diff --git a/docs/discovery.md b/docs/discovery.md
index 2a0cf24..6768df6 100644
--- a/docs/discovery.md
+++ b/docs/discovery.md
@@ -257,3 +257,9 @@ Cache-Control: public, max-age=3600
 
 MCP Catalogs MUST be served over HTTPS (TLS 1.2 or later) in production. HTTP MAY be
 used for local development only.
+
+### Denial of Service
+
+MCP Servers SHOULD implement rate limiting on their Server Card endpoint to prevent abuse.
+
+MCP Clients SHOULD respect `Cache-Control` headers and avoid unnecessary polling.