diff --git a/index.bs b/index.bs
index a36b66cff..fbd122773 100644
--- a/index.bs
+++ b/index.bs
@@ -1235,6 +1235,8 @@ where a single [=[RP]=] maintains multiple [=origins=].
 The client facilitates these security measures by providing the [=[RP]=]'s [=origin=] and [=RP ID=] to the [=authenticator=] for
 each operation. Since this is an integral part of the WebAuthn security model, user agents only expose this API to callers in
 [=secure contexts=].
+For web contexts in particular,
+this only includes those accessed via a secure transport (e.g., TLS) established without errors.
 
 The Web Authentication API is defined by the union of the Web IDL fragments presented in the following sections. A combined IDL
 listing is given in the [[#idl-index]].