diff --git a/backend/internal/server/server.go b/backend/internal/server/server.go
index 94c1534..b59997b 100644
--- a/backend/internal/server/server.go
+++ b/backend/internal/server/server.go
@@ -62,13 +62,6 @@ func New(cfg config.Config) (*Server, error) {
 	auth := middleware.RequireAuth([]byte(cfg.JWTSecret))
 	adminOnly := middleware.RequireAuth([]byte(cfg.JWTSecret), "Admin")
 
-	// Apply global security headers to all routes or specific ones?
-	// The chain function is handy. Let's add it to the chains.
-	// Actually, maybe a global wrapper? But current design uses explicit chains.
-	// Let's add it to the chains. Or even better, wrap the whole mux?
-	// The Start() method wraps the mux with CORS. We can wrap it there too if we want global.
-	// But let's look at Start() method.
-
 	mux.Handle("POST /api/v1/companies", chain(http.HandlerFunc(h.CreateCompany), middleware.Logger, middleware.Gzip))
 	mux.Handle("GET /api/v1/companies", chain(http.HandlerFunc(h.ListCompanies), middleware.Logger, middleware.Gzip))
 	mux.Handle("GET /api/v1/companies/{id}", chain(http.HandlerFunc(h.GetCompany), middleware.Logger, middleware.Gzip))