diff --git a/README.md b/README.md
index 7df5f4cd0e9fcc64a4dc22f4408962eb24fa2e74..b8b4fd5707f217448062dfa1be2ae5f8c8d669ad 100644
--- a/README.md
+++ b/README.md
@@ -92,3 +92,15 @@ configured as a "fallback" or "default" service to answer all requests that are
 to be served by one of the other services (e.g like everything under /api). This should simplify
 the Ingress configuration. One example can be found
 [in the ui-middleware repository](https://gitlab.open-xchange.com/frontend/Infrastructure/ui-middleware/-/blob/main/.gitlab-ci/kubernetes-resources.yaml).
+
+## Some notes on code loading
+
+It is mandatory to load the UI over https with a valid certificate and there are multiple reasons for that. These notes give an overview over the features that are required for code loading and will substantiate the need for https.
+
+- First of all, securing your site with https is not hard anymore. We have e.g. Let's Encrypt and several other ways to achieve this. But which case applies to a use-case is not part of these notes.
+- The UI needs a **service worker** to function. The service worker is used for file-caching and version-mismatch detection (the "reload"-banner). **Service workers** are only loaded over https with valid certificate to prevent man-in-the-middle attacks.
+- The UI consists of many small files, because it cannot be bundled as before. To improve file transfer time, HTTP/2 is required which requires https.
+- The **service worker** also increases boot time by loading zipped chunks of files and puts them in the browser-cache on initial boot. Without https no **service worker**, without **service worker** no zipped loading.
+- To reduce the transferred file-size, the **UI-middleware** uses **brotli** encoding for every transferred file (except the index.html). The UI-middleware will not check for accept-enconding headers due to performance reasons. Modern browsers will not load brotli over insecure connections and the UI won't load without it.
+
+It is noteworthy that localhost is an exception to the above rules and the UI including **service workers** and preloading (but not http2) will work on localhost for development environments.