diff --git a/.env.example b/.env.example
index 9386361..af82f42 100644
--- a/.env.example
+++ b/.env.example
@@ -16,9 +16,19 @@ SMTP_AUTHENTICATION=plain
 SMTP_ENABLE_STARTTLS=true
 
 # Application Configuration
-CLINCH_HOST=http://localhost:9000
+CLINCH_HOST=http://localhost:3000
 CLINCH_FROM_EMAIL=noreply@example.com
 
+# DNS Rebinding Protection Configuration
+# Set to service name (e.g., 'clinch') if running in same Docker compose as Caddy
+CLINCH_DOCKER_SERVICE_NAME=
+
+# Allow internal IP access for cross-compose deployments (true/false)
+CLINCH_ALLOW_INTERNAL_IPS=true
+
+# Allow localhost access for development (true/false)
+CLINCH_ALLOW_LOCALHOST=true
+
 # OIDC Configuration
 # RSA private key for signing ID tokens (JWT)
 # Generate with: openssl genrsa 2048