diff --git a/server.js b/server.js
index 4601464..65612d4 100644
--- a/server.js
+++ b/server.js
@@ -2,14 +2,26 @@ var pmx = require('pmx'); pmx.init();
 
 var express = require('express')
   , http = require('http')
+  , https = require('https') // Added for HTTPS
   , path = require('path')
   , fs = require('fs')
   , inspect = require('util').inspect
   , logger = require('./lib/logger.js')
+  , helmet = require('helmet') // Added for security headers
+  , rateLimit = require('express-rate-limit') // Added for rate limiting
   ;
 
 var app      = express();
 
+// Use Helmet to secure Express apps by setting various HTTP headers
+app.use(helmet());
+
+// Rate limiter middleware
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100 // limit each IP to 100 requests per windowMs
+});
+
 // all environments
 app.set('views', __dirname + '/views');
 app.set('view engine', 'jade');
@@ -26,7 +38,7 @@ app.get('/privacy',  function(req, res) { res.render('privacy');  });
 app.get('/docs',     function(req, res) { res.render('api-docs'); });
 
 // Demo endpoints:
-app.all('/demo/analysis',        function(req, res) {
+app.all('/demo/analysis', limiter, function(req, res) { // Added rate limiter
 
     res.render('demo-analysis',
     {
@@ -39,6 +51,7 @@ app.all('/demo/analysis',        function(req, res) {
     });
 });
 
-http.createServer(app).listen(app.get('port'), function(){
+// Use HTTPS instead of HTTP
+https.createServer(app).listen(app.get('port'), function(){
   logger.log("cloudcv.io server listening on port " + app.get('port'));
 });
\ No newline at end of file