diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..e1f53f12f4
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+**Short version: please report security issues by emailing security@maykinmedia.nl.**
+
+If you discover security issues in Open Inwoner or related projects under the same
+organization, we request you to disclose these in a *responsible* way by e-mailing to
+security@maykinmedia.nl.
+
+It is extremely useful if you have a reproducible test case and/or clear steps on how to
+reproduce the vulnerability.
+
+Please do not report security issues on the public Github issue tracker, as this makes
+it visible which exploits exist before a fix is available, potentially comprising a lot
+of unprotected instances.
+
+Once you’ve submitted an issue via email, you should receive an acknowledgment from a
+member of the security team as soon as possible, and depending on the action to be taken,
+you may receive further followup emails.
diff --git a/src/log_outgoing_requests/admin.py b/src/log_outgoing_requests/admin.py
index 8289caa55a..fdc9531548 100644
--- a/src/log_outgoing_requests/admin.py
+++ b/src/log_outgoing_requests/admin.py
@@ -17,6 +17,8 @@ class OutgoingRequestsLogAdmin(admin.ModelAdmin):
         "timestamp",
         "req_content_type",
         "res_content_type",
+        "req_headers",
+        "res_headers",
         "trace",
     )
     readonly_fields = fields
@@ -30,7 +32,7 @@ class OutgoingRequestsLogAdmin(admin.ModelAdmin):
         "timestamp",
     )
     list_filter = ("method", "status_code", "hostname")
-    search_fields = ("params", "query_params", "hostname")
+    search_fields = ("url", "params", "hostname")
     date_hierarchy = "timestamp"
     show_full_result_count = False
 
diff --git a/src/log_outgoing_requests/formatters.py b/src/log_outgoing_requests/formatters.py
index de29e75486..b12eae1154 100644
--- a/src/log_outgoing_requests/formatters.py
+++ b/src/log_outgoing_requests/formatters.py
@@ -3,6 +3,9 @@
 
 
 class HttpFormatter(logging.Formatter):
+    def _formatHeaders(self, d):
+        return "\n".join(f"{k}: {v}" for k, v in d.items())
+
     def formatMessage(self, record):
         result = super().formatMessage(record)
         if record.name == "requests":
@@ -10,14 +13,18 @@ def formatMessage(self, record):
                 """
                 ---------------- request ----------------
                 {req.method} {req.url}
+                {reqhdrs}
 
                 ---------------- response ----------------
                 {res.status_code} {res.reason} {res.url}
+                {reshdrs}
                 
             """
             ).format(
                 req=record.req,
                 res=record.res,
+                reqhdrs=self._formatHeaders(record.req.headers),
+                reshdrs=self._formatHeaders(record.res.headers),
             )
 
         return result
diff --git a/src/log_outgoing_requests/handlers.py b/src/log_outgoing_requests/handlers.py
index 9158307df7..631f14761a 100644
--- a/src/log_outgoing_requests/handlers.py
+++ b/src/log_outgoing_requests/handlers.py
@@ -14,11 +14,15 @@ def emit(self, record):
 
             # save only the requests coming from the library requests
             if record and record.getMessage() == "Outgoing request":
+                safe_req_headers = record.req.headers.copy()
+
+                if "Authorization" in safe_req_headers:
+                    safe_req_headers["Authorization"] = "***hidden***"
+
                 if record.exc_info:
                     trace = traceback.format_exc()
 
                 parsed_url = urlparse(record.req.url)
-
                 kwargs = {
                     "url": record.req.url,
                     "hostname": parsed_url.hostname,
@@ -29,7 +33,12 @@ def emit(self, record):
                     "res_content_type": record.res.headers.get("Content-Type", ""),
                     "timestamp": record.requested_at,
                     "response_ms": int(record.res.elapsed.total_seconds() * 1000),
+                    "req_headers": self.format_headers(safe_req_headers),
+                    "res_headers": self.format_headers(record.res.headers),
                     "trace": trace,
                 }
 
                 OutgoingRequestsLog.objects.create(**kwargs)
+
+    def format_headers(self, headers):
+        return "\n".join(f"{k}: {v}" for k, v in headers.items())
diff --git a/src/log_outgoing_requests/log_requests.py b/src/log_outgoing_requests/log_requests.py
index ea994ab9ae..bac831275e 100644
--- a/src/log_outgoing_requests/log_requests.py
+++ b/src/log_outgoing_requests/log_requests.py
@@ -30,7 +30,7 @@ def install_outgoing_requests_logging():
     Session._original_request = Session.request
 
     def new_request(self, *args, **kwargs):
-        kwargs.setdefault("hooks", {"response": hook_requests_logging})
+        self.hooks["response"].append(hook_requests_logging)
         return self._original_request(*args, **kwargs)
 
     Session.request = new_request
diff --git a/src/log_outgoing_requests/migrations/0003_auto_20230321_0724.py b/src/log_outgoing_requests/migrations/0003_auto_20230321_0724.py
new file mode 100644
index 0000000000..673313a1e8
--- /dev/null
+++ b/src/log_outgoing_requests/migrations/0003_auto_20230321_0724.py
@@ -0,0 +1,33 @@
+# Generated by Django 3.2.15 on 2023-03-21 06:24
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("log_outgoing_requests", "0002_alter_outgoingrequestslog_url"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="outgoingrequestslog",
+            name="req_headers",
+            field=models.TextField(
+                blank=True,
+                help_text="The request headers.",
+                null=True,
+                verbose_name="Request headers",
+            ),
+        ),
+        migrations.AddField(
+            model_name="outgoingrequestslog",
+            name="res_headers",
+            field=models.TextField(
+                blank=True,
+                help_text="The response headers.",
+                null=True,
+                verbose_name="Response headers",
+            ),
+        ),
+    ]
diff --git a/src/log_outgoing_requests/models.py b/src/log_outgoing_requests/models.py
index a9f1e658b5..215e481a5c 100644
--- a/src/log_outgoing_requests/models.py
+++ b/src/log_outgoing_requests/models.py
@@ -13,6 +13,8 @@ class OutgoingRequestsLog(models.Model):
         default="",
         help_text=_("The url of the outgoing request."),
     )
+
+    # hostname is added so we can filter on it in the admin page
     hostname = models.CharField(
         verbose_name=_("Hostname"),
         max_length=255,
@@ -52,6 +54,18 @@ class OutgoingRequestsLog(models.Model):
         blank=True,
         help_text=_("The content type of the response."),
     )
+    req_headers = models.TextField(
+        verbose_name=_("Request headers"),
+        blank=True,
+        null=True,
+        help_text=_("The request headers."),
+    )
+    res_headers = models.TextField(
+        verbose_name=_("Response headers"),
+        blank=True,
+        null=True,
+        help_text=_("The response headers."),
+    )
     response_ms = models.PositiveIntegerField(
         verbose_name=_("Response in ms"),
         default=0,
@@ -79,6 +93,9 @@ def __str__(self):
         )
 
     @cached_property
+    def url_parsed(self):
+        return urlparse(self.url)
+
+    @property
     def query_params(self):
-        parsed_url = urlparse(self.url)
-        return parsed_url.query
+        return self.url_parsed.query
diff --git a/src/log_outgoing_requests/tests/test_logging.py b/src/log_outgoing_requests/tests/test_logging.py
index 368d6f0da2..2bd094b059 100644
--- a/src/log_outgoing_requests/tests/test_logging.py
+++ b/src/log_outgoing_requests/tests/test_logging.py
@@ -17,6 +17,7 @@ def _setUpMocks(self, m):
             content=b"some content",
         )
 
+    @override_settings(LOG_OUTGOING_REQUESTS_DB_SAVE=True)
     def test_outgoing_requests_are_logged(self, m):
         self._setUpMocks(m)
 
@@ -30,9 +31,8 @@ def test_outgoing_requests_are_logged(self, m):
 
     @override_settings(LOG_OUTGOING_REQUESTS_DB_SAVE=True)
     def test_expected_data_is_saved_when_saving_enabled(self, m):
-        self._setUpMocks(m)
-
         methods = [
+            ("GET", requests.get, m.get),
             ("POST", requests.post, m.post),
             ("PUT", requests.put, m.put),
             ("PATCH", requests.patch, m.patch),
@@ -45,10 +45,31 @@ def test_expected_data_is_saved_when_saving_enabled(self, m):
                 mocked(
                     "http://example.com/some-path?version=2.0",
                     status_code=200,
-                    content=b"some content",
+                    json={"test": "data"},
+                    request_headers={
+                        "Authorization": "test",
+                        "Content-Type": "text/html",
+                    },
+                    headers={
+                        "Date": "Tue, 21 Mar 2023 15:24:08 GMT",
+                        "Content-Type": "application/json",
+                    },
+                )
+                expected_req_headers = (
+                    "User-Agent: python-requests/2.26.0\n"
+                    "Accept-Encoding: gzip, deflate, br\n"
+                    "Accept: */*\n"
+                    "Connection: keep-alive\n"
+                    "Authorization: ***hidden***\n"
+                    "Content-Type: text/html"
                 )
+                if method not in ["HEAD", "GET"]:
+                    expected_req_headers += "\nContent-Length: 0"
 
-                response = func("http://example.com/some-path?version=2.0")
+                response = func(
+                    "http://example.com/some-path?version=2.0",
+                    headers={"Authorization": "test", "Content-Type": "text/html"},
+                )
 
                 request_log = OutgoingRequestsLog.objects.last()
 
@@ -60,15 +81,33 @@ def test_expected_data_is_saved_when_saving_enabled(self, m):
                 self.assertEqual(request_log.query_params, "version=2.0")
                 self.assertEqual(response.status_code, 200)
                 self.assertEqual(request_log.method, method)
-                self.assertEqual(request_log.req_content_type, "")
-                self.assertEqual(request_log.res_content_type, "")
+                self.assertEqual(request_log.req_content_type, "text/html")
+                self.assertEqual(request_log.res_content_type, "application/json")
                 self.assertEqual(request_log.response_ms, 0)
+                self.assertEqual(request_log.req_headers, expected_req_headers)
+                self.assertEqual(
+                    request_log.res_headers,
+                    "Date: Tue, 21 Mar 2023 15:24:08 GMT\nContent-Type: application/json",
+                )
                 self.assertEqual(
                     request_log.timestamp.strftime("%Y-%m-%d %H:%M:%S"),
                     "2021-10-18 13:00:00",
                 )
                 self.assertIsNone(request_log.trace)
 
+    @override_settings(LOG_OUTGOING_REQUESTS_DB_SAVE=True)
+    def test_authorization_header_is_hidden(self, m):
+        self._setUpMocks(m)
+
+        requests.get(
+            "http://example.com/some-path?version=2.0",
+            headers={"Authorization": "test"},
+        )
+        log = OutgoingRequestsLog.objects.get()
+
+        self.assertIn("Authorization: ***hidden***", log.req_headers)
+
+    @override_settings(LOG_OUTGOING_REQUESTS_DB_SAVE=False)
     def test_data_is_not_saved_when_saving_disabled(self, m):
         self._setUpMocks(m)
 
diff --git a/src/open_inwoner/accounts/models.py b/src/open_inwoner/accounts/models.py
index 38a0eabd06..61a00c1a22 100644
--- a/src/open_inwoner/accounts/models.py
+++ b/src/open_inwoner/accounts/models.py
@@ -22,6 +22,7 @@
     validate_phone_number,
 )
 
