one self-hosted file · zero CDN, zero third parties · QR generated locally ·
verification against the merchant's own endpoint (live stagenet here) ·
two skins: clean (default, universal) and skin="brutal" (GOXMR).
universal look: system sans, rounded, soft shadow. order ord_demo expects the
real 0.1 XMR faucet payment on stagenet — paste txid + proof under "prove it".
no verify-url → pure client-side: QR + address + trust info.
theme="light".
skin="brutal" lang="es". same address + amount as order 1 on purpose:
after paying ord_demo, submit the same proof here → rejected as replay.
one tx pays exactly one order.
address + amount come from a config signed with a key kept off the page.
expand the trust panel to see Signed · {{FP}}. a buyer who knows that
fingerprint catches an address swap even on a hacked page.
same envelope, address swapped after signing → the signature no longer matches, so the widget refuses to show a payable address and warns instead.