diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml
index 827a2519c0e..3d1435314b4 100644
--- a/auditbeat/auditbeat.reference.yml
+++ b/auditbeat/auditbeat.reference.yml
@@ -1633,6 +1633,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml
index abb056c654e..dc7250e402c 100644
--- a/filebeat/filebeat.reference.yml
+++ b/filebeat/filebeat.reference.yml
@@ -2545,6 +2545,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml
index 5ea028e3be0..1eb37188303 100644
--- a/heartbeat/heartbeat.reference.yml
+++ b/heartbeat/heartbeat.reference.yml
@@ -1779,6 +1779,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/journalbeat/journalbeat.reference.yml b/journalbeat/journalbeat.reference.yml
index ed6c7582b65..5058ed19cce 100644
--- a/journalbeat/journalbeat.reference.yml
+++ b/journalbeat/journalbeat.reference.yml
@@ -1576,6 +1576,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/libbeat/_meta/config/http.reference.yml.tmpl b/libbeat/_meta/config/http.reference.yml.tmpl
index 93afc56bb03..ccf85bb6189 100644
--- a/libbeat/_meta/config/http.reference.yml.tmpl
+++ b/libbeat/_meta/config/http.reference.yml.tmpl
@@ -24,4 +24,5 @@
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml
index 3799b8d5c39..d78e42dcf8c 100644
--- a/metricbeat/metricbeat.reference.yml
+++ b/metricbeat/metricbeat.reference.yml
@@ -2456,6 +2456,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml
index 016b96fc1d6..3377abc029a 100644
--- a/packetbeat/packetbeat.reference.yml
+++ b/packetbeat/packetbeat.reference.yml
@@ -2128,6 +2128,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml
index d965dd07b7d..77886958368 100644
--- a/winlogbeat/winlogbeat.reference.yml
+++ b/winlogbeat/winlogbeat.reference.yml
@@ -1556,6 +1556,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/x-pack/auditbeat/auditbeat.reference.yml b/x-pack/auditbeat/auditbeat.reference.yml
index 76450fdb847..bab59c339c1 100644
--- a/x-pack/auditbeat/auditbeat.reference.yml
+++ b/x-pack/auditbeat/auditbeat.reference.yml
@@ -1689,6 +1689,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml
index bc1b51fac38..428230017f7 100644
--- a/x-pack/filebeat/filebeat.reference.yml
+++ b/x-pack/filebeat/filebeat.reference.yml
@@ -4698,6 +4698,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/x-pack/functionbeat/functionbeat.reference.yml b/x-pack/functionbeat/functionbeat.reference.yml
index 012ea8b5db2..4b6dab7943f 100644
--- a/x-pack/functionbeat/functionbeat.reference.yml
+++ b/x-pack/functionbeat/functionbeat.reference.yml
@@ -1427,6 +1427,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/x-pack/heartbeat/heartbeat.reference.yml b/x-pack/heartbeat/heartbeat.reference.yml
index 5ea028e3be0..1eb37188303 100644
--- a/x-pack/heartbeat/heartbeat.reference.yml
+++ b/x-pack/heartbeat/heartbeat.reference.yml
@@ -1779,6 +1779,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml
index ec7bb97eb62..bcece50b832 100644
--- a/x-pack/metricbeat/metricbeat.reference.yml
+++ b/x-pack/metricbeat/metricbeat.reference.yml
@@ -2977,6 +2977,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/x-pack/osquerybeat/osquerybeat.reference.yml b/x-pack/osquerybeat/osquerybeat.reference.yml
index 901517007ca..13dfcc2089e 100644
--- a/x-pack/osquerybeat/osquerybeat.reference.yml
+++ b/x-pack/osquerybeat/osquerybeat.reference.yml
@@ -1146,6 +1146,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/x-pack/packetbeat/packetbeat.reference.yml b/x-pack/packetbeat/packetbeat.reference.yml
index 016b96fc1d6..3377abc029a 100644
--- a/x-pack/packetbeat/packetbeat.reference.yml
+++ b/x-pack/packetbeat/packetbeat.reference.yml
@@ -2128,6 +2128,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================
diff --git a/x-pack/winlogbeat/winlogbeat.reference.yml b/x-pack/winlogbeat/winlogbeat.reference.yml
index 45bb2165032..09afd2e6208 100644
--- a/x-pack/winlogbeat/winlogbeat.reference.yml
+++ b/x-pack/winlogbeat/winlogbeat.reference.yml
@@ -1599,6 +1599,7 @@ logging.files:
 #http.named_pipe.security_descriptor:
 
 # Defines if the HTTP pprof endpoints are enabled.
+# It is recommended that this is only enabled on localhost as these endpoints may leak data.
 #http.pprof.enabled: false
 
 # ============================== Process Security ==============================