+from ..plans.models import PlanContact
 from .choices import ContactTypeChoices, LoginTypeChoices, StatusChoices, TypeChoices
 from .managers import ActionQueryset, DigidManager, UserManager, eHerkenningManager
 from .query import InviteQuerySet, MessageQuerySet
@@ -284,6 +285,16 @@ def is_email_of_contact(self, email):
             or self.contacts_for_approval.filter(email=email).exists()
         )
 
+    def get_plan_contact_new_count(self):
+        return (
+            PlanContact.objects.filter(user=self, notify_new=True)
+            .exclude(plan__created_by=self)
+            .count()
+        )
+
+    def clear_plan_contact_new_count(self):
+        PlanContact.objects.filter(user=self).update(notify_new=False)
+
     def is_digid_and_brp(self) -> bool:
         """
         Returns whether user is logged in with digid and data has
diff --git a/src/open_inwoner/accounts/templates/accounts/registration_necessary.html b/src/open_inwoner/accounts/templates/accounts/registration_necessary.html
index 704fe25203..7094d3ccc3 100644
--- a/src/open_inwoner/accounts/templates/accounts/registration_necessary.html
+++ b/src/open_inwoner/accounts/templates/accounts/registration_necessary.html
@@ -3,6 +3,7 @@
 
 {% block content %}
 
+<div class="registration-grid">
 {% render_grid %}
     {% render_column span=9 %}
         {% render_card tinted=True  %}
@@ -11,5 +12,6 @@ <h1 class="h1">{% trans "Registratie voltooien" %}</h1><br>
         {% endrender_card %}
     {% endrender_column %}
 {% endrender_grid %}
+</div>
 
 {% endblock content %}
diff --git a/src/open_inwoner/accounts/templates/django_registration/registration_form.html b/src/open_inwoner/accounts/templates/django_registration/registration_form.html
index deb2a21166..3cf607e0c5 100644
--- a/src/open_inwoner/accounts/templates/django_registration/registration_form.html
+++ b/src/open_inwoner/accounts/templates/django_registration/registration_form.html
@@ -3,6 +3,7 @@
 
 {% block content %}
 
+<div class="registration-grid">
 {% render_grid %}
     {% render_column start=5 span=5 %}
         {% render_card direction='horizontal' tinted=True %}
@@ -23,5 +24,6 @@ <h1 class="h3">{% trans "Registreren met E-mail" %}</h1><br>
     {% endif %}
 
 {% endrender_grid %}
+</div>
 
 {% endblock content %}
diff --git a/src/open_inwoner/accounts/templates/registration/login.html b/src/open_inwoner/accounts/templates/registration/login.html
index d319bb6f6c..d225c35a03 100644
--- a/src/open_inwoner/accounts/templates/registration/login.html
+++ b/src/open_inwoner/accounts/templates/registration/login.html
@@ -10,6 +10,7 @@
 
 
 {% block content %}
+    <div class="login-grid">
     {% render_grid %}
         {% render_column start=5 span=5 %}
             {% render_card %}
@@ -21,10 +22,13 @@ <h1 class="h1">{% trans 'Welkom' %}</h1>
                         <a href="{% url 'digid:login' %}" class="link digid-logo" aria-describedby="Digid logo" title="Digid logo">
                             <img class="digid-logo__image" src="{% static 'accounts/digid_logo.svg' %}" alt="Digid logo">
                         </a>
-                        {% link href='digid:login' text=_('Inloggen met DigiD') secondary=True icon='arrow_forward' extra_classes="link--digid" %}
+                        {% url 'digid:login' as href %}
+                        {% with href|addnexturl:next as href_with_next %}
+                            {% link href=href_with_next text=_('Inloggen met DigiD') secondary=True icon='arrow_forward' extra_classes="link--digid" %}
+                        {% endwith %}
                     {% endrender_card %}
 		{% endif %}
-			
+
                 {% get_solo 'mozilla_django_oidc_db.OpenIDConnectConfig' as oidc_config %}
                 {% get_solo 'configurations.SiteConfiguration' as site_config %}
                 {% if oidc_config.enabled %}
@@ -36,7 +40,10 @@ <h1 class="h1">{% trans 'Welkom' %}</h1>
                     {% else %}
                         <div></div>
                     {% endif %}
-                        {% link text=site_config.openid_connect_login_text href='oidc_authentication_init' secondary=True icon='arrow_forward' icon_position="after" %}
+                        {% url 'oidc_authentication_init' as href %}
+                        {% with href|addnexturl:next as href_with_next %}
+                            {% link text=site_config.openid_connect_login_text href=href_with_next secondary=True icon='arrow_forward' icon_position="after" %}
+                        {% endwith %}
                     {% endrender_card %}
                 {% endif %}
 
@@ -44,6 +51,7 @@ <h1 class="h1">{% trans 'Welkom' %}</h1>
                     {% render_card tinted=True %}
                         {% render_form id="login-form" method="POST" form=form %}
                             {% csrf_token %}
+                            <input type="hidden" name="next" value="{{next}}" />
                             {% input form.username %}
                             {% input form.password %}
                             {% button text=_('Wachtwoord vergeten?') href='password_reset' secondary=True transparent=True align='right' %}
@@ -54,4 +62,5 @@ <h1 class="h1">{% trans 'Welkom' %}</h1>
             {% endrender_card %}
         {% endrender_column %}
     {% endrender_grid %}
+    </div>
 {% endblock content %}
diff --git a/src/open_inwoner/accounts/tests/test_action_views.py b/src/open_inwoner/accounts/tests/test_action_views.py
index 4b8b7c4f41..ad090df9b9 100644
--- a/src/open_inwoner/accounts/tests/test_action_views.py
+++ b/src/open_inwoner/accounts/tests/test_action_views.py
@@ -227,6 +227,12 @@ def test_action_history(self):
         self.assertEqual(response.status_code, 200)
         self.assertContains(response, self.action.name)
 
+    def test_action_history_breadcrumbs(self):
+        response = self.app.get(self.history_url, user=self.user)
+        crumbs = response.pyquery(".breadcrumbs__list-item")
+        self.assertIn(_("Mijn profiel"), crumbs[1].text_content())
+        self.assertIn(_("Mijn acties"), crumbs[2].text_content())
+
     def test_action_history_not_your_action(self):
         other_user = UserFactory()
         self.app.get(self.history_url, user=other_user, status=404)
diff --git a/src/open_inwoner/accounts/tests/test_auth.py b/src/open_inwoner/accounts/tests/test_auth.py
index 71218d86f1..24b26fb049 100644
--- a/src/open_inwoner/accounts/tests/test_auth.py
+++ b/src/open_inwoner/accounts/tests/test_auth.py
@@ -819,6 +819,17 @@ def setUp(self):
         self.config.login_allow_registration = True
         self.config.save()
 
+    def test_login_page_has_next_url(self):
+        response = self.app.get(reverse("accounts:contact_list"))
+        self.assertRedirects(
+            response,
+            furl(reverse("login")).add({"next": reverse("accounts:contact_list")}).url,
+        )
+        self.assertIn(
+            furl("").add({"next": reverse("accounts:contact_list")}).url,
+            response.follow(),
+        )
+
     def test_login(self):
         """Test that a user is successfully logged in."""
         form = self.app.get(reverse("login")).forms["login-form"]
diff --git a/src/open_inwoner/accounts/tests/test_contact_views.py b/src/open_inwoner/accounts/tests/test_contact_views.py
index 84ff2db128..9edd9241d9 100644
--- a/src/open_inwoner/accounts/tests/test_contact_views.py
+++ b/src/open_inwoner/accounts/tests/test_contact_views.py
@@ -1,9 +1,12 @@
+import io
+
 from django.core import mail
+from django.core.files.images import ImageFile
 from django.urls import reverse
 from django.utils.translation import ugettext_lazy as _
 
 from django_webtest import WebTest
-from furl import furl
+from PIL import Image
 
 from open_inwoner.accounts.models import User
 
@@ -429,3 +432,43 @@ def test_notification_email_for_approval_is_not_sent_when_new_user(self):
 
         # Email should be the one for registration, not for approval
         self.assertEqual(email.subject, "Uitnodiging voor Open Inwoner Platform")
+
+    def test_contacts_image_is_shown_in_contact_approval_section(self):
+        # prepare image
+        image = Image.new("RGB", (10, 10))
+        byteIO = io.BytesIO()
+        image.save(byteIO, format="png")
+        img_bytes = byteIO.getvalue()
+        image = ImageFile(io.BytesIO(img_bytes), name="foo.jpg")
+
+        # update user's type and image
+        existing_user = UserFactory(
+            email="ex@example.com",
+            contact_type=ContactTypeChoices.begeleider,
+            image=image,
+        )
+        self.user.contact_type = ContactTypeChoices.begeleider
+        self.user.image = image
+        self.user.save()
+        self.user.contacts_for_approval.add(existing_user)
+
+        # Receiver contact list page
+        response = self.app.get(self.list_url, user=existing_user)
+        avatar_class = response.pyquery(".avatar")
+
+        self.assertIn(self.user.image.name, avatar_class[0].getchildren()[0].get("src"))
+
+    def test_no_image_is_shown_in_contact_approval_section_when_no_image_set(self):
+        # update user's type
+        existing_user = UserFactory(
+            email="ex@example.com", contact_type=ContactTypeChoices.begeleider
+        )
+        self.user.contact_type = ContactTypeChoices.begeleider
+        self.user.save()
+        self.user.contacts_for_approval.add(existing_user)
+
+        # Receiver contact list page
+        response = self.app.get(self.list_url, user=existing_user)
+        avatar_class = response.pyquery(".avatar")
+
+        self.assertFalse(avatar_class)
diff --git a/src/open_inwoner/accounts/tests/test_user.py b/src/open_inwoner/accounts/tests/test_user.py
index dede3fc7c4..cf14320d86 100644
--- a/src/open_inwoner/accounts/tests/test_user.py
+++ b/src/open_inwoner/accounts/tests/test_user.py
@@ -7,6 +7,7 @@
 from open_inwoner.accounts.choices import LoginTypeChoices
 from open_inwoner.utils.hash import generate_email_from_string
 
+from ...plans.tests.factories import PlanFactory
 from ..models import User
 from .factories import UserFactory
 
