diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 74d521c..5d41476 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -23,6 +23,7 @@ class ApplicationController < ActionController::Base
   end
 
   def access_denied
+    # NOTE: For security reasons, consider using 404 when denied access to a read operation.
     render 'application/access_denied', status: :unauthorized
   end