diff --git a/cmd/explorer/main.go b/cmd/explorer/main.go
index a66d4afbe7..19424d4fc8 100644
--- a/cmd/explorer/main.go
+++ b/cmd/explorer/main.go
@@ -372,18 +372,18 @@ func main() {
 				logrus.WithError(err).Error("error decoding csrf auth key falling back to empty csrf key")
 			}
 
-			sameSite := csrf.SameSiteStrictMode
-			if utils.Config.Frontend.SessionSameSiteNone {
-				sameSite = csrf.SameSiteNoneMode
-			}
+			// sameSite := csrf.SameSiteStrictMode
+			// if utils.Config.Frontend.SessionSameSiteNone {
+			// 	sameSite = csrf.SameSiteNoneMode
+			// }
 
 			csrfHandler := csrf.Protect(
 				csrfBytes,
 				csrf.FieldName("CsrfField"),
 				csrf.Secure(!cfg.Frontend.CsrfInsecure),
 				csrf.Path("/"),
-				csrf.Domain(cfg.Frontend.SessionCookieDomain),
-				csrf.SameSite(sameSite),
+				// csrf.Domain(cfg.Frontend.SessionCookieDomain),
+				// csrf.SameSite(sameSite),
 			)
 
 			router.HandleFunc("/", handlers.Index).Methods("GET")
@@ -593,7 +593,7 @@ func main() {
 			}
 
 			authRouter.Use(handlers.UserAuthMiddleware)
-			// authRouter.Use(csrfHandler)
+			authRouter.Use(csrfHandler)
 
 			if utils.Config.Frontend.Debug {
 				// serve files from local directory when debugging, instead of from go embed file
diff --git a/exporter/appsubscription_oracle.go b/exporter/appsubscription_oracle.go
index 8285197091..bef2158e59 100644
--- a/exporter/appsubscription_oracle.go
+++ b/exporter/appsubscription_oracle.go
@@ -98,16 +98,6 @@ func verifyManuall(receipt *types.PremiumData) (*VerifyResponse, error) {
 
 // Does not verify stripe or ethpool payments as those are handled differently
 func VerifyReceipt(googleClient *playstore.Client, appleClient *api.StoreClient, receipt *types.PremiumData) (*VerifyResponse, error) {
-	if utils.Config.Frontend.OldProductsDeadlineUnix > 0 && time.Now().Unix() > utils.Config.Frontend.OldProductsDeadlineUnix {
-		if _, found := utils.ProductsMapV1ToV2[receipt.ProductID]; found {
-			logger.WithField("id", receipt.ID).WithField("product_id", receipt.ProductID).WithField("store", receipt.Store).Warn("not verifying old product")
-			return &VerifyResponse{
-				Valid:          false,
-				ExpirationDate: 0,
-				RejectReason:   "old_product",
-			}, nil
-		}
-	}
 	if receipt.Store == "ios-appstore" {
 		return verifyApple(appleClient, receipt)
 	} else if receipt.Store == "android-playstore" {
diff --git a/handlers/api.go b/handlers/api.go
index 4511b807b7..f9892f7889 100644
--- a/handlers/api.go
+++ b/handlers/api.go
@@ -3116,6 +3116,11 @@ func RegisterMobileSubscriptions(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if parsedBase.ProductID == "plankton" {
+		SendBadRequestResponse(w, r.URL.String(), "old product")
+		return
+	}
+
 	// Only allow ios and android purchases to be registered via this endpoint
 	if parsedBase.Transaction.Type != "ios-appstore" && parsedBase.Transaction.Type != "android-playstore" {
 		SendBadRequestResponse(w, r.URL.String(), "invalid transaction type")
diff --git a/templates/payment/mobilepricing.html b/templates/payment/mobilepricing.html
index a751468e06..6de4776917 100644
--- a/templates/payment/mobilepricing.html
+++ b/templates/payment/mobilepricing.html
@@ -243,7 +243,7 @@ <h1 class="card-title pricing-card-title">0€ <small class="text-muted">/ mo</s
                 </ul>
               </div>
             </div>
-            <div class="card mx-2 mb-4 box-shadow">
+            <!-- div class="card mx-2 mb-4 box-shadow">
               <div class="card-header">
                 <h4 class="my-0 font-weight-normal">Plankton</h4>
               </div>
@@ -287,7 +287,7 @@ <h1 class="card-title pricing-card-title">1.99€* <small class="text-muted">/ m
                 {{ end }}
 
               </div>
-            </div>
+            </div -->
           </div>
           <div style="margin: 0" class="row justify-content-center position-relative">
             <div class="card mx-2 mb-4 box-shadow hot-box">