diff --git a/extension/Documentation/Manual.rst b/extension/Documentation/Manual.rst
index 53ae5941dc47b739afea9f135bfa8e5ffcbaf263..b2eae8146db03179ba3af4ea89f4712a48f18935 100644
--- a/extension/Documentation/Manual.rst
+++ b/extension/Documentation/Manual.rst
@@ -439,7 +439,7 @@ Extension Manager: QFQ Configuration
 | securityGetMaxLength              | 50                                                    | GET vars longer than 'x' chars triggers an `attack-recognized`.            |
 |                                   |                                                       | `ExceptionMaxLength`_.                                                     |
 +-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+
-| securityFailedAuthDelay           | 3                                                     | If authorization fails, sleep 'x' seconds before answering the request.    |
+| securityFailedAuthDelay           | 3                                                     | If REST authorization fails, sleep 'x' seconds before answering.           |
 +-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+
 | Form-Config                                                                                                                                                            |
 +-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+
diff --git a/extension/ext_conf_template.txt b/extension/ext_conf_template.txt
index 1198cf0132eb9e609ec950a0ae85dfb9d0f86457..d481e50a4be4d73085367282f6f4d5b975f77da9 100644
--- a/extension/ext_conf_template.txt
+++ b/extension/ext_conf_template.txt
@@ -107,7 +107,7 @@ securityShowMessage = true
 # cat=security/security; type=string; label='GET'-Parameter max length:Default is '50'. GET vars longer than 'x' character triggers an `attack-detected`.
 securityGetMaxLength = 50
 
-# cat=security/security; type=string; label=Failed auth delay in seconds:Default is '3'.
+# cat=security/security; type=string; label=REST - Failed auth delay in seconds:Default is '3'.
 securityFailedAuthDelay = 3
 
 # cat=security/security; type=string; label=Session Timeout in seconds:Default is empty to take the php.ini system value (minimum of  'session.cookie_lifetime' and 'session.gc_maxlifetime').