Case Study
Oslin Plastic Surgery
Nashville, TN
No HTTPS — Every Browser Shows “Not Secure” on Every Page. Images Carry 2014 Cache Timestamps. Every URL Ends in .aspx — Early-2000s ASP.NET Architecture, Still Live in 2026.
Every patient who visits oslinmd.com sees this in their browser address bar:
http://www.oslinmd.com/Contact.aspx — “Not Secure”Plain HTTP. No SSL certificate. Every modern browser — Chrome, Safari, Firefox — flags the site with a “Not Secure” warning on every single page. The contact form where patients submit their name, phone number, and medical inquiries is served over an unencrypted connection. The image files in the site's gallery carry cache-busting timestamps from 2014 in their filenames. The URL structure uses .aspx extensions — the signature of early-2000s Microsoft ASP.NET — on every page. This is a 30-year cosmetic surgery practice in Nashville presented to the internet exactly as it appeared when George W. Bush was in office.
The Practice
Dr. Oslin has been a Nashville plastic surgeon since 1996 — three decades in the market. He served as the team plastic surgeon for the Nashville Predators from 1998 to 2007, a distinction that makes him a recognizable name among Nashville sports fans. His practice serves both reconstructive and cosmetic patients across the Nashville metro area.
The credentials are strong. The digital infrastructure is a security liability. A physician asking patients to trust him with invasive surgical procedures is serving their inquiries over an unencrypted HTTP connection on a site built with 2002-era ASP.NET technology. The mismatch between the quality of the practice and the state of the website could not be more visible.
What We Found
Three distinct, documented problems — each one visible to every visitor on every page load.
No HTTPS — “Not Secure” on Every Page
The site loads over plain HTTP. Every browser manufactured in the last decade displays a “Not Secure” indicator in the address bar on every page. On Chrome, a red warning triangle appears. On Safari, the lock icon is absent and the URL is explicitly labeled as not secure.
This is particularly damaging for a cosmetic surgery practice. Patients researching surgical procedures are already navigating a high-stakes, high-trust decision. A “Not Secure” browser warning — on the contact page, on the procedure pages, on the patient inquiry form — introduces doubt precisely where trust needs to be highest. Google also penalizes HTTP sites in search rankings, compounding the visibility problem.
Image Files With 2014 Cache Timestamps
The site's image files carry cache-busting query strings from 2014 — filenames like Marquee9w380h274.jpg?20140627112921, where the timestamp records the exact date and time the file was last modified. Those timestamps are from 2014. The images have not been updated in 12 years.
For a cosmetic surgery practice, the photography is the product. A gallery of 12-year-old images does not represent the current quality of Dr. Oslin's work, nor does it reflect what a patient considering a procedure today can expect to look like afterward. Stale photography is a direct credibility gap.
.aspx URLs — Early-2000s ASP.NET Architecture
Every URL on the site ends in .aspx: Contact.aspx, about.aspx, first-visit.aspx. The .aspx extension is the signature of Microsoft's classic ASP.NET Web Forms framework — the dominant enterprise web technology of the early 2000s. No modern website uses .aspx extensions. The URLs alone date the site to an era before the iPhone existed. Any patient who notices the address bar is looking at a website architecture two decades out of date.
What We'd Build
A secure, modern practice site that reflects Dr. Oslin's 30 years in Nashville cosmetic surgery — without the “Not Secure” warning on every page.
HTTPS Everywhere — Secure From Day One
Full SSL/TLS coverage on every page. No browser warnings. The contact form, patient inquiry submissions, and all page loads served over encrypted HTTPS. The padlock icon in every browser, on every device, every time. This is table stakes in 2026 — and it's currently missing.
Current Photography — Updated for 2026
Fresh before/after photography representing Dr. Oslin's current outcomes — not 12-year-old images from 2014. A gallery organized by procedure, with clear before and after comparisons that help prospective patients visualize results.
Nashville Predators Credential — Used as a Marketing Asset
“Team plastic surgeon for the Nashville Predators, 1998–2007” is a distinctive credential in a city where NHL hockey has a genuine fanbase. It establishes Dr. Oslin as a surgeon trusted by professional athletes — and that association has value with a segment of Nashville patients. It should lead the About section, not be buried in a plain-text paragraph.
Spec Redesign Deliverables
- ✓HTTPS on every page — no “Not Secure” browser warnings anywhere on the site
- ✓Modern URL structure — no .aspx extensions, clean readable paths
- ✓Updated gallery with current before/after photography by procedure
- ✓Physician bio featuring the Nashville Predators team surgeon credential
- ✓Secure contact and consultation request form — properly encrypted
The Opportunity
Nashville's cosmetic surgery market is competitive and growing. Patients are comparing practices online before they ever call. Dr. Oslin has 30 years of Nashville experience, a distinctive professional sports credential, and a patient base built on real results — and his website is flagging visitors with “Not Secure” warnings and serving 12-year-old images.
The security and architecture problems are entirely fixable. The bigger opportunity is building a site that uses Dr. Oslin's credentials and outcomes to compete effectively in the Nashville market — a site that earns the trust a cosmetic surgery patient needs to give before they book a consultation.
We've built the spec redesign. Dr. Oslin can see exactly what it looks like before committing to anything.
Want to see the spec redesign?
We built a full redesign for Oslin Plastic Surgery — secure HTTPS, modern architecture, and a site that uses 30 years of Nashville credentials as a competitive advantage. Book a 30-minute call to walk through it — no commitment, no pitch deck. Just the site.
See what we'd fix on your site
We'll review your website top to bottom, record a 10-minute Loom walkthrough of exactly what's broken, and deliver a PDF report with prioritized fixes — in 48 hours.
No commitment. No pitch deck.