Security Checklist

Final checks before promoting GSM Trading Lab publicly.

1. Email/Password and Google login enabled in Firebase Authentication.
2. Authorized domains include gsmtradinglab.com, www.gsmtradinglab.com, gsmtradinglab.vercel.app, and localhost.
3. Firestore rules published from firebase/firestore.rules.
4. Storage rules published from firebase/storage.rules.
5. Admin role assigned only manually in Firestore or through secure server-side logic.
6. Sensitive keys are not stored in NEXT_PUBLIC variables.
7. Cloudflare SSL mode is Full (Strict).
8. Always Use HTTPS enabled in Cloudflare.
9. Vercel Production, Preview, and Development env variables are configured.
10. No fake signal stats, fake testimonials, or guaranteed profit claims are published.
Join WhatsApp