VHVOVOHO
CatalogWhatsApp

VOVOHO policy

Route Protection

How VOVOHO protects admin, API, thank-you, preview, and low-value routes from indexing or unauthorized access.

Protected routes

Admin routes, API routes, preview routes, thank-you pages, search result pages, and other low-value pages should not be indexed by search engines. Production deployment should combine robots rules, noindex metadata, authentication, and server-side access checks.

Admin access

The admin area is intended for authorized users only. Before production use, Supabase Auth, role checks, row-level security, and server-side validation should be enabled for product management, inquiries, downloads, SEO settings, and user management.

Form and API protection

Inquiry endpoints should use honeypot fields, rate limiting, Turnstile verification, spam filtering, and server-side validation before inserting data into Supabase or sending email notifications.