diff --git a/src/applications/config/option/PhabricatorNotificationConfigOptions.php b/src/applications/config/option/PhabricatorNotificationConfigOptions.php
--- a/src/applications/config/option/PhabricatorNotificationConfigOptions.php
+++ b/src/applications/config/option/PhabricatorNotificationConfigOptions.php
@@ -52,6 +52,7 @@
 
     return array(
       $this->newOption('notification.servers', $servers_type, array())
+        ->setHidden(true)
         ->setSummary(pht('Configure real-time notifications.'))
         ->setDescription($servers_help)
         ->addExample(
diff --git a/src/applications/notification/client/PhabricatorNotificationServerRef.php b/src/applications/notification/client/PhabricatorNotificationServerRef.php
--- a/src/applications/notification/client/PhabricatorNotificationServerRef.php
+++ b/src/applications/notification/client/PhabricatorNotificationServerRef.php
@@ -209,8 +209,7 @@
 
     $server_uri = $this->getURI('/status/');
 
-    list($body) = id(new HTTPSFuture($server_uri))
-      ->setTimeout(2)
+    list($body) = $this->newFuture($server_uri)
       ->resolvex();
 
     return phutil_json_decode($body);
@@ -225,10 +224,32 @@
     $server_uri = $this->getURI('/');
     $payload = phutil_json_encode($data);
 
-    id(new HTTPSFuture($server_uri, $payload))
+    $this->newFuture($server_uri, $payload)
       ->setMethod('POST')
-      ->setTimeout(2)
       ->resolvex();
   }
 
+  private function newFuture($uri, $data = null) {
+    if ($data === null) {
+      $future = new HTTPSFuture($uri);
+    } else {
+      $future = new HTTPSFuture($uri, $data);
+    }
+
+    $future->setTimeout(2);
+
+    // At one point, a HackerOne researcher reported a "Location:" redirect
+    // attack here (if the attacker can gain control of the notification
+    // server or the configuration).
+
+    // Although this attack is not particularly concerning, we don't expect
+    // Aphlict to ever issue a "Location:" header, so receiving one indicates
+    // something is wrong and declining to follow the header may make debugging
+    // easier.
+
+    $future->setFollowLocation(false);
+
+    return $future;
+  }
+
 }
diff --git a/src/docs/user/configuration/configuration_locked.diviner b/src/docs/user/configuration/configuration_locked.diviner
--- a/src/docs/user/configuration/configuration_locked.diviner
+++ b/src/docs/user/configuration/configuration_locked.diviner
@@ -146,6 +146,12 @@
 you should move these configuration values from the database to a local config
 file. Usually, you'll do this by first copying the value from the database:
 
+```
+phabricator/ $ ./bin/config get <key>
+```
+
+...into local configuration:
+
 ```
 phabricator/ $ ./bin/config set <key> <value>
 ```
diff --git a/src/docs/user/configuration/notifications.diviner b/src/docs/user/configuration/notifications.diviner
--- a/src/docs/user/configuration/notifications.diviner
+++ b/src/docs/user/configuration/notifications.diviner
@@ -156,7 +156,8 @@
 =======================
 
 After configuring `notification.servers`, navigate to
-{nav Config > Notification Servers} to verify that things are operational.
+{nav Config > Services > Notification Servers} to verify that things are
+operational.
 
 
 Troubleshooting