Support & Help Center

Summary: connect your Git repo, configure env vars, and let the platform build & atomically release.

1. Connect repository: push your code to GitHub/GitLab, then import the repo in Vercel / Cloudflare Pages.
2. Framework preset: choose Next.js. The default build command is next build.
3. Environment variables: add keys under Project → Settings → Environment Variables (e.g. NEXT_PUBLIC_API_URL, STRIPE_SECRET_KEY).
4. Images & domains: in next.config.js set images.domains for external images.
5. Custom domain: add your domain in Domains, then update DNS (CNAME/A/AAAA) at your registrar.
6. Preview & production: every pull request gets a preview URL; merge to main publishes production instantly (atomic deploy).

# Example: next.config.js (images)
module.exports = {
  images: { domains: ["cdn.yoursite.com","images.unsplash.com"] }
};

1. Create a feature branch → open a Pull Request.
2. Preview deploy is generated automatically; QA on the preview URL.
3. After review, merge to main — the platform promotes the build atomically.
4. Previous version remains available for instant rollback if needed.
5. We monitor Core Web Vitals and error logs post-release for 24–48h.

Use Stripe’s test cards and Webhook endpoints to simulate the full payment lifecycle.

1. Enable Test mode in the Stripe Dashboard.
2. Use card 4242 4242 4242 4242, any future expiry, any CVC.
3. Create a Webhook endpoint (e.g. /api/stripe/webhook) and subscribe to events: payment_intent.succeeded, payment_intent.payment_failed, checkout.session.completed.
4. Copy the Signing secret into your environment variable (e.g. STRIPE_WEBHOOK_SECRET).
5. Verify signature on your server using Stripe SDK before processing the event.

// Example (Node/Express)
app.post("/api/stripe/webhook", express.raw({type:"application/json"}), (req,res)=>{
  const sig = req.headers["stripe-signature"];
  const event = stripe.webhooks.constructEvent(req.body, sig, process.env.STRIPE_WEBHOOK_SECRET);
  if(event.type==="checkout.session.completed"){ /* fulfill order */ }
  res.json({received:true});
});

1. Issue a full or partial refund in Dashboard or via API (store the reason).
2. Listen to charge.refunded / refund.updated to sync your order status.
3. Notify the customer by email; funds may take 5–10 business days to appear.
4. For subscriptions, consider proration or credit balance instead of immediate refunds.

1. Hero media: serve optimized images/video; use priority on the hero image.
2. Fonts: self-host with font-display: swap; preconnect & preload critical fonts.
3. Layout shifts: reserve width/height for images, ads, embeds; avoid late DOM injection.
4. JS budget: lazy-load non-critical scripts; remove unused libraries; prefer native features.
5. CDN cache: cache HTML for anonymous traffic; enable HTTP/3 and brotli; set proper cache keys.

1. Generate sitemap.xml on build (e.g. next-sitemap) and submit it in Google Search Console.
2. Add robots.txt to allow crawling of production and disallow staging environments.
3. For each canonical page, include <link rel="canonical" href="https://example.com/page"/>.
4. For multilingual sites, include hreflang links pointing to language/region variants.

1. Enable 2FA, strong password policy, session timeouts, and IP allow-listing for staff.
2. Run the CMS on a separate subdomain with HTTPS only; set strict SameSite and HttpOnly cookies.
3. Apply rate limiting and login attempt throttling; log all admin actions centrally.
4. Automated nightly backups; secrets only in managed ENV (no secrets in git).

Use a strict CSP with a controlled allow-list for scripts/styles/fonts/images. Prefer nonces or hashes for inline code.

Content-Security-Policy:
  default-src 'self';
  script-src 'self' 'nonce-<GENERATED_NONCE>' https://www.googletagmanager.com;
  style-src  'self' 'unsafe-inline' https://fonts.googleapis.com;
  img-src    'self' data: https://images.unsplash.com;
  font-src   'self' https://fonts.gstatic.com;
  frame-ancestors 'none';