Skip to main content
IntoBadminton

Security

IntoBadminton v1 is a static Next.js export with no production database, no server-side account system, and no payment flow. That reduces attack surface, but it does not remove security obligations.

Current controls

  • Non-essential analytics and ads are off by default.
  • AdSense is disabled unless a compliant deployment mode is set.
  • Review drafts stay local until a moderated backend exists.
  • Source evidence avoids copied third-party review text.

Hosting requirements

Configure security headers at the host or CDN layer: Content Security Policy, Referrer-Policy, X-Content-Type-Options, Permissions-Policy, and HTTPS/HSTS where supported. GitHub Pages alone has limited header control, so use Cloudflare or Firebase Hosting when enforcing headers.

Report a vulnerability

Replace the placeholder contact in /.well-known/security.txt before launch. Do not submit real user data in vulnerability reports.

Looking for equipment instead?

Browse the full catalog with filters for brand, weight, balance, and price — or run the finder for a personalised shortlist.

Browse full catalogStart the finder

Privacy-first cookie choices

We use necessary local storage for the finder. Analytics and ads are optional and are off by default under our strict global baseline. Ads remain operationally disabled until a compliant consent platform is configured.