What we do to keep the experience secure.
Payments should be processed through Stripe (directly or via GHL). We do not store raw card data on this site.
Use HTTPS only. Enforce HSTS via your domain/CDN configuration.
Set CSP, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy via Cloudflare or your hosting provider.
Enable Stripe Radar, require CAPTCHA on forms if abuse occurs, and use GHL workflow rate limits where possible.