diff --git a/src/Server/Program.cs b/src/Server/Program.cs
index 89b7ca9..62bb7ac 100755
--- a/src/Server/Program.cs
+++ b/src/Server/Program.cs
@@ -12,7 +12,6 @@ using System.Security.Cryptography;
 var builder = WebApplication.CreateBuilder(args);
 
 // Disable null warnings becuse string.IsNullOrEmpty checks for NULL or Empty
-#pragma warning disable CS8600
 #pragma warning disable CS8604
 
 ////////////////////////////////
@@ -135,15 +134,28 @@ builder.Services.AddAuthentication(options => {
     };
 });
 
-builder.Services.AddCors(o => o.AddDefaultPolicy(builder => {
-    builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();     // No CORS
-}));
+////////////////////////////////
+///  Rate Limiting Service  ////
+////////////////////////////////
+
+List<string> allowedOrigins = new List<string>{ "https://boredcareers.com", "https://www.boredcareers.com" };
+if (builder.Environment.IsDevelopment()) {
+    allowedOrigins.Add("http://localhost:5000");
+}
+
+builder.Services.AddCors(options => {
+    options.AddDefaultPolicy(policy => {
+        policy.WithOrigins(allowedOrigins.ToArray())
+              .AllowAnyHeader()
+              .AllowAnyMethod()
+              .AllowCredentials();
+    });
+});
 
 builder.Services.AddRateLimiter(options => {
     options.AddPolicy("PerUserPolicy", httpContext => {
         var userId = httpContext.User.FindFirst(ClaimTypes.NameIdentifier)?.Value
-            ?? httpContext.User.Identity?.Name
-            ?? httpContext.Connection.RemoteIpAddress?.ToString();
+            ?? $"ip:{httpContext.Connection.RemoteIpAddress}";
 
         return RateLimitPartition.GetTokenBucketLimiter(userId, key => new TokenBucketRateLimiterOptions {
             TokenLimit = 10,                 // max 10 requests
@@ -156,9 +168,7 @@ builder.Services.AddRateLimiter(options => {
     });
 });
 
-// Pages Service
 builder.Services.AddControllers();
-builder.Services.AddRazorPages();
 
 var app = builder.Build();
 
@@ -170,12 +180,14 @@ if( !app.Environment.IsDevelopment() ) {
 app.UseDefaultFiles();
 app.UseStaticFiles();
 
+app.UseRateLimiter();
+
 app.UseCors();
 
 app.UseRouting();
 
 app.UseAuthentication();
-app.MapControllers().RequireRateLimiting("perUserPolicy");
+app.MapControllers();
 
 app.MapFallbackToFile("index.html");