The Security section of the actuators documentation says:

For security purposes, all actuators other than /health are disabled by default. You can use the management.endpoints.web.exposure.include property to enable the actuators.

This should state that only the /health endpoint is exposed over HTTP rather than enabled.

Comment From: pashabhai

For security purposes, by default only /health endpoint is exposed over HTTP. If we want to enable others actuators from the available list of endpoints, use the management.endpoints.web.exposure.include property to enable the actuators.

Comment From: cmabdullah

It'll be easier to update documentation, @scottfrederick I'd like to work on it.

Comment From: wilkinsona

Thanks, @cmabdullah. It’s all yours. Please let us know if you have any questions.

Comment From: cmabdullah

@wilkinsona, Thanks for your support, I am working on this task, if any query comes to my mind, I will let you know for sure.

Comment From: pashabhai

@cmabdullah @scottfrederick

if its ok, we can start from below draft.

For security purposes, by default only /health endpoint is exposed over HTTP. If we want to enable remaining actuators from the available list of endpoints, use the management.endpoints.web.exposure.include property to enable the actuators.

Comment From: wilkinsona

Closing in favor of #30065.