diff --git a/main.go b/main.go
index 7198959..271543d 100644
--- a/main.go
+++ b/main.go
@@ -78,7 +78,9 @@ func main() {
 // HTTP handler function
 func countHandler(w http.ResponseWriter, r *http.Request) {
 	if r.Method == "GET" {
-		// CORS header change required
+		// CORS header change required.
+		//TBD wildcard is bad because it could allow illegitmate visits to be recorded if someone was nefarious and embedded
+		// front end code on a different website than your own.  Need to implement environment variable to set allowed origin.
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Write([]byte(strconv.Itoa(uniqueVisits)))