wildcard CORS is bad. Make note of this, not fixed

README.md

@@ -43,8 +43,6 @@ services:
   counter:
     image: registry.deadbeef.codes/siteviewcounter:latest
     restart: always
-    depends_on:
-      - traefik
     expose:
       - "8080"
     environment:
@@ -67,4 +65,35 @@ services:
       - MYSQL_DATABASE=counter
       - TZ=America/Edmonton
 
-```
+```
+
+### Example front end usage
+
+You can pretty much implement this in your front end however you want, you just need to make a GET request to whatever endpoint the counter container is running at.  This is how I use it though...
+
+```html
+<html>
+  <head>
+    <script>
+      var counterReq = new XMLHttpRequest();
+      counterReq.onreadystatechange = function() {
+        console.log("counterReq ready state is " + this.readyState);
+        if (this.readyState == 4) {
+          console.log("counterReq status is " + this.status);
+          if (this.status == 200) {
+            document.getElementById("counter").innerHTML = this.responseText + " unique visitors"
+          } else { // failed to load
+            console.log("failed to load counter module")
+          }
+        }
+      }
+      counterReq.open("GET", "https://counter.example.com", true);
+      counterReq.send();
+    </script>
+  </head>
+  <body>
+    <div id="counter"></div>
+  </body>
+</html>
+```
+

main.go

@@ -78,7 +78,9 @@ func main() {
 // HTTP handler function
 func countHandler(w http.ResponseWriter, r *http.Request) {
 	if r.Method == "GET" {
-		// CORS header change required
+		// CORS header change required.
+		//TBD wildcard is bad because it could allow illegitmate visits to be recorded if someone was nefarious and embedded
+		// front end code on a different website than your own.  Need to implement environment variable to set allowed origin.
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Write([]byte(strconv.Itoa(uniqueVisits)))