Security policy

Static site, careful links.

This site is designed as a static Cloudflare Pages website. It should not store passwords, payment details, or customer records directly in public files.

HTTPS

The public website should be served over HTTPS through Cloudflare Pages or an equivalent secure host.

No Public Secrets

API keys, account passwords, payment credentials, admin tokens, private customer records, and internal spreadsheets must not be placed in HTML, JavaScript, image folders, or public repository files.

Forms And Spam

If booking forms become live website submissions, use a trusted backend or form provider, add spam protection such as Cloudflare Turnstile, and avoid collecting unnecessary sensitive data.

External Links

Messenger, Facebook, Instagram, Waze, and Google Forms open third-party services. Customers should confirm they are on the correct XstaticWerkz page before sharing details.

Recommended Controls

Keep Cloudflare Pages HTTPS enabled.
Restrict GitHub repository write access to trusted users.
Review customer photos before public posting.
Use role-based access for form responses and service records.
Rotate credentials if any private value is accidentally exposed.

Report A Concern

Customers can report suspicious links, incorrect contact information, or privacy/security concerns through the official XstaticWerkz Facebook Page or Messenger chat.

Last updated: June 29, 2026.