@@ -73,3 +74,20 @@ def test_require_necessary_fields_oidc_openinwoner_email(self):
             login_type=LoginTypeChoices.oidc, email="test@example.org", oidc_id="test"
         )
         self.assertTrue(user.require_necessary_fields())
+
+    def test_plan_contact_new_count_methods(self):
+        owner = UserFactory()
+        plan_1 = PlanFactory(created_by=owner)
+        plan_2 = PlanFactory(created_by=owner)
+
+        user = UserFactory()
+        self.assertEqual(0, user.get_plan_contact_new_count())
+
+        plan_1.plan_contacts.add(user)
+        self.assertEqual(1, user.get_plan_contact_new_count())
+
+        plan_2.plan_contacts.add(user)
+        self.assertEqual(2, user.get_plan_contact_new_count())
+
+        user.clear_plan_contact_new_count()
+        self.assertEqual(0, user.get_plan_contact_new_count())
diff --git a/src/open_inwoner/accounts/tests/test_user_manager.py b/src/open_inwoner/accounts/tests/test_user_manager.py
index 68e2527850..1ff629400b 100644
--- a/src/open_inwoner/accounts/tests/test_user_manager.py
+++ b/src/open_inwoner/accounts/tests/test_user_manager.py
@@ -34,4 +34,4 @@ def test_having_usable_email(self):
         UserFactory(first_name="empty", email="")
 
         actual = User.objects.having_usable_email()
-        self.assertEqual(list(actual), expected)
+        self.assertEqual(set(list(actual)), set(expected))
diff --git a/src/open_inwoner/accounts/views/cases.py b/src/open_inwoner/accounts/views/cases.py
index e55e6ff134..ad38d8586b 100644
--- a/src/open_inwoner/accounts/views/cases.py
+++ b/src/open_inwoner/accounts/views/cases.py
@@ -397,7 +397,7 @@ def get_result_display(self, case: Zaak) -> str:
             result = fetch_single_result(case.resultaat)
             if result:
                 return result.toelichting
-        return _("Onbekend")
+        return None
 
     def get_initiator_display(self, case: Zaak) -> str:
         roles = fetch_case_roles(case.url, RolOmschrijving.initiator)
diff --git a/src/open_inwoner/components/templates/components/Action/Actions.html b/src/open_inwoner/components/templates/components/Action/Actions.html
index d3489fa4b7..435d94e00b 100644
--- a/src/open_inwoner/components/templates/components/Action/Actions.html
+++ b/src/open_inwoner/components/templates/components/Action/Actions.html
@@ -26,7 +26,12 @@
                                 {% button icon="edit" text=_("Bewerken") href=action_url icon_outlined=True transparent=True %}
                             </div>
                             <div class="dropdown__item">
-                                {% button icon="history" text=_("History") href="accounts:action_history" uuid=action.uuid icon_outlined=True transparent=True %}
+                                {% if plan %}
+                                    {% url 'plans:plan_action_history' plan_uuid=plan.uuid uuid=action.uuid as action_history_url %}
+                                    {% button icon="history" text=_("History") href=action_history_url uuid=action.uuid icon_outlined=True transparent=True %}
+                                {% else %}
+                                    {% button icon="history" text=_("History") href="accounts:action_history" uuid=action.uuid icon_outlined=True transparent=True %}
+                                {% endif %}
                             </div>
                             <div class="dropdown__item">
                                 {% get_action_delete_url action=action plan=plan as action_url %}
diff --git a/src/open_inwoner/components/templates/components/Card/CardContainer.html b/src/open_inwoner/components/templates/components/Card/CardContainer.html
index d9f09bbf09..32e0dbd182 100644
--- a/src/open_inwoner/components/templates/components/Card/CardContainer.html
+++ b/src/open_inwoner/components/templates/components/Card/CardContainer.html
@@ -20,7 +20,7 @@
     {% if products %}
         {% for product in products %}
             {% get_product_url product as product_url %}
-            {% description_card title=product.name description=product.summary url=product_url image=product.icon image_object_fit=image_object_fit %}
+            {% product_card title=product.name description=product.summary url=product_url image=product.icon image_object_fit=image_object_fit %}
         {% endfor %}
     {% endif %}
 
diff --git a/src/open_inwoner/components/templates/components/Card/CategoryCard.html b/src/open_inwoner/components/templates/components/Card/CategoryCard.html
index ed42ea404f..56b0e23df6 100644
--- a/src/open_inwoner/components/templates/components/Card/CategoryCard.html
+++ b/src/open_inwoner/components/templates/components/Card/CategoryCard.html
@@ -1,5 +1,6 @@
-{% load card_tags icon_tags link_tags helpers utils %}
+{% load icon_tags link_tags helpers utils %}
 
+{# template for subcategory cards with or without product-links #}
 {# create tag for anchor around card - never use anchors within anchors for valid HTML. #}
 {% if category.products.published %}
 <div title="{{ category }}" aria-label="{{ category.name }}" class="card">
diff --git a/src/open_inwoner/components/templates/components/Card/DescriptionCard.html b/src/open_inwoner/components/templates/components/Card/DescriptionCard.html
index 593f97a601..ea65033601 100644
--- a/src/open_inwoner/components/templates/components/Card/DescriptionCard.html
+++ b/src/open_inwoner/components/templates/components/Card/DescriptionCard.html
@@ -1,24 +1,25 @@
-{% load card_tags icon_tags link_tags i18n grid_tags thumbnail %}
+{% load icon_tags link_tags i18n grid_tags thumbnail %}
 
-{% render_card grid=image %}
-    {% if image %}
-        <a href="{{ url }}" class="card__image-container">
-            <img class="card__image" src="{{ image|thumbnail_url:'card-image' }}" alt="{{ image.default_alt_text }}" />
-        </a>
-        <div class="card__content">
-    {% endif %}
-    <h2 class="h2">{% link url text=title %}</h2>
-    <p class="p">{{ description }}</p>
-    {% if object.end_date %}
-        <div class="card__tabled">
-            <div>{% trans "Einddatum" %}:</div>
-            <div>{{ object.end_date }}</div>
-            <div>{% trans "Created by" %}:</div>
-            <div>{{ object.created_by.get_full_name }}</div>
-        </div>
-    {% endif %}
-    {% link url text=title hide_text=True icon='arrow_forward' button=True transparent=True %}
-    {% if image %}
-        </div>
-    {% endif %}
-{% endrender_card %}
+{# template for plans cards and product cards without any images #}
+<a href="{{ url }}" title="{{ title }}" aria-label="{{ title }}" class="card">
+    <div class="card__body">
+        {% if title %}
+            <p class="h4">
+                <span class="link link__text">{{ title }}</span>
+            </p>
+        {% endif %}
+        <p class="p">{{ description }}</p>
+        {% if object.end_date %}
+            <div class="card__tabled">
+                <div>{% trans "Einddatum" %}:</div>
+                <div>{{ object.end_date }}</div>
+                <div>{% trans "Created by" %}:</div>
+                <div>{{ object.created_by.get_full_name }}</div>
+            </div>
+        {% endif %}
+
+        <span class="button button--icon-before button--transparent button--secondary">
+        {% icon icon="arrow_forward" icon_position="after" primary=True outlined=True %}
+        </span>
+    </div>
+</a>
diff --git a/src/open_inwoner/components/templates/components/Card/ProductCard.html b/src/open_inwoner/components/templates/components/Card/ProductCard.html
new file mode 100644
index 0000000000..7d6de8c0df
--- /dev/null
+++ b/src/open_inwoner/components/templates/components/Card/ProductCard.html
@@ -0,0 +1,36 @@
+{% load icon_tags link_tags i18n grid_tags thumbnail %}
+
+{# template for product cards with images #}
+<a href="{{ url }}" title="{{ title }}" aria-label="{{ title }}" class="card">
+
+    {% if image %}
+    <div class="card__body card__body--grid">
+        <div class="card__image-container">
+            <img class="card__image" src="{{ image|thumbnail_url:'card-image' }}" alt="{{ image.default_alt_text }}"/>
+        </div>
+        <div class="card__content">
+                <h2 class="h2"><span class="link link__text">{{ title }}</span></h2>
+    {% else %}
+        <div class="card__body">
+            <div class="card__content">
+            <h2 class="h2"><span class="link link__text">{{ title }}</span></h2>
+    {% endif %}
+            <p class="p">{{ description }}</p>
+            {% if object.end_date %}
+            <div class="card__tabled">
+                <div>{% trans "Einddatum" %}:</div>
+                <div>{{ object.end_date }}</div>
+                <div>{% trans "Created by" %}:</div>
+                <div>{{ object.created_by.get_full_name }}</div>
+            </div>
+            {% endif %}
+
+            <span class="button button--icon-before button--transparent button--secondary">
+            {% icon icon="arrow_forward" icon_position="after" primary=True outlined=True %}
+            </span>
+
+        </div>
+        {# end of card__content #}
+    </div>
+
+</a>
diff --git a/src/open_inwoner/components/templates/components/Header/PrimaryNavigation.html b/src/open_inwoner/components/templates/components/Header/PrimaryNavigation.html
index 36667f6204..49e739f26f 100644
--- a/src/open_inwoner/components/templates/components/Header/PrimaryNavigation.html
+++ b/src/open_inwoner/components/templates/components/Header/PrimaryNavigation.html
@@ -46,7 +46,14 @@
             {% endif %}
             {% if show_plans %}
             <li class="primary-navigation__list-item">
-                {% link text=_('Samenwerken') href='plans:plan_list' icon="people" icon_outlined=True icon_position="before" %}
+            {% link text=_('Samenwerken') href='plans:plan_list' icon="people" icon_outlined=True icon_position="before" %}
+            {% with request.user.get_plan_contact_new_count as plan_count %}
+                {% if plan_count %}
+                    {% with "("|addstr:plan_count|addstr:")" as plan_count %}
+                        {% link text=plan_count href='plans:plan_list' secondary=True %}
+                    {% endwith %}
+                {% endif %}
+            {% endwith %}
             </li>
             {% endif %}
         {% endif %}
diff --git a/src/open_inwoner/components/templatetags/card_tags.py b/src/open_inwoner/components/templatetags/card_tags.py
index 4d1caa32cf..3ddfe5fd20 100644
--- a/src/open_inwoner/components/templatetags/card_tags.py
+++ b/src/open_inwoner/components/templatetags/card_tags.py
@@ -90,6 +90,25 @@ def description_card(title, description, url, **kwargs):
     return kwargs
 
 
+@register.inclusion_tag("components/Card/ProductCard.html")
+def product_card(description, url, **kwargs):
+    """
+    Renders a card with or without an image prepopulated based on `product`.
+
+    Usage:
+        {% product_card title=product.title description=product.intro url=product.get_absolute_url %}
+
+    Available options:
+        + description: string | The description that needs to be displayed.
+        + url: string | The url that the card should point to.
+        - title: string | The title of the card that may be displayed if there is no image.
+        - object: any | The object that needs to render aditional data.
+        - image: FilerImageField | an image that should be used.
+    """
+    kwargs.update(description=description, url=url)
+    return kwargs
+
+
 @register.inclusion_tag("components/Card/CardContainer.html")
 def card_container(categories=[], subcategories=[], products=[], plans=[], **kwargs):
     """
diff --git a/src/open_inwoner/components/templatetags/link_tags.py b/src/open_inwoner/components/templatetags/link_tags.py
index fa661d6d8f..e8b53329b9 100644
--- a/src/open_inwoner/components/templatetags/link_tags.py
+++ b/src/open_inwoner/components/templatetags/link_tags.py
@@ -2,6 +2,8 @@
 from django.urls import NoReverseMatch, reverse
 from django.utils.html import format_html
 
