[WAF] Clarify detection on Free plans (#20912)

Author: pedrosousa

src/content/docs/waf/detections/index.mdx

@@ -32,8 +32,12 @@ To turn on a traffic detection:
 
 Enabled detections will run for all incoming traffic.
 
-:::note
+:::note[Notes]
+
+On Free plans, the leaked credentials detection is enabled by default, and no action is required.
+
 Currently, you cannot manage the [bot score](/bots/concepts/bot-score/) and [attack score](/waf/detections/attack-score/) detections from the **Security** > **Settings** page. Refer to the documentation of each feature for availability details.
+
 :::
 
 ## More resources