diff --git a/src/content/docs/waf/detections/index.mdx b/src/content/docs/waf/detections/index.mdx
index f311d6ee3558000..4db5e42361e446f 100644
--- a/src/content/docs/waf/detections/index.mdx
+++ b/src/content/docs/waf/detections/index.mdx
@@ -32,8 +32,12 @@ To turn on a traffic detection:
 
 Enabled detections will run for all incoming traffic.
 
-:::note
+:::note[Notes]
+
+On Free plans, the leaked credentials detection is enabled by default, and no action is required.
+
 Currently, you cannot manage the [bot score](/bots/concepts/bot-score/) and [attack score](/waf/detections/attack-score/) detections from the **Security** > **Settings** page. Refer to the documentation of each feature for availability details.
+
 :::
 
 ## More resources