diff --git a/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx b/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx
index e2e7b3dcb84..b979c6fd4e6 100644
--- a/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx
+++ b/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx
@@ -335,6 +335,45 @@ Service Binding (SVCB) and HTTPS Service (HTTPS) records allow you to provide a
If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), [proxied DNS records](/dns/proxy-status/), and is also using [Universal SSL](/ssl/edge-certificates/universal-ssl/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server.
+#### Proxied vs DNS-only names
+For [proxied (orange cloud)](/dns/proxy-status/) names, Cloudflare synthesizes HTTPS records automatically when Universal SSL is enabled. Manually-added HTTPS records on proxied names are not served — Cloudflare uses the auto-generated records instead.
+
+If you have disabled Universal SSL (for example, because you use [Advanced Certificates](/ssl/edge-certificates/advanced-certificate-manager/) exclusively), Cloudflare will not generate HTTPS records for proxied names.
+
+For [DNS-only (grey cloud)](/dns/proxy-status/) names, you can manually add HTTPS records and Cloudflare will serve them. However, **all records with the same name must be DNS-only** for the manual HTTPS record to be served.
+
+
+
+For Cloudflare to serve a manually-added HTTPS record, every record with the same name must be DNS-only (grey cloud).
+
+
+
+**Will work** — All records with the same name are DNS-only:
+
+| Type | Name | Content | Proxy status |
+| ----- | ----------- | --------------- | ------------ |
+| A | example.com | `192.0.2.1` | DNS only |
+| HTTPS | example.com | `1 . alpn="h3"` | - |
+
+The HTTPS record will be served because the A record is DNS-only.
+
+
+
+
+
+**Will not work** — Mixed proxy status for the same name:
+
+| Type | Name | Content | Proxy status |
+| ----- | ----------- | --------------- | ------------ |
+| AAAA | example.com | `2001:db8::1` | Proxied |
+| HTTPS | example.com | `1 . alpn="h3"` | - |
+
+The HTTPS record will **not** be served because the AAAA record with the same name is proxied.
+
+
+
+
+
For more details and context, refer to the [announcement blog post](https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/) and [RFC 9460](https://www.rfc-editor.org/rfc/rfc9460.html).
diff --git a/src/content/docs/ssl/reference/browser-compatibility.mdx b/src/content/docs/ssl/reference/browser-compatibility.mdx
index 80f27197165..a7af16592d7 100644
--- a/src/content/docs/ssl/reference/browser-compatibility.mdx
+++ b/src/content/docs/ssl/reference/browser-compatibility.mdx
@@ -45,8 +45,10 @@ To support non-SNI requests, you can:
If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), [proxied DNS records](/dns/proxy-status/), and is also using [Universal SSL](/ssl/edge-certificates/universal-ssl/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server.
-:::caution
-Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling Universal SSL, for example, could impact this behavior.
+:::caution[Universal SSL required for automatic HTTPS records]
+Disabling Universal SSL will prevent automatic HTTPS record generation for proxied hostnames, even if you have [Advanced Certificates](/ssl/edge-certificates/advanced-certificate-manager/) or [custom certificates](/ssl/edge-certificates/custom-certificates/) configured. This is because automatic HTTPS record generation is tied specifically to the Universal SSL feature.
+
+If you need HTTPS records without Universal SSL, you can manually add them, but only if **all records with the same name are DNS-only (grey cloud)**. Refer to [SVCB and HTTPS records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) for details and examples.
:::
## OCSP and HTTP versions