Pricing Live amounts shown on the contribute and donate widgets. Changes save instantly to local storage; in production they sync to PATCH /api/pricing. Quote · text onlyPlain-text tribute in the memory book Amount CurrencyEUR €USD $ ActiveYesNo Quote with imageTribute + one illustrative image Amount CurrencyEUR €USD $ ActiveYesNo Sliding partner banner30 days in the rotating strip Amount CurrencyEUR €USD $ ActiveYesNo Donation · minimumFloor amount accepted on the donate widget Amount CurrencyEUR €USD $ ActiveYesNo Save pricing Reset defaults Saved.
Memory book · moderation Quick approve or reject submitted pages. Production hooks: PATCH /api/admin/memories/:id.
Sliding partners Curated partners featured in the rotating strip on the home page. Title Caption URL (https)
Security checklist A live record of what is in place vs. what production needs. CSP meta tag, strict referrer policy, no eval in app code, frame-ancestors disallowed. All user input rendered with textContent — no innerHTML on submitted strings. Client rate-limit on memory & contribute submissions (3/hr · 5/day). External links use rel="noopener noreferrer nofollow". Production add: server-side CSP nonces, hCaptcha, server rate-limits, EXIF strip + NSFW scan on uploads, WAF/DDoS, daily off-site backups, signed admin sessions (JWT + bcrypt + 2FA). Production add: Stripe webhook signature verification, idempotency keys on POSTs, structured audit log of every admin action.