Agree, that you should have a cold wallet address.
Besides that, I never really tried the provably fair implementation, but I had a look now and do not like the fact that the clientseeds are generated by the server. IMHO this isn't really provably fair. This is the same explanation as in another thread so:
This might be unintentional but IMHO being cheated would be just too easy on this site. I will explain why:
The first thing I don't like is that you have to use "per roll" system instead of the most used and well tested "nonce system" (like JD, PD, PRC, etc.) But that's not the end of the world.
The real problem is that you don't randomize the clientseed each roll (client-side, so in the browser.) This means that unless the player changes his client seed EVERY roll, you know the outcome in advance. Let's say the player is betting with the martingale strategy on 2x with "High". You know the clientseed in advance so can just create a "random_seed" that makes a favorable bet outcome. Basically you could literally make every bet result "Low".
I do not really think you are doing that(!) BUT provably fair is exactly about not having to trust the site owner. IMO your site cannot be really called provably fair at this moment. Also if you would be cheating, in theory the player could also abuse that by playing in a pattern then switching High to Low on crucial bets. Again, I do -not- think you are cheating, but IMO it is _in theory_ possible.
Short term solution:
Create the random clientseed in the browser, ideally with a cryptographically secure method. So also when pressing the "Randomize" button, the clientseed will be generated in the same way and wouldn't come from an AJAX request (only the need serverhash.) And also the first time the player joins your site.
Long term solution:
Make it with the nonce-method like most sites. The biggest advantage is that players can verify 100+ rolls easily in 1 time since they only need to fill in a few seeds to generate all these roll outcomes - instead of several seeds for EVERY bet. There are other advantages like some ways of casino-side-cheating are easier to achieve with the "per roll" system (for example "stalling".) Note: if you implement this method, make sure you do not leak the serverseed anywhere and use a separator between seeds and nonce.
Hope you can improve the provably fair implementation