+from furl import furl
+
 register = template.Library()
 
 
@@ -112,3 +114,13 @@ def get_classes():
     kwargs["href"] = get_href()
     kwargs["text"] = text
     return kwargs
+
+
+@register.filter
+def addnexturl(href, next_url):
+    """
+    Concatenates href & next_url.
+    """
+    f = furl(href)
+    f.args["next"] = next_url
+    return f.url
diff --git a/src/open_inwoner/components/templatetags/product_tags.py b/src/open_inwoner/components/templatetags/product_tags.py
index 3885267787..a035693858 100644
--- a/src/open_inwoner/components/templatetags/product_tags.py
+++ b/src/open_inwoner/components/templatetags/product_tags.py
@@ -2,6 +2,8 @@
 from django.urls import NoReverseMatch, reverse
 from django.utils.translation import gettext as _
 
+from open_inwoner.utils.ckeditor import get_product_rendered_content
+
 register = template.Library()
 
 
@@ -36,3 +38,19 @@ def product_finder(
         configurable_text=context["configurable_text"],
     )
     return kwargs
+
+
+@register.filter("product_ckeditor_content")
+def product_ckeditor_content(product):
+    """
+    Returns rendered content from ckeditor's textarea field specifically for a product.
+
+    Usage:
+        {{ object|product_ckeditor_content }}
+
+    Variables:
+        + product: Product | The product object
+    """
+    rendered_content = get_product_rendered_content(product)
+
+    return rendered_content
diff --git a/src/open_inwoner/conf/base.py b/src/open_inwoner/conf/base.py
index a8fc580ff0..9258cbe413 100644
--- a/src/open_inwoner/conf/base.py
+++ b/src/open_inwoner/conf/base.py
@@ -78,7 +78,7 @@
     },
     "axes": {
         "BACKEND": "django_redis.cache.RedisCache",
-        "LOCATION": f"redis://{config('CACHE_AXES', 'localhost:6379/0')}",
+        "LOCATION": f"redis://{config('CACHE_DEFAULT', 'localhost:6379/0')}",
         "OPTIONS": {
             "CLIENT_CLASS": "django_redis.client.DefaultClient",
             "IGNORE_EXCEPTIONS": True,
@@ -86,7 +86,7 @@
     },
     "oidc": {
         "BACKEND": "django_redis.cache.RedisCache",
-        "LOCATION": f"redis://{config('CACHE_OIDC', 'localhost:6379/0')}",
+        "LOCATION": f"redis://{config('CACHE_DEFAULT', 'localhost:6379/0')}",
         "OPTIONS": {
             "CLIENT_CLASS": "django_redis.client.DefaultClient",
             "IGNORE_EXCEPTIONS": True,
@@ -1027,6 +1027,9 @@
 #
 TWO_FACTOR_FORCE_OTP_ADMIN = config("TWO_FACTOR_FORCE_OTP_ADMIN", default=not DEBUG)
 TWO_FACTOR_PATCH_ADMIN = config("TWO_FACTOR_PATCH_ADMIN", default=True)
+ADMIN_INDEX_DISPLAY_DROP_DOWN_MENU_CONDITION_FUNCTION = (
+    "open_inwoner.utils.django_two_factor_auth.should_display_dropdown_menu"
+)
 
 # file upload limits
 MIN_UPLOAD_SIZE = 1  # in bytes
diff --git a/src/open_inwoner/conf/fixtures/django-admin-index.json b/src/open_inwoner/conf/fixtures/django-admin-index.json
index bdf7f3fe52..86cf91a760 100644
--- a/src/open_inwoner/conf/fixtures/django-admin-index.json
+++ b/src/open_inwoner/conf/fixtures/django-admin-index.json
@@ -120,7 +120,7 @@
 {
     "model": "admin_index.appgroup",
     "fields": {
-        "order": 7,
+        "order": 9,
         "name": "Overige / Diverse",
         "slug": "overige-diverse",
         "models": [
@@ -162,7 +162,7 @@
 {
     "model": "admin_index.appgroup",
     "fields": {
-        "order": 6,
+        "order": 7,
         "name": "Configuratie",
         "slug": "configuratie",
         "models": [
@@ -182,61 +182,13 @@
                 "flatpages",
                 "flatpage"
             ],
-            [
-                "haalcentraal",
-                "haalcentraalconfig"
-            ],
             [
                 "mail_editor",
                 "mailtemplate"
             ],
-            [
-                "mozilla_django_oidc_db",
-                "openidconnectconfig"
-            ],
-            [
-                "notifications_api_common",
-                "notificationsconfig"
-            ],
-            [
-                "notifications_api_common",
-                "subscription"
-            ],
-            [
-                "openformsclient",
-                "configuration"
-            ],
-            [
-                "openzaak",
-                "catalogusconfig"
-            ],
-            [
-                "openzaak",
-                "openzaakconfig"
-            ],
-            [
-                "openzaak",
-                "usercasestatusnotification"
-            ],
-            [
-                "openzaak",
-                "zaaktypeconfig"
-            ],
-            [
-                "openzaak",
-                "zaaktypeinformatieobjecttypeconfig"
-            ],
             [
                 "sites",
                 "site"
-            ],
-            [
-                "zgw_consumers",
-                "nlxconfig"
-            ],
-            [
-                "zgw_consumers",
-                "service"
             ]
         ]
     }
@@ -333,6 +285,72 @@
         ]
     }
 },
+{
+    "model": "admin_index.appgroup",
+    "fields": {
+        "order": 6,
+        "name": "Koppelingen",
+        "slug": "koppelingen",
+        "models": [
+            [
+                "haalcentraal",
+                "haalcentraalconfig"
+            ],
+            [
+                "mozilla_django_oidc_db",
+                "openidconnectconfig"
+            ],
+            [
+                "notifications_api_common",
+                "notificationsconfig"
+            ],
+            [
+                "notifications_api_common",
+                "subscription"
+            ],
+            [
+                "openformsclient",
+                "configuration"
+            ],
+            [
+                "openzaak",
+                "catalogusconfig"
+            ],
+            [
+                "openzaak",
+                "openzaakconfig"
+            ],
+            [
+                "openzaak",
+                "usercaseinfoobjectnotification"
+            ],
+            [
+                "openzaak",
+                "usercasestatusnotification"
+            ],
+            [
+                "openzaak",
+                "zaaktypeconfig"
+            ],
+            [
+                "openzaak",
+                "zaaktypeinformatieobjecttypeconfig"
+            ],
+            [
+                "zgw_consumers",
+                "certificate"
+            ],
+            [
+                "zgw_consumers",
+                "nlxconfig"
+            ],
+            [
+                "zgw_consumers",
+                "service"
+            ]
+        ]
+    }
+},
 {
     "model": "admin_index.applink",
     "fields": {
diff --git a/src/open_inwoner/haalcentraal/utils.py b/src/open_inwoner/haalcentraal/utils.py
index e4099e0da5..d82b59fee6 100644
--- a/src/open_inwoner/haalcentraal/utils.py
+++ b/src/open_inwoner/haalcentraal/utils.py
@@ -36,13 +36,10 @@ def fetch_brp_data(instance, brp_version):
                     "burgerservicenummer": [instance.bsn],
                 },
                 request_kwargs=dict(
-                    headers={"Accept": "application/hal+json"}, verify=False
+                    headers={"Accept": "application/json"}, verify=False
                 ),
             )
-        except RequestException as e:
-            logger.exception("exception while making request", exc_info=e)
-            return {}
-        except ClientError as e:
+        except (RequestException, ClientError) as e:
             logger.exception("exception while making request", exc_info=e)
             return {}
 
@@ -68,10 +65,7 @@ def fetch_brp_data(instance, brp_version):
                     verify=False,
                 ),
             )
-        except RequestException as e:
-            logger.exception("exception while making request", exc_info=e)
-            return {}
-        except ClientError as e:
+        except (RequestException, ClientError) as e:
             logger.exception("exception while making request", exc_info=e)
             return {}
 
diff --git a/src/open_inwoner/js/components/cases/index.js b/src/open_inwoner/js/components/cases/index.js
new file mode 100644
index 0000000000..967811e34d
--- /dev/null
+++ b/src/open_inwoner/js/components/cases/index.js
@@ -0,0 +1,16 @@
+class DisableSubmitButton {
+  constructor(form) {
+    this.form = form
+    this.form.addEventListener('submit', this.disableButton.bind(this))
+  }
+
+  disableButton() {
+    const submitButton = this.form.querySelector('button[type="submit"]')
+    submitButton.setAttribute('disabled', 'true')
+  }
+}
+
+const caseDocumentForms = document.querySelectorAll('#document-upload')
+;[...caseDocumentForms].forEach(
+  (caseDocumentForm) => new DisableSubmitButton(caseDocumentForm)
+)
diff --git a/src/open_inwoner/js/components/index.js b/src/open_inwoner/js/components/index.js
index fa7a189e71..833ac6a9cd 100644
--- a/src/open_inwoner/js/components/index.js
+++ b/src/open_inwoner/js/components/index.js
@@ -6,6 +6,7 @@ import './anchor-menu'
 import './autocomplete-search'
 import './autocomplete'
 import './autosumbit'
+import './cases'
 import './confirmation'
 import './contacts'
 import './datepicker'
diff --git a/src/open_inwoner/js/components/map/index.js b/src/open_inwoner/js/components/map/index.js
index dd3108593c..0ccfb1e0b0 100644
--- a/src/open_inwoner/js/components/map/index.js
+++ b/src/open_inwoner/js/components/map/index.js
@@ -3,6 +3,19 @@ import 'leaflet'
 import { RD_CRS } from './rd'
 import { isMobile } from '../../lib/device/is-mobile'
 
+/**
+ * Returns an escaped variable.
+ * @param {string} textVariable
+ * @return {string}
+ */
+function escapeVariableText(textVariable) {
+  if (textVariable) {
+    return escapeHTML(textVariable)
+  } else {
+    return ''
+  }
+}
+
 /** @type {NodeListOf<Element>} All the leaflet maps. */
 const LEAFLET_MAPS = document.querySelectorAll('.map__leaflet')
 
