pull down to refresh

Never put your private key in a website. Yes, not even if it is a trusted site like damus.io, because A) extensions can steal data; B) this creates a dangerous habit; C) it is probably easier to hack a web server than to compromise a build.
PS: In my other reply by "clients" I meant local apps, not web clients.