From b63be8840e611a399578ef86c88d1b883bce6bf2 Mon Sep 17 00:00:00 2001
From: adamp <adam.paulsen@gmail.com>
Date: Mon, 9 Feb 2026 22:08:42 -0600
Subject: [PATCH] Update README with security features

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index c2f7467..e314fc2 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ A self-hosted web app for tracking cookie inventory and customers for a single t
 - **Reports**: Sales by product, top customers, revenue over time, order status breakdown, and inventory summary. Filterable by date range (all time, this week, this month, custom).
 - **Stock Audit Trail**: Every stock change (restock, order create/update/delete) is logged with reason and reference.
 - **Dashboard**: Summary counts, low-stock list, recent orders.
+- **Security**: Helmet security headers (CSP, HSTS, X-Content-Type-Options, X-Frame-Options), API rate limiting (100 req/min), login brute-force protection (5 attempts/min), httpOnly/SameSite session cookies.
 
 ## Requirements