diff --git a/webhooks/security.mdx b/webhooks/security.mdx
index 34d93891..fdeb3523 100644
--- a/webhooks/security.mdx
+++ b/webhooks/security.mdx
@@ -46,24 +46,6 @@ X-Firecrawl-Signature: sha256=abc123def456...
 
 ## Best Practices
 
-### Always Verify Signatures
-
-Never process a webhook without verifying its signature first:
-
-```javascript
-app.post('/webhook', (req, res) => {
-  if (!verifySignature(req)) {
-    return res.status(401).send('Unauthorized');
-  }
-  processWebhook(req.body);
-  res.status(200).send('OK');
-});
-```
-
-### Use Timing-Safe Comparisons
-
-Standard string comparison can leak timing information. Use `crypto.timingSafeEqual()` in Node.js or `hmac.compare_digest()` in Python.
-
-### Use HTTPS
-
-Always use HTTPS for your webhook endpoint to ensure payloads are encrypted in transit.
+- **Verify every request.** Always check the signature before processing a webhook payload. Reject any request that fails verification with a `401` status.
+- **Use timing-safe comparisons.** Standard string comparison can leak timing information. Use `crypto.timingSafeEqual()` in Node.js or `hmac.compare_digest()` in Python.
+- **Serve your endpoint over HTTPS.** This ensures webhook payloads are encrypted in transit.