From dbf45f8cb54ff1f8e9bba654531809d727e3a5ef Mon Sep 17 00:00:00 2001
From: Tadas Antanavicius <tadas@pulsemcp.com>
Date: Mon, 8 Jun 2026 12:48:44 -0700
Subject: [PATCH] Add DoS section

Closes https://github.com/modelcontextprotocol/experimental-ext-server-card/issues/21
---
 docs/discovery.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/discovery.md b/docs/discovery.md
index 2a0cf24..6768df6 100644
--- a/docs/discovery.md
+++ b/docs/discovery.md
@@ -257,3 +257,9 @@ Cache-Control: public, max-age=3600
 
 MCP Catalogs MUST be served over HTTPS (TLS 1.2 or later) in production. HTTP MAY be
 used for local development only.
+
+### Denial of Service
+
+MCP Servers SHOULD implement rate limiting on their Server Card endpoint to prevent abuse.
+
+MCP Clients SHOULD respect `Cache-Control` headers and avoid unnecessary polling.