@@ -74,31 +87,50 @@ class Map {
    * @return {string}
    */
   featureToHTML(feature) {
-    const { name, location_url, ...properties } = feature.properties
-    const displayName = name ? escapeHTML(name) : ''
-    const locationDetailView = location_url ? escapeHTML(location_url) : ''
+    const {
+      name,
+      location_url,
+      address_line_1,
+      address_line_2,
+      phonenumber,
+      email,
+      ...properties
+    } = feature.properties
+
+    const displayName = escapeVariableText(name)
+    const locationDetailView = escapeVariableText(location_url)
+    const displayAddress1 = escapeVariableText(address_line_1)
+    const displayAddress2 = escapeVariableText(address_line_2)
+    const displayPhonenumber = escapeVariableText(phonenumber)
+    const displayEmail = escapeVariableText(email)
     let title = ''
-    let finalHTML = ``
 
     if (locationDetailView) {
-      title = `<a href="${locationDetailView}">${displayName}</a>`
+      title = `
+        <a href="${locationDetailView}" class="link link--primary" aria-label=${displayName} title=${displayName}>
+          ${displayName}
+        </a>
+      `
     } else {
       title = displayName
     }
 
-    Object.entries(properties).forEach((property) => {
-      finalHTML += `<p class="p">${escapeHTML(property[1])}</p>`
-    })
-
     return `
-        <div class="leaflet-content-name">
-          <h4 class="h4">
-            ${title}
-          </h4>
-        </div>
-        <div class="leaflet-content-details p--no-margin">
-          ${finalHTML}
-        </div>
+      <div class="leaflet-content-name">
+        <h4 class="h4">
+          ${title}
+        </h4>
+      </div>
+      <div class="leaflet-content-details p--no-margin">
+        <p class="p">${displayAddress1}</p>
+        <p class="p">${displayAddress2}</p>
+        <a href="tel:${displayPhonenumber}" class="link link--primary" aria-label=${displayPhonenumber} title=${displayPhonenumber}>
+          <span class="link__text">${displayPhonenumber}</span>
+        </a>
+        <a href="mailto:${displayEmail}" class="link link--primary" aria-label=${displayEmail} title=${displayEmail}>
+          <span class="link__text">${displayEmail}</span>
+        </a>
+      </div>
     `
   }
 }
diff --git a/src/open_inwoner/openzaak/cases.py b/src/open_inwoner/openzaak/cases.py
index 91a78486b3..64c68ae1ca 100644
--- a/src/open_inwoner/openzaak/cases.py
+++ b/src/open_inwoner/openzaak/cases.py
@@ -44,10 +44,7 @@ def fetch_cases(user_bsn: str, max_cases: Optional[int] = 100) -> List[Zaak]:
                 },
             },
         )
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return []
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return []
 
@@ -65,10 +62,7 @@ def fetch_single_case(case_uuid: str) -> Optional[Zaak]:
 
     try:
         response = client.retrieve("zaak", uuid=case_uuid)
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return
 
@@ -88,10 +82,7 @@ def fetch_single_case_information_object(url: str) -> Optional[ZaakInformatieObj
 
     try:
         response = client.retrieve("zaakinformatieobject", url=url)
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return
 
@@ -104,10 +95,7 @@ def fetch_case_by_url_no_cache(case_url: str) -> Optional[Zaak]:
     client = build_client("zaak")
     try:
         response = client.retrieve("zaak", url=case_url)
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return
 
@@ -130,10 +118,7 @@ def fetch_case_information_objects(case_url: str) -> List[ZaakInformatieObject]:
                 "params": {"zaak": case_url},
             },
         )
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return []
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return []
 
@@ -155,10 +140,7 @@ def fetch_status_history_no_cache(case_url: str) -> List[Status]:
 
     try:
         response = client.list("status", request_kwargs={"params": {"zaak": case_url}})
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return []
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return []
 
@@ -176,10 +158,7 @@ def fetch_single_status(status_url: str) -> Optional[Status]:
 
     try:
         response = client.retrieve("status", url=status_url)
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return
 
@@ -213,10 +192,7 @@ def fetch_case_roles(
             "rol",
             request_kwargs={"params": params},
         )
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return []
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return []
 
@@ -270,10 +246,7 @@ def fetch_case_information_objects_for_case_and_info(
                 },
             },
         )
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return []
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return []
 
@@ -291,10 +264,7 @@ def fetch_single_result(result_url: str) -> Optional[Resultaat]:
 
     try:
         response = client.retrieve("result", url=result_url)
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return
 
@@ -313,10 +283,7 @@ def connect_case_with_document(case_url: str, document_url: str) -> Optional[dic
         response = client.create(
             "zaakinformatieobject", {"zaak": case_url, "informatieobject": document_url}
         )
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return
 
diff --git a/src/open_inwoner/openzaak/catalog.py b/src/open_inwoner/openzaak/catalog.py
index 55922642e2..0685fc984e 100644
--- a/src/open_inwoner/openzaak/catalog.py
+++ b/src/open_inwoner/openzaak/catalog.py
@@ -30,10 +30,7 @@ def fetch_status_types_no_cache(case_type_url: str) -> List[StatusType]:
             "statustype",
             request_kwargs={"params": {"zaaktype": case_type_url}},
         )
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return []
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return []
 
@@ -56,10 +53,7 @@ def fetch_result_types_no_cache(case_type_url: str) -> List[ResultaatType]:
             "resultaattype",
             request_kwargs={"params": {"zaaktype": case_type_url}},
         )
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return []
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return []
 
@@ -79,10 +73,7 @@ def fetch_single_status_type(status_type_url: str) -> Optional[StatusType]:
 
     try:
         response = client.retrieve("statustype", url=status_type_url)
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return
 
@@ -104,10 +95,7 @@ def fetch_zaaktypes_no_cache() -> List[ZaakType]:
 
     try:
         response = get_paginated_results(client, "zaaktype")
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return []
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return []
 
@@ -138,10 +126,7 @@ def fetch_case_types_by_identification_no_cache(
             "zaaktype",
             request_kwargs={"params": params},
         )
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return []
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return []
 
@@ -174,10 +159,7 @@ def fetch_single_case_type(case_type_url: str) -> Optional[ZaakType]:
 
     try:
         response = client.retrieve("zaaktype", url=case_type_url)
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return
 
@@ -200,10 +182,7 @@ def fetch_catalogs_no_cache() -> List[Catalogus]:
             client,
             "catalogus",
         )
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return []
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return []
 
@@ -228,10 +207,7 @@ def fetch_single_information_object_type(
         response = client.retrieve(
             "informatieobjecttype", url=information_object_type_url
         )
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return
 
diff --git a/src/open_inwoner/openzaak/documents.py b/src/open_inwoner/openzaak/documents.py
index 2cab4e507d..7e5e6c5c9a 100644
--- a/src/open_inwoner/openzaak/documents.py
+++ b/src/open_inwoner/openzaak/documents.py
@@ -14,10 +14,7 @@
 
 from open_inwoner.openzaak.api_models import InformatieObject
 from open_inwoner.openzaak.clients import build_client
-from open_inwoner.openzaak.models import (
-    OpenZaakConfig,
-    ZaakTypeInformatieObjectTypeConfig,
-)
+from open_inwoner.openzaak.models import OpenZaakConfig
 
 from .utils import cache as cache_result
 
@@ -50,10 +47,7 @@ def _fetch_single_information_object(
             response = client.retrieve("enkelvoudiginformatieobject", url=url)
         else:
             response = client.retrieve("enkelvoudiginformatieobject", uuid=uuid)
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return
 
@@ -125,10 +119,7 @@ def upload_document(
 
     try:
         response = client.create("enkelvoudiginformatieobject", document_body)
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return
 
diff --git a/src/open_inwoner/openzaak/formapi.py b/src/open_inwoner/openzaak/formapi.py
index 2afe0ae6a9..755249de8a 100644
--- a/src/open_inwoner/openzaak/formapi.py
+++ b/src/open_inwoner/openzaak/formapi.py
@@ -38,10 +38,7 @@ def fetch_open_submissions(bsn: str) -> List[OpenSubmission]:
             "opensubmission",
             request_kwargs={"params": {"bsn": bsn}},
         )
-    except RequestException as e:
-        logger.exception("exception while making request", exc_info=e)
-        return []
-    except ClientError as e:
+    except (RequestException, ClientError) as e:
         logger.exception("exception while making request", exc_info=e)
         return []
 
diff --git a/src/open_inwoner/openzaak/notifications.py b/src/open_inwoner/openzaak/notifications.py
index 613d43891e..4dcbe9ea29 100644
--- a/src/open_inwoner/openzaak/notifications.py
+++ b/src/open_inwoner/openzaak/notifications.py
@@ -83,7 +83,8 @@ def handle_zaken_notification(notification: Notification):
     if not roles:
         log_system_action(
             f"ignored {r} notification: cannot retrieve rollen for case {case_url}",
-            log_level=logging.ERROR,
+            # NOTE this used to be logging.ERROR, but as this is also our first call we get a lot of 403 "Niet geautoriseerd voor zaaktype"
+            log_level=logging.INFO,
         )
         return
 
diff --git a/src/open_inwoner/openzaak/tests/test_notification_zaak_infoobject.py b/src/open_inwoner/openzaak/tests/test_notification_zaak_infoobject.py
index 4f0283dea1..6edfea7c77 100644
--- a/src/open_inwoner/openzaak/tests/test_notification_zaak_infoobject.py
+++ b/src/open_inwoner/openzaak/tests/test_notification_zaak_infoobject.py
@@ -98,7 +98,7 @@ def test_zio_bails_when_no_roles_found_for_case(self, m, mock_handle: Mock):
         self.assertTimelineLog(
             "ignored zaakinformatieobject notification: cannot retrieve rollen for case https://",
             lookup=Lookups.startswith,
-            level=logging.ERROR,
+            level=logging.INFO,
         )
 
     def test_zio_bails_when_no_emailable_users_are_found_for_roles(
diff --git a/src/open_inwoner/openzaak/tests/test_notification_zaak_status.py b/src/open_inwoner/openzaak/tests/test_notification_zaak_status.py
index 5f882eee50..aec3e39357 100644
--- a/src/open_inwoner/openzaak/tests/test_notification_zaak_status.py
+++ b/src/open_inwoner/openzaak/tests/test_notification_zaak_status.py
@@ -94,7 +94,7 @@ def test_status_bails_when_no_roles_found_for_case(self, m, mock_handle: Mock):
         self.assertTimelineLog(
             "ignored status notification: cannot retrieve rollen for case https://",
             lookup=Lookups.startswith,
-            level=logging.ERROR,
+            level=logging.INFO,
         )
 
