AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/waf-js-challenge-api-get-token.md

Summary

Replaced 'protection pack or web ACL' with 'protection pack (web ACL)' for terminology consistency

Security assessment

The change standardizes terminology without altering security functionality. No evidence of addressing a security issue or adding security documentation.

Diff

diff --git a/waf/latest/developerguide/waf-js-challenge-api-get-token.md b/waf/latest/developerguide/waf-js-challenge-api-get-token.md
index c326663f8..9783ebab3 100644
--- a//waf/latest/developerguide/waf-js-challenge-api-get-token.md
+++ b//waf/latest/developerguide/waf-js-challenge-api-get-token.md
@@ -94 +94 @@ The `fetch` wrapper handles these cases automatically, but if you aren't able to
-By default, AWS WAF only accepts tokens that contain the same domain as the requested host domain. Any cross-domain tokens require corresponding entries in the protection pack or web ACL token domain list. For more information, see [AWS WAF protection pack or web ACL token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists). 
+By default, AWS WAF only accepts tokens that contain the same domain as the requested host domain. Any cross-domain tokens require corresponding entries in the protection pack (web ACL) token domain list. For more information, see [AWS WAF protection pack (web ACL) token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists).