update README.md

Author: Tim-Maes

README.md

@@ -116,17 +116,16 @@ var paymentOptions = new MessageSecurityOptions()
 }
 ```
 
-## Security Features
+## Security
 
-### Sandbox Security Levels
+### Content Security Policy
 
-| Level | Description | Use Case |
-|-------|-------------|----------|
-| **None** | No restrictions | Trusted content only |
-| **Basic** | Scripts + same-origin | Most trusted widgets |
-| **Permissive** | + forms + popups | Interactive widgets |
-| **Strict** | Scripts + same-origin only | Display widgets |
-| **Paranoid** | Scripts only | Untrusted content |
+Comprehensive CSP integration for defense-in-depth security:
+- **Automatic header generation** - CSP headers built from iframe requirements
+- **Environment-aware policies** - Different rules for development vs production
+- **Fluent configuration API** - Easy-to-use builder pattern for CSP rules
+- **Violation monitoring** - Real-time CSP violation reporting and analysis
+- **Nonce and hash support** - Modern CSP techniques for script security
 
 ### Message Validation
 
@@ -136,6 +135,16 @@ All iframe messages are automatically validated for:
 - **Security filtering** - Blocks malicious patterns and script injection
 - **Custom validation** - Extensible validation pipeline
 
+### Sandbox Security Levels
+
+| Level | Description | Use Case |
+|-------|-------------|----------|
+| **None** | No restrictions | Trusted content only |
+| **Basic** | Scripts + same-origin | Most trusted widgets |
+| **Permissive** | + forms + popups | Interactive widgets |
+| **Strict** | Scripts + same-origin only | Display widgets |
+| **Paranoid** | Scripts only | Untrusted content |
+
 ## Demo
 
 [![BlazorFrame Demo](https://github.com/user-attachments/assets/106e02f8-5b7a-4a02-9748-b5fc1f540168)](https://github.com/Tim-Maes/BlazorFrameDemo)