     def test_status_bails_when_no_emailable_users_are_found_for_roles(
diff --git a/src/open_inwoner/pdc/migrations/0055_alter_product_content.py b/src/open_inwoner/pdc/migrations/0055_alter_product_content.py
new file mode 100644
index 0000000000..db32a93935
--- /dev/null
+++ b/src/open_inwoner/pdc/migrations/0055_alter_product_content.py
@@ -0,0 +1,21 @@
+# Generated by Django 3.2.15 on 2023-03-21 07:49
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("pdc", "0054_alter_organization_logo"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="product",
+            name="content",
+            field=models.TextField(
+                help_text="Product content with build-in WYSIWYG editor. By adding '[CTABUTTON]' you can embed a cta-button for linking to the defined form or link",
+                verbose_name="Content",
+            ),
+        ),
+    ]
diff --git a/src/open_inwoner/pdc/models/product.py b/src/open_inwoner/pdc/models/product.py
index db031498bd..8d304ead94 100644
--- a/src/open_inwoner/pdc/models/product.py
+++ b/src/open_inwoner/pdc/models/product.py
@@ -88,7 +88,9 @@ class Product(models.Model):
     )
     content = models.TextField(
         verbose_name=_("Content"),
-        help_text=_("Product content with build-in WYSIWYG editor"),
+        help_text=_(
+            "Product content with build-in WYSIWYG editor. By adding '[CTABUTTON]' you can embed a cta-button for linking to the defined form or link"
+        ),
     )
     categories = models.ManyToManyField(
         "pdc.Category",
diff --git a/src/open_inwoner/pdc/tests/test_product.py b/src/open_inwoner/pdc/tests/test_product.py
index cc6f6c549d..4dae1e41a1 100644
--- a/src/open_inwoner/pdc/tests/test_product.py
+++ b/src/open_inwoner/pdc/tests/test_product.py
@@ -147,3 +147,64 @@ def test_product_detail_shows_product_faq(self):
         self.assertTrue(response.pyquery('.anchor-menu a[href="#faq"]'))
         # check if the menu link target
         self.assertTrue(response.pyquery("#faq"))
+
+
+class TestProductContent(WebTest):
+    def test_button_is_rendered_inside_content_when_link_and_cta_exist(self):
+        product = ProductFactory(
+            content="Some content [CTABUTTON]", link="http://www.example.com"
+        )
+
+        response = self.app.get(
+            reverse("pdc:product_detail", kwargs={"slug": product.slug})
+        )
+        cta_button = response.pyquery(".grid__main")[0].find_class("cta-button")
+
+        self.assertTrue(cta_button)
+        self.assertIn(product.link, cta_button[0].values())
+
+    def test_button_is_rendered_inside_content_when_form_and_cta_exist(self):
+        product = ProductFactory(content="Some content [CTABUTTON]", form="demo")
+
+        response = self.app.get(
+            reverse("pdc:product_detail", kwargs={"slug": product.slug})
+        )
+        cta_button = response.pyquery(".grid__main")[0].find_class("cta-button")
+
+        self.assertTrue(cta_button)
+        self.assertIn(product.form_link, cta_button[0].values())
+
+    def test_button_is_rendered_inside_content_when_form_and_link_and_cta_exist(self):
+        product = ProductFactory(
+            content="Some content [CTABUTTON]",
+            link="http://www.example.com",
+            form="demo",
+        )
+
+        response = self.app.get(
+            reverse("pdc:product_detail", kwargs={"slug": product.slug})
+        )
+        cta_button = response.pyquery(".grid__main")[0].find_class("cta-button")
+
+        self.assertTrue(cta_button)
+        self.assertIn(product.link, cta_button[0].values())
+
+    def test_button_is_not_rendered_inside_content_when_no_cta(self):
+        product = ProductFactory(content="Some content", link="http://www.example.com")
+
+        response = self.app.get(
+            reverse("pdc:product_detail", kwargs={"slug": product.slug})
+        )
+        cta_button = response.pyquery(".grid__main")[0].find_class("cta-button")
+
+        self.assertFalse(cta_button)
+
+    def test_button_is_not_rendered_inside_content_when_no_form_or_link(self):
+        product = ProductFactory(content="Some content [CTABUTTON]")
+
+        response = self.app.get(
+            reverse("pdc:product_detail", kwargs={"slug": product.slug})
+        )
+        cta_button = response.pyquery(".grid__main")[0].find_class("cta-button")
+
+        self.assertFalse(cta_button)
diff --git a/src/open_inwoner/pdc/views.py b/src/open_inwoner/pdc/views.py
index 68be083cd0..5ddcfef7e7 100644
--- a/src/open_inwoner/pdc/views.py
+++ b/src/open_inwoner/pdc/views.py
@@ -60,7 +60,7 @@ def page_title(self):
     def get_context_data(self, **kwargs):
         config = SiteConfiguration.get_solo()
 
-        limit = 3 if self.request.user.is_authenticated else 4
+        limit = 4
         kwargs.update(categories=Category.objects.published().order_by("name")[:limit])
         kwargs.update(product_locations=ProductLocation.objects.all()[:1000])
         kwargs.update(
@@ -86,7 +86,7 @@ def get_context_data(self, **kwargs):
             and self.request.user.selected_themes.exists()
         ):
             kwargs.update(
-                categories=self.request.user.selected_themes.order_by("name")[:3]
+                categories=self.request.user.selected_themes.order_by("name")[:limit]
             )
         elif highlighted_categories:
             kwargs.update(categories=highlighted_categories)
diff --git a/src/open_inwoner/plans/migrations/0013_auto_20230223_1115.py b/src/open_inwoner/plans/migrations/0013_auto_20230223_1115.py
index 7a756d545e..b14a9a0440 100644
--- a/src/open_inwoner/plans/migrations/0013_auto_20230223_1115.py
+++ b/src/open_inwoner/plans/migrations/0013_auto_20230223_1115.py
@@ -6,6 +6,7 @@
 class Migration(migrations.Migration):
 
     dependencies = [
+        ("accounts", "0055_user_image"),
         ("plans", "0012_remove_actiontemplate_goal"),
     ]
 
diff --git a/src/open_inwoner/plans/migrations/0014_auto_20230306_1017.py b/src/open_inwoner/plans/migrations/0014_auto_20230306_1017.py
new file mode 100644
index 0000000000..cf2a98785f
--- /dev/null
+++ b/src/open_inwoner/plans/migrations/0014_auto_20230306_1017.py
@@ -0,0 +1,70 @@
+# Generated by Django 3.2.15 on 2023-03-06 09:17
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0055_user_image"),
+        ("plans", "0013_auto_20230223_1115"),
+    ]
+
+    # https://docs.djangoproject.com/en/3.2/howto/writing-migrations/#changing-a-manytomanyfield-to-use-a-through-model
+
+    operations = [
+        migrations.SeparateDatabaseAndState(
+            database_operations=[
+                migrations.RunSQL(
+                    sql="ALTER TABLE plans_plan_plan_contacts RENAME TO plans_plancontact",
+                    reverse_sql="ALTER TABLE plans_plancontact RENAME TO plans_plan_plan_contacts",
+                ),
+            ],
+            state_operations=[
+                migrations.CreateModel(
+                    name="PlanContact",
+                    fields=[
+                        (
+                            "id",
+                            models.AutoField(
+                                auto_created=True,
+                                primary_key=True,
+                                serialize=False,
+                                verbose_name="ID",
+                            ),
+                        ),
+                        (
+                            "user",
+                            models.ForeignKey(
+                                on_delete=django.db.models.deletion.CASCADE,
+                                to=settings.AUTH_USER_MODEL,
+                                verbose_name="Contact",
+                            ),
+                        ),
+                        (
+                            "plan",
+                            models.ForeignKey(
+                                on_delete=django.db.models.deletion.CASCADE,
+                                to="plans.plan",
+                                verbose_name="Plan",
+                            ),
+                        ),
+                    ],
+                ),
+                migrations.AlterField(
+                    model_name="plan",
+                    name="plan_contacts",
+                    field=models.ManyToManyField(
+                        blank=True,
+                        help_text="The contact that will help you with this plan.",
+                        related_name="plans",
+                        through="plans.PlanContact",
+                        to=settings.AUTH_USER_MODEL,
+                        verbose_name="Contacts",
+                    ),
+                ),
+            ],
+        ),
+    ]
diff --git a/src/open_inwoner/plans/migrations/0015_plancontact_notify_new.py b/src/open_inwoner/plans/migrations/0015_plancontact_notify_new.py
new file mode 100644
index 0000000000..7785dd23a3
--- /dev/null
+++ b/src/open_inwoner/plans/migrations/0015_plancontact_notify_new.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.15 on 2023-03-06 09:34
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("plans", "0014_auto_20230306_1017"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="plancontact",
+            name="notify_new",
+            field=models.BooleanField(default=False, verbose_name="Notify contact"),
+        ),
+    ]
diff --git a/src/open_inwoner/plans/migrations/0016_alter_plancontact_notify_new.py b/src/open_inwoner/plans/migrations/0016_alter_plancontact_notify_new.py
new file mode 100644
index 0000000000..71faed0d75
--- /dev/null
+++ b/src/open_inwoner/plans/migrations/0016_alter_plancontact_notify_new.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.15 on 2023-03-13 10:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("plans", "0015_plancontact_notify_new"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="plancontact",
+            name="notify_new",
+            field=models.BooleanField(default=True, verbose_name="Notify contact"),
+        ),
+    ]
diff --git a/src/open_inwoner/plans/models.py b/src/open_inwoner/plans/models.py
index ca6a75fb48..c0d01b03f2 100644
--- a/src/open_inwoner/plans/models.py
+++ b/src/open_inwoner/plans/models.py
@@ -90,6 +90,16 @@ class ActionTemplate(models.Model):
     )
 
 
+class PlanContact(models.Model):
+    plan = models.ForeignKey(
+        "plans.Plan", verbose_name=_("Plan"), on_delete=models.CASCADE
+    )
+    user = models.ForeignKey(
+        "accounts.User", verbose_name=_("Contact"), on_delete=models.CASCADE
+    )
+    notify_new = models.BooleanField(verbose_name=_("Notify contact"), default=True)
+
+
 class Plan(models.Model):
     uuid = models.UUIDField(verbose_name=_("UUID"), default=uuid4, unique=True)
     title = models.CharField(
@@ -116,6 +126,7 @@ class Plan(models.Model):
         related_name="plans",
         blank=True,
         help_text=_("The contact that will help you with this plan."),
+        through=PlanContact,
     )
     created_by = models.ForeignKey(
         "accounts.User", verbose_name=_("Created by"), on_delete=models.CASCADE
diff --git a/src/open_inwoner/plans/tests/test_data_migrations.py b/src/open_inwoner/plans/tests/test_data_migrations.py
index 752f393e77..8dab873a67 100644
--- a/src/open_inwoner/plans/tests/test_data_migrations.py
+++ b/src/open_inwoner/plans/tests/test_data_migrations.py
@@ -44,3 +44,41 @@ def setUpBeforeMigration(self, apps):
     def test_plan_contacts_is_updated_with_existing_contact(self):
         self.plan.refresh_from_db()
         self.assertEqual(list(self.plan.plan_contacts.all()), [self.contact_user])
+
+
+class PlanContactThroughModelMigrationTests(TestMigrations):
+    app = "plans"
+    migrate_from = "0013_auto_20230223_1115"
+    migrate_to = "0015_plancontact_notify_new"
+
+    extra_migrate_from = [("accounts", "0055_user_image")]
+
+    def setUpBeforeMigration(self, apps):
+        UserModel = apps.get_model("accounts", "User")
+        self.user = UserModel.objects.create(
+            email="user@example.com",
+        )
+        self.other_user = UserModel.objects.create(
+            email="other_user@example.com",
+        )
+
+        PlanModel = apps.get_model("plans", "Plan")
+        self.plan = PlanModel.objects.create(
+            title="A title",
+            end_date="2021-01-10",
+            created_by=self.user,
+        )
+        self.plan.plan_contacts.add(self.other_user)
+
+    def test_plan_contacts_still_exist(self):
+        UserModel = self.apps.get_model("accounts", "User")
+        PlanModel = self.apps.get_model("plans", "Plan")
+        PlanContact = self.apps.get_model("plans", "PlanContact")
+
+        other_user = UserModel.objects.get(id=self.other_user.id)
+        plan = PlanModel.objects.get(id=self.plan.id)
+        self.assertEqual(list(plan.plan_contacts.all()), [other_user])
+
+        # check we don't notify existing contacts
+        contact = PlanContact.objects.get()
+        self.assertEqual(contact.notify_new, False)
diff --git a/src/open_inwoner/plans/tests/test_views.py b/src/open_inwoner/plans/tests/test_views.py
index 7ab3cb2b15..3df5be98c7 100644
--- a/src/open_inwoner/plans/tests/test_views.py
+++ b/src/open_inwoner/plans/tests/test_views.py
@@ -15,7 +15,7 @@
 from open_inwoner.accounts.tests.test_action_views import ActionsPlaywrightTests
 from open_inwoner.utils.tests.playwright import multi_browser
 
