That cellebrite allows Javascript to be executed *at all* is (IMO) a little concerning. My site used to have a JS function that detected whether you were viewing via an authorised domain and redirected if not (I removed it because it broke the WebArchive)