS connections.
+
 ## Hostname coverage
 
 ### Full setup
@@ -60,4 +64,4 @@ Due to internal limitations, Universal SSL certificates do not cover [load balan
 
 ## Browser support
 
-For more on browser support, see [Browser compatibility](/ssl/reference/browser-compatibility/).
\ No newline at end of file
+For more on browser support, see [Browser compatibility](/ssl/reference/browser-compatibility/).
diff --git a/src/content/partials/dns/ssltls-subdomains.mdx b/src/content/partials/dns/ssltls-subdomains.mdx
index c0f394e91d9f857..7509364e5359f30 100644
--- a/src/content/partials/dns/ssltls-subdomains.mdx
+++ b/src/content/partials/dns/ssltls-subdomains.mdx
@@ -6,3 +6,7 @@
 If your main domain is using Cloudflare's [Universal SSL certificate](/ssl/edge-certificates/universal-ssl/), that certificate also covers all first-level subdomains (`blog.example.com`).
 
 For deeper subdomains (`dev.blog.example.com`), use a [different type of certificate](/ssl/edge-certificates/universal-ssl/limitations/#full-setup).
+
+:::note[Proxy status]
+Cloudflare can only serve an SSL/TLS certificate for a DNS record when you set the record's [proxy status](/dns/proxy-status/) to **Proxied**. If you do not do this, the origin server your record points to will be responsible for supporting SSL/TLS connections.
+:::