-from ..models import Plan
+from ..models import Plan, PlanContact
 from .factories import ActionTemplateFactory, PlanFactory, PlanTemplateFactory
 
 
@@ -51,6 +51,10 @@ def setUp(self) -> None:
             "plans:plan_action_edit",
             kwargs={"plan_uuid": self.plan.uuid, "uuid": self.action.uuid},
         )
+        self.action_history_url = reverse(
+            "plans:plan_action_history",
+            kwargs={"plan_uuid": self.plan.uuid, "uuid": self.action.uuid},
+        )
         self.action_edit_status_url = reverse(
             "plans:plan_action_edit_status",
             kwargs={"plan_uuid": self.plan.uuid, "uuid": self.action.uuid},
@@ -77,6 +81,10 @@ def test_creator_is_added_when_create_plan(self):
         self.assertEqual(created_plan.plan_contacts.get(), self.user)
         self.assertEqual(created_plan.created_by, self.user)
 
+        contact = PlanContact.objects.get(plan=created_plan)
+        self.assertEqual(contact.user, self.user)
+        self.assertEqual(contact.notify_new, True)
+
     def test_plan_list_filled(self):
         response = self.app.get(self.list_url, user=self.user)
         self.assertEqual(response.status_code, 200)
@@ -484,6 +492,13 @@ def test_plan_action_edit_not_changed(self):
         # no notification is sent
         self.assertEqual(len(mail.outbox), 0)
 
+    def test_plan_actions_history_breadcrumbs(self):
+        response = self.app.get(self.action_history_url, user=self.user)
+        crumbs = response.pyquery(".breadcrumbs__list-item")
+        self.assertIn(_("Samenwerking"), crumbs[1].text_content())
+        self.assertIn(self.plan.title, crumbs[2].text_content())
+        self.assertIn(self.action.name, crumbs[3].text_content())
+
     def test_plan_action_delete_login_required_http_403(self):
         response = self.client.post(self.action_delete_url)
         self.assertEquals(response.status_code, 403)
@@ -1000,6 +1015,54 @@ def test_search_returns_expected_plans_when_matched_with_plan_title(self):
         )
 
 
+class NewPlanContactCounterTest(WebTest):
+    def test_plan_contact_new_count(self):
+        owner = UserFactory()
+        plan_1 = PlanFactory(created_by=owner)
+        plan_2 = PlanFactory(created_by=owner)
+
+        user = UserFactory()
+
+        root_url = reverse("root")
+        list_url = reverse("plans:plan_list")
+
+        # check no number shows by default
+        response = self.app.get(root_url, user=user)
+        links = response.pyquery(
+            f".header__container > .primary-navigation a[href='{list_url}']"
+        )
+        self.assertEqual(len(links), 1)
+        self.assertEqual(links.text(), _("Samenwerken") + " people")
+
+        # check if the number shows up in the menu
+        plan_1.plan_contacts.add(user)
+        plan_2.plan_contacts.add(user)
+        self.assertEqual(2, user.get_plan_contact_new_count())
+
+        response = self.app.get(root_url, user=user)
+        links = response.pyquery(
+            f".header__container > .primary-navigation a[href='{list_url}']"
+        )
+        # second link appears
+        self.assertEqual(len(links), 2)
+        self.assertIn("(2)", links.text())
+
+        # access the list page to reset
+        response = self.app.get(list_url, user=user)
+        links = response.pyquery(
+            f".header__container > .primary-navigation a[href='{list_url}']"
+        )
+        self.assertEqual(len(links), 1)
+        self.assertEqual(links.text(), _("Samenwerken") + " people")
+
+        # check this doesn't appear for owner
+        response = self.app.get(root_url, user=owner)
+        links = response.pyquery(
+            f".header__container > .primary-navigation a[href='{list_url}']"
+        )
+        self.assertEqual(len(links), 1)
+
+
 @multi_browser()
 class PlanActionStatusPlaywrightTests(ActionsPlaywrightTests):
     def setUp(self) -> None:
diff --git a/src/open_inwoner/plans/urls.py b/src/open_inwoner/plans/urls.py
index 2669fe2a5a..7489532090 100644
--- a/src/open_inwoner/plans/urls.py
+++ b/src/open_inwoner/plans/urls.py
@@ -5,6 +5,7 @@
     PlanActionDeleteView,
     PlanActionEditStatusTagView,
     PlanActionEditView,
+    PlanActionHistoryView,
     PlanCreateView,
     PlanDetailView,
     PlanEditView,
@@ -42,5 +43,10 @@
         PlanActionDeleteView.as_view(),
         name="plan_action_delete",
     ),
+    path(
+        "<uuid:plan_uuid>/actions/<str:uuid>/history/",
+        PlanActionHistoryView.as_view(),
+        name="plan_action_history",
+    ),
     path("<uuid:uuid>/export/", PlanExportView.as_view(), name="plan_export"),
 ]
diff --git a/src/open_inwoner/plans/views.py b/src/open_inwoner/plans/views.py
index 968d743851..32e0aeb172 100644
--- a/src/open_inwoner/plans/views.py
+++ b/src/open_inwoner/plans/views.py
@@ -17,6 +17,7 @@
 from open_inwoner.accounts.views.actions import (
     ActionCreateView,
     ActionDeleteView,
+    ActionHistoryView,
     ActionUpdateStatusTagView,
     ActionUpdateView,
     BaseActionFilter,
@@ -95,6 +96,10 @@ def get_queryset(self):
             .order_by("end_date")
         )
 
+    def get(self, request, *args, **kwargs):
+        self.request.user.clear_plan_contact_new_count()
+        return super().get(request, *args, **kwargs)
+
     def get_available_contacts_for_filtering(self, plans):
         """
         Return all available contacts for filtering for all the plans.
@@ -178,7 +183,7 @@ class PlanDetailView(
     @cached_property
     def crumbs(self):
         return [
-            (_("Samenwerkingsplannen"), reverse("plans:plan_list")),
+            (_("Samenwerken"), reverse("plans:plan_list")),
             (self.get_object().title, reverse("plans:plan_detail", kwargs=self.kwargs)),
         ]
 
@@ -223,8 +228,8 @@ class PlanCreateView(
     @cached_property
     def crumbs(self):
         return [
-            (_("Samenwerkingsplannen"), reverse("plans:plan_list")),
-            (_("Maak samenwerkingsplan aan"), reverse("plans:plan_create")),
+            (_("Samenwerken"), reverse("plans:plan_list")),
+            (_("Start nieuwe samenwerking"), reverse("plans:plan_create")),
         ]
 
     def get_form_kwargs(self):
@@ -520,6 +525,30 @@ def on_delete_action(self, action):
             )
 
 
+class PlanActionHistoryView(ActionHistoryView):
+    @cached_property
+    def crumbs(self):
+        return [
+            (_("Samenwerking"), reverse("plans:plan_list")),
+            (
+                self.get_plan().title,
+                reverse("plans:plan_detail", kwargs={"uuid": self.get_plan().uuid}),
+            ),
+            (
+                _("History of {}").format(self.object.name),
+                reverse("plans:plan_action_history", kwargs=self.kwargs),
+            ),
+        ]
+
+    def get_plan(self):
+        try:
+            return Plan.objects.connected(self.request.user).get(
+                uuid=self.kwargs.get("plan_uuid")
+            )
+        except ObjectDoesNotExist as e:
+            raise Http404
+
+
 class PlanExportView(
     PlansEnabledMixin, LogMixin, LoginRequiredMixin, ExportMixin, DetailView
 ):
diff --git a/src/open_inwoner/scss/components/Card/Card.scss b/src/open_inwoner/scss/components/Card/Card.scss
index cbd162a6a9..750fad316c 100644
--- a/src/open_inwoner/scss/components/Card/Card.scss
+++ b/src/open_inwoner/scss/components/Card/Card.scss
@@ -73,6 +73,11 @@
   }
   &__body {
     padding: var(--card-spacing);
+
+    /// clickable plans on home page after authenticated
+    .plan-list {
+      text-decoration: none;
+    }
   }
 
   &__body--grid {
@@ -159,7 +164,8 @@
   }
 
   /// Arrow button on product cards.
-  a.button:last-child {
+  a.button:last-child,
+  span.button:last-child {
     float: right;
   }
 
diff --git a/src/open_inwoner/scss/components/CardContainer/CardContainer.scss b/src/open_inwoner/scss/components/CardContainer/CardContainer.scss
index 5f556a6f3b..7afed236f1 100644
--- a/src/open_inwoner/scss/components/CardContainer/CardContainer.scss
+++ b/src/open_inwoner/scss/components/CardContainer/CardContainer.scss
@@ -31,3 +31,12 @@
 .card-container + h2 {
   margin-top: var(--gutter-width);
 }
+
+/// Exceptions for forms inside cards
+
+.registration-grid,
+.login-grid {
+  .card {
+    max-width: 100%;
+  }
+}
diff --git a/src/open_inwoner/scss/components/Cases/Cases.scss b/src/open_inwoner/scss/components/Cases/Cases.scss
index 05171f8f2e..08acb5d0ce 100644
--- a/src/open_inwoner/scss/components/Cases/Cases.scss
+++ b/src/open_inwoner/scss/components/Cases/Cases.scss
@@ -1,3 +1,17 @@
 .cases {
   margin-top: var(--spacing-giant);
+
+  /// cards on cases page
+  .card {
+    .cases__link {
+      text-decoration: none;
+    }
+  }
+}
+
+#document-upload .button[type='submit']:disabled {
+  border-color: var(--color-gray) !important;
+  color: var(--color-gray-light);
+  pointer-events: none;
+  cursor: default;
 }
diff --git a/src/open_inwoner/scss/components/Contacts/Contacts.scss b/src/open_inwoner/scss/components/Contacts/Contacts.scss
index 7647e4fa59..727b4b855e 100644
--- a/src/open_inwoner/scss/components/Contacts/Contacts.scss
+++ b/src/open_inwoner/scss/components/Contacts/Contacts.scss
@@ -9,6 +9,9 @@
     }
 
