diff --git a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
index 3f2a65a562d..b2683fcbf1b 100644
--- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
+++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
@@ -477,32 +477,17 @@ content into your application; rather pick only the properties that you need.
 	# ----------------------------------------
 	# SECURITY ({sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[SecurityProperties])
 	security.basic.authorize-mode=role # Security authorize mode to apply.
-	security.basic.enabled=true # Enable basic authentication.
-	security.basic.path=/** # Comma-separated list of paths to secure.
-	security.basic.realm=Spring # HTTP basic realm name.
-	security.enable-csrf=false # Enable Cross Site Request Forgery support.
-	security.filter-order=0 # Security filter chain order.
-	security.filter-dispatcher-types=ASYNC,ERROR,REQUEST # Security filter chain dispatcher types.
-	security.headers.cache=true # Enable cache control HTTP headers.
-	security.headers.content-security-policy= # Value for content security policy header.
-	security.headers.content-security-policy-mode=default # Content security policy mode.
-	security.headers.content-type=true # Enable "X-Content-Type-Options" header.
-	security.headers.frame=true # Enable "X-Frame-Options" header.
-	security.headers.hsts=all # HTTP Strict Transport Security (HSTS) mode (none, domain, all).
-	security.headers.xss=true # Enable cross site scripting (XSS) protection.
-	security.ignored= # Comma-separated list of paths to exclude from the default secured paths.
-	security.require-ssl=false # Enable secure channel for all requests.
-	security.sessions=stateless # Session creation policy (always, never, if_required, stateless).
-	security.user.name=user # Default user name.
-	security.user.password= # Password for the default user name. A random password is logged on startup by default.
-	security.user.role=USER # Granted roles for the default user name.
+    security.basic.enabled=true # Enable basic authentication.
+    security.filter-order=0 # Security filter chain order.
+    security.filter-dispatcher-types=ASYNC,ERROR,REQUEST # Security filter chain dispatcher types.
+    security.headers.hsts=all # HTTP Strict Transport Security (HSTS) mode (none, domain, all).
+    security.sessions=stateless # Session creation policy (always, never, if_required, stateless).
 
 	# SECURITY OAUTH2 CLIENT ({sc-spring-boot-autoconfigure}/security/oauth2/OAuth2ClientProperties.{sc-ext}[OAuth2ClientProperties])
 	security.oauth2.client.client-id= # OAuth2 client id.
 	security.oauth2.client.client-secret= # OAuth2 client secret. A random secret is generated by default
 
 	# SECURITY OAUTH2 RESOURCES ({sc-spring-boot-autoconfigure}/security/oauth2/resource/ResourceServerProperties.{sc-ext}[ResourceServerProperties])
-	security.oauth2.resource.filter-order= # The order of the filter chain used to authenticate tokens.
 	security.oauth2.resource.id= # Identifier of the resource.
 	security.oauth2.resource.jwt.key-uri= # The URI of the JWT token. Can be set if the value is not available and the key is public.
 	security.oauth2.resource.jwt.key-value= # The verification key of the JWT token. Can either be a symmetric secret or PEM-encoded RSA public key.
@@ -514,7 +499,6 @@ content into your application; rather pick only the properties that you need.
 	security.oauth2.resource.user-info-uri= # URI of the user endpoint.
 
 	# SECURITY OAUTH2 SSO ({sc-spring-boot-autoconfigure}/security/oauth2/client/OAuth2SsoProperties.{sc-ext}[OAuth2SsoProperties])
-	security.oauth2.sso.filter-order= # Filter order to apply if not providing an explicit WebSecurityConfigurerAdapter
 	security.oauth2.sso.login-path=/login # Path to the login page, i.e. the one that triggers the redirect to the OAuth2 Authorization Server
 
 
@@ -1210,8 +1194,6 @@ content into your application; rather pick only the properties that you need.
 	management.address= # Network address that the management endpoints should bind to.
 	management.context-path= # Management endpoint context-path. For instance `/actuator`
 	management.port= # Management endpoint HTTP port. Uses the same port as the application by default. Configure a different port to use management-specific SSL.
-	management.security.enabled=true # Enable security.
-	management.security.roles=ACTUATOR # Comma-separated list of roles that can access the management endpoint.
 	management.security.sessions=stateless # Session creating policy to use (always, never, if_required, stateless).
 	management.ssl.ciphers= # Supported SSL ciphers. Requires a custom management.port.
 	management.ssl.client-auth= # Whether client authentication is wanted ("want") or needed ("need"). Requires a trust store. Requires a custom management.port.