diff --git a/management/src/test/groovy/io/micronaut/management/endpoint/health/HealthEndpointSpec.groovy b/management/src/test/groovy/io/micronaut/management/endpoint/health/HealthEndpointSpec.groovy
index 4ff625836dd..238494cc40f 100644
--- a/management/src/test/groovy/io/micronaut/management/endpoint/health/HealthEndpointSpec.groovy
+++ b/management/src/test/groovy/io/micronaut/management/endpoint/health/HealthEndpointSpec.groovy
@@ -19,10 +19,12 @@ import io.micronaut.context.ApplicationContext
 import io.micronaut.context.annotation.Requires
 import io.micronaut.core.convert.ArgumentConversionContext
 import io.micronaut.core.type.Argument
+import io.micronaut.core.util.StringUtils
 import io.micronaut.health.HealthStatus
 import io.micronaut.http.HttpRequest
 import io.micronaut.http.HttpStatus
 import io.micronaut.http.bind.binders.TypedRequestArgumentBinder
+import io.micronaut.http.client.BlockingHttpClient
 import io.micronaut.http.client.HttpClient
 import io.micronaut.http.client.exceptions.HttpClientResponseException
 import io.micronaut.management.health.aggregator.DefaultHealthAggregator
@@ -169,6 +171,27 @@ class HealthEndpointSpec extends Specification {
         embeddedServer.close()
     }
 
+    void "test health endpoint returns 401 for sensitive true and details-visible anonymous"() {
+        given:
+        EmbeddedServer embeddedServer = ApplicationContext.run(EmbeddedServer, [
+                'spec.name': getClass().simpleName,
+                'endpoints.health.sensitive': StringUtils.TRUE,
+                'endpoints.health.details-visible': DetailsVisibility.ANONYMOUS])
+        URL server = embeddedServer.getURL()
+        HttpClient httpClient = embeddedServer.applicationContext.createBean(HttpClient, server)
+        BlockingHttpClient client = httpClient.toBlocking()
+
+        when:
+        client.exchange("/health", HealthResult)
+
+        then:
+        HttpClientResponseException ex = thrown(HttpClientResponseException)
+        HttpStatus.UNAUTHORIZED == ex.status
+
+        cleanup:
+        embeddedServer.close()
+    }
+
     void "test health endpoint with a high diskspace threshold"() {
         given:
         EmbeddedServer embeddedServer = ApplicationContext.run(EmbeddedServer, [
diff --git a/src/main/docs/guide/management/providedEndpoints/healthEndpoint.adoc b/src/main/docs/guide/management/providedEndpoints/healthEndpoint.adoc
index a69026417ee..d8ff91a4d5d 100644
--- a/src/main/docs/guide/management/providedEndpoints/healthEndpoint.adoc
+++ b/src/main/docs/guide/management/providedEndpoints/healthEndpoint.adoc
@@ -20,7 +20,7 @@ endpoints:
 
 - `details-visible` is one of api:management.endpoint.health.DetailsVisibility[]
 
-The `details-visible` setting controls whether health detail will be exposed to users who are not authenticated.
+The `details-visible` setting controls whether health detail will be exposed to users who are not authenticated. If the details-visible parameter is configured as ANONYMOUS, while the sensitive flag is set to true, the resulting outcome will be 401 Unauthorized.
 
 For example, setting: