From 267ef064c07db207093bf8d9e7ebc19a3f9c670c Mon Sep 17 00:00:00 2001
From: Dan Upton <daniel@floppy.co>
Date: Fri, 3 Dec 2021 17:31:09 +0000
Subject: [PATCH] docs: `X-Consul-Results-Filtered-By-ACLs` header (#11629)

---
 website/content/api-docs/index.mdx | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/website/content/api-docs/index.mdx b/website/content/api-docs/index.mdx
index a0194850a3..d57d86b18a 100644
--- a/website/content/api-docs/index.mdx
+++ b/website/content/api-docs/index.mdx
@@ -97,6 +97,15 @@ action if no intention matches.
 
 This is returned even if ACLs are disabled.
 
+## Results Filtered by ACLs
+
+As of Consul 1.11, most list endpoints support an `X-Consul-Results-Filtered-By-ACLs`
+HTTP response header. This indicates that the response contains a partial subset
+of results, because some have been filtered out by ACL policies.
+
+In order to limit information leakage, this header is only present for requests
+authenticated by a valid ACL token.
+
 ## UUID Format
 
 UUID-format identifiers generated by the Consul API use the