diff --git a/README.md b/README.md
index c2f7467..e314fc2 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ A self-hosted web app for tracking cookie inventory and customers for a single t
 - **Reports**: Sales by product, top customers, revenue over time, order status breakdown, and inventory summary. Filterable by date range (all time, this week, this month, custom).
 - **Stock Audit Trail**: Every stock change (restock, order create/update/delete) is logged with reason and reference.
 - **Dashboard**: Summary counts, low-stock list, recent orders.
+- **Security**: Helmet security headers (CSP, HSTS, X-Content-Type-Options, X-Frame-Options), API rate limiting (100 req/min), login brute-force protection (5 attempts/min), httpOnly/SameSite session cookies.
 
 ## Requirements