diff --git a/README.md b/README.md
index c3d07869..db7b81dd 100644
--- a/README.md
+++ b/README.md
@@ -111,6 +111,19 @@ jobs:
       - run: npm test
 ```
 
+## Using `setup-node` on GHES
+
+`setup-node` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Nodejs distributions, `setup-node` downloads distributions from [`actions/node-versions`](https://github.com/actions/node-versions) on github.com (outside of the appliance). These calls to `actions/node-versions` are made via unauthenticated requests, which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If more requests are made within the time frame, then you will start to see rate-limit errors during downloading that looks like: `##[error]API rate limit exceeded for...`. After that error the action will try to download versions directly from the official site, but it also can have rate limit so it's better to put token.
+
+To get a higher rate limit, you can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token` input for the action:
+
+```yaml
+uses: actions/setup-node@v3
+with:
+  token: ${{ secrets.GH_DOTCOM_TOKEN }}
+  node-version: 16
+```
+
 ## Advanced usage
 
 1. [Check latest version](docs/advanced-usage.md#check-latest-version)
diff --git a/action.yml b/action.yml
index ae2e8243..b22de1ef 100644
--- a/action.yml
+++ b/action.yml
@@ -19,8 +19,8 @@ inputs:
   scope:
     description: 'Optional scope for authenticating against scoped registries. Will fall back to the repository owner when using the GitHub Packages registry (https://npm.pkg.github.com/).'
   token:
-    description: Used to pull node distributions from node-versions.  Since there's a default, this is typically not supplied by the user.
-    default: ${{ github.token }}
+    description: Used to pull node distributions from node-versions. Since there's a default, this is typically not supplied by the user. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting.
+    default: ${{ github.server_url == 'https://github.com' && github.token || '' }}
   cache:
     description: 'Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm.'
   cache-dependency-path: