0d212787ef
healthcare email: add 'No logins. No portals. No headaches.' value-add (sells the relief, hides the mechanics); research doc on verified no-login third-party submission paths
53ec011198
email trust signals: add data-safety + guarantee + social-proof strip to HC, telecom (campaign_template), and trucking (6 source + active campaigns via injector). Vertical accents: teal/blue/orange
95698852ce
healthcare warmup: gate Google/Workspace domains out of week 1 (they hard-reject cold IPs 550-5.7.1); send 501 non-Google practice domains first, defer 222 Google to week 2-3; cron uses hc_warmup_nongoogle.csv
2bc86268f7
healthcare: HC warmup campaign cron (Mon-Fri 7AM Central) - imports overdue-first verified slice into listmonk-hc + runs Medicare-revalidation campaign via hc HOT stream; rate-throttled by pw-hc-rampcap
2d3bccd31e
healthcare email: white logo for teal header (was dark navy, invisible); drop NPPES-source footer line
29c7a421e9
healthcare email: teal gradient header (matches site hero) + standalone CSV MX/SMTP verifier (binds .72 non-sending IP); gitignore PII warmup lists
5129ebec5c
healthcare email: add List-Unsubscribe/List-Id/Date/Precedence bulk headers to improve inbox placement on the cold hc IPs
3859557506
healthcare: +$200 across all 6 provider services; add segmented marketing email builder (5 compliance-problem campaigns) + rendered HTML
9bcd27db80
feat(site): vertical-specific order-page headers (trucking/telecom/healthcare/corporate) via unified VerticalOrderHeader; apply to all 49 order pages; retire TruckingOrderHeader
695c3e2431
security: drop all CBC TLS suites (Qualys WEAK -> AEAD-only, still A+); sync ansible nginx templates (ciphers + ywxi CSP); capture host firewall as IaC
113c73b392
feat(site): meter TrustedSite trustmark to order+healthcare pages only (free tier 500 impr/mo); auto-detect by path; CSP allows cdn.ywxi.net
780b4219d3
feat(site): stage TrustedSite trustmark slot (opt-in prop) + setup doc; CSP/verification steps pre-documented
af0b1d2306
feat(site): wire TrustStrip site-wide (Base layout); fix homepage trust strip (SecurityHeaders A not A+) + add SOC2/HIPAA-PCI badges
5526fb79b9
security: harden nginx TLS ciphers (drop SHA-1 CBC -> HIPAA/NIST clean, still A+); document ImmuniWeb free badge + PCI/HIPAA/NIST/GDPR compliance
6121c0a6f4
security: harden VM - nft+DOCKER-USER firewall closing public exposure of postgres/k8s/forgejo/listmonk/apis; remove inbound :25 (send-only); docs
113c73b392
feat(site): meter TrustedSite trustmark to order+healthcare pages only (free tier 500 impr/mo); auto-detect by path; CSP allows cdn.ywxi.net
780b4219d3
feat(site): stage TrustedSite trustmark slot (opt-in prop) + setup doc; CSP/verification steps pre-documented
af0b1d2306
feat(site): wire TrustStrip site-wide (Base layout); fix homepage trust strip (SecurityHeaders A not A+) + add SOC2/HIPAA-PCI badges
5526fb79b9
security: harden nginx TLS ciphers (drop SHA-1 CBC -> HIPAA/NIST clean, still A+); document ImmuniWeb free badge + PCI/HIPAA/NIST/GDPR compliance
6121c0a6f4
security: harden VM - nft+DOCKER-USER firewall closing public exposure of postgres/k8s/forgejo/listmonk/apis; remove inbound :25 (send-only); docs
60ec4599b9
feat(site): add TrustStrip component (legitimately-earned trust seals: SSL Labs A+, Security Headers A, Stripe PCI, TLS/HSTS, SOC 2 datacenter)
c3b2c4e89a
hc-email: prod listmonk_hc installed + 3 SMTP servers + rampcap cron; end-to-end validated to Gmail via .107-.109