     .avatar {
+      display: flex;
+      justify-content: center;
+      align-items: center;
       padding: 15px 15px 10px;
       margin-top: var(--gutter-width);
       border: var(--border-width) solid var(--color-success-lighter);
diff --git a/src/open_inwoner/scss/components/Header/AnchorMenu.scss b/src/open_inwoner/scss/components/Header/AnchorMenu.scss
index 10f69f00ea..a120958ced 100644
--- a/src/open_inwoner/scss/components/Header/AnchorMenu.scss
+++ b/src/open_inwoner/scss/components/Header/AnchorMenu.scss
@@ -17,7 +17,7 @@
   width: 100%;
   list-style: none;
   margin: 0;
-  padding: 0;
+  padding: var(--spacing-extra-large);
   z-index: 1002;
 
   &--desktop {
@@ -66,11 +66,13 @@
 
   .link {
     box-sizing: border-box;
-    padding: var(--spacing-large);
+    padding: var(--spacing-medium) var(--spacing-large) var(--spacing-medium)
+      var(--spacing-large);
 
     @media (min-width: 768px) {
       border-left: var(--border-width) solid;
       border-color: var(--color-gray-light);
+      padding: var(--spacing-large);
     }
   }
 
@@ -84,7 +86,8 @@
 
   &--mobile__title {
     box-sizing: border-box;
-    padding: var(--spacing-large);
+    padding: var(--spacing-large) var(--spacing-large) var(--spacing-medium)
+      var(--spacing-large);
 
     &.h4 {
       color: var(--color-primary);
diff --git a/src/open_inwoner/scss/components/List/_List.scss b/src/open_inwoner/scss/components/List/_List.scss
index 3bb15b1468..5af1bfa451 100644
--- a/src/open_inwoner/scss/components/List/_List.scss
+++ b/src/open_inwoner/scss/components/List/_List.scss
@@ -4,6 +4,10 @@
   padding: 0;
   width: 100%;
   overflow-y: auto;
+
+  .case-list {
+    text-decoration: none;
+  }
 }
 
 .search + .list {
diff --git a/src/open_inwoner/scss/views/Categories.scss b/src/open_inwoner/scss/views/Categories.scss
new file mode 100644
index 0000000000..90f6391bc1
--- /dev/null
+++ b/src/open_inwoner/scss/views/Categories.scss
@@ -0,0 +1,24 @@
+.categories {
+  &__content {
+    .card-container {
+      grid-template-columns: repeat(auto-fit, 228px);
+
+      .card {
+        max-width: 360px;
+      }
+    }
+  }
+
+  &__products {
+    margin-top: var(--gutter-width);
+
+    .card-container {
+      margin-top: var(--gutter-width);
+      grid-template-columns: repeat(var(--card-columns), 1fr);
+
+      .card {
+        max-width: 100%;
+      }
+    }
+  }
+}
diff --git a/src/open_inwoner/scss/views/Home.scss b/src/open_inwoner/scss/views/Home.scss
new file mode 100644
index 0000000000..4ae6361473
--- /dev/null
+++ b/src/open_inwoner/scss/views/Home.scss
@@ -0,0 +1,11 @@
+/// Cards on Home Page and Theme page
+
+.home {
+  .card-container {
+    grid-template-columns: repeat(auto-fit, 228px);
+
+    .card {
+      max-width: 360px;
+    }
+  }
+}
diff --git a/src/open_inwoner/scss/views/_index.scss b/src/open_inwoner/scss/views/_index.scss
index 51b490f1b6..15b4cba304 100644
--- a/src/open_inwoner/scss/views/_index.scss
+++ b/src/open_inwoner/scss/views/_index.scss
@@ -1,5 +1,7 @@
 @import './App.scss';
 @import './body';
+@import './Categories.scss';
+@import './Home.scss';
 @import './Plans.scss';
 @import './product_detail';
 @import './view';
diff --git a/src/open_inwoner/templates/pages/cases/list.html b/src/open_inwoner/templates/pages/cases/list.html
index b7cf5bcdd5..2d490fa27b 100644
--- a/src/open_inwoner/templates/pages/cases/list.html
+++ b/src/open_inwoner/templates/pages/cases/list.html
@@ -1,5 +1,5 @@
 {% extends 'master.html' %}
-{% load i18n anchor_menu_tags card_tags grid_tags icon_tags link_tags list_tags pagination_tags utils %}
+{% load i18n anchor_menu_tags grid_tags icon_tags link_tags list_tags pagination_tags utils %}
 
 {% block sidebar_content %}
     {% anchor_menu anchors=anchors desktop=True %}
@@ -13,15 +13,27 @@ <h2 class="h2" id="cases">{{ page_title }} ({{ paginator.count }})</h2>
         {% render_grid %}
             {% for case in cases %}
                 {% render_column start=forloop.counter_0|multiply:4 span=4 %}
-                    {% render_card compact=True stretch=True title=case.identificatie %}
-                        {% render_list %}
-                            {% list_item case.current_status caption=_("Status") compact=True strong=False %}
-                            {% list_item case.start_date caption=_("Ontvangstdatum") compact=True strong=False %}
-                            {% list_item case.description caption=_("Omschrijving") compact=True strong=False %}
-                        {% endrender_list %}
+                <div class="card card--compact card--stretch">
+                    <div class="card__body">
+                    <a href="{% url 'accounts:case_status' object_id=case.uuid %}" class="cases__link">
+                            <p class="h4">
+                                <span class="link link__text">{{ case.identificatie }}</span>
+                            </p>
+                            {% render_list %}
+                                <span class="case-list">
+                                {% list_item case.current_status caption=_("Status") compact=True strong=False %}
+                                {% list_item case.start_date caption=_("Ontvangstdatum") compact=True strong=False %}
+                                {% list_item case.description caption=_("Omschrijving") compact=True strong=False %}
+                                </span>
+                            {% endrender_list %}
 
-                        {% link href="accounts:case_status" object_id=case.uuid icon="arrow_forward" primary=True text=_("Bekijk aanvraag") %}
-                    {% endrender_card %}
+                            <span class="link link--icon link--primary" aria-label="{% trans "Bekijk aanvraag" %}" title="{% trans "Bekijk aanvraag" %}">
+                                <span class="link__text">{% trans "Bekijk aanvraag" %}</span>
+                                {% icon icon="arrow_forward" icon_position="after" primary=True outlined=True %}
+                            </span>
+                    </a>
+                    </div>
+                </div>
                 {% endrender_column %}
             {% endfor %}
         {% endrender_grid %}
diff --git a/src/open_inwoner/templates/pages/category/detail.html b/src/open_inwoner/templates/pages/category/detail.html
index d53218cc78..5404a6c932 100644
--- a/src/open_inwoner/templates/pages/category/detail.html
+++ b/src/open_inwoner/templates/pages/category/detail.html
@@ -10,39 +10,43 @@
 {% endblock header_image %}
 
 {% block content %}
-    <h1 class="h1">
-        {{ object.name }}
-        {% if request.user.is_staff %}
-            {% button icon="edit" text=_("Open in admin") hide_text=True href="admin:pdc_category_change" object_id=object.pk %}
-        {% endif %}
-    </h1>
-    <p class="p">{{ object.description|linebreaksbr }}</p>
+    <div class="categories__content">
+        <h1 class="h1">
+            {{ object.name }}
+            {% if request.user.is_staff %}
+                {% button icon="edit" text=_("Open in admin") hide_text=True href="admin:pdc_category_change" object_id=object.pk %}
+            {% endif %}
+        </h1>
+        <p class="p">{{ object.description|linebreaksbr }}</p>
 
-    {% if subcategories %}
-        {% card_container subcategories=subcategories parent_category=object %}
-    {% endif %}
+        {% if subcategories %}
+            {% card_container subcategories=subcategories parent_category=object %}
+        {% endif %}
 
-    {% if products %}
-        {% card_container products=products small=True parent=object %}
-    {% endif %}
+        {% if products %}
+            <div class="categories__products">
+            {% card_container products=products small=True parent=object %}
+            </div>
+        {% endif %}
 
-    {% if category.question_set.all %}
-        {% render_grid %}
-            {% render_column span=6 %}
-                {% faq category.question_set.all %}
-            {% endrender_column %}
-        {% endrender_grid %}
-    {% endif %}
+        {% if category.question_set.all %}
+            {% render_grid %}
+                {% render_column span=6 %}
+                    {% faq category.question_set.all %}
+                {% endrender_column %}
+            {% endrender_grid %}
+        {% endif %}
 
-    {% if questionnaire_roots %}
-        <div class="grid">
-            <div class="column column--start-1 column--span-6 ">
-                <aside class="questionnaire">
-                    <h2 class="h2">{{configurable_text.questionnaire_page.select_questionnaire_title}}</h2>
-                    {% optional_paragraph configurable_text.questionnaire_page.select_questionnaire_intro %}
-                    {% questionnaire root_nodes=questionnaire_roots %}
-                </aside>
+        {% if questionnaire_roots %}
+            <div class="grid">
+                <div class="column column--start-1 column--span-6 ">
+                    <aside class="questionnaire">
+                        <h2 class="h2">{{configurable_text.questionnaire_page.select_questionnaire_title}}</h2>
+                        {% optional_paragraph configurable_text.questionnaire_page.select_questionnaire_intro %}
+                        {% questionnaire root_nodes=questionnaire_roots %}
+                    </aside>
+                </div>
             </div>
-        </div>
-    {% endif %}
+        {% endif %}
+    </div>
 {% endblock content %}
diff --git a/src/open_inwoner/templates/pages/category/list.html b/src/open_inwoner/templates/pages/category/list.html
index 212d9422e1..03f6d0f2ef 100644
--- a/src/open_inwoner/templates/pages/category/list.html
+++ b/src/open_inwoner/templates/pages/category/list.html
@@ -2,8 +2,10 @@
 {% load card_tags %}
 
 {% block content %}
-<h1 class="h1">{{configurable_text.theme_page.theme_title}}</h1>
-<p class="p">{{configurable_text.theme_page.theme_intro|linebreaksbr}}</p>
+<div class="categories__content">
+    <h1 class="h1">{{configurable_text.theme_page.theme_title}}</h1>
+    <p class="p">{{configurable_text.theme_page.theme_intro|linebreaksbr}}</p>
 
-{% card_container categories=object_list %}
+    {% card_container categories=object_list %}
+</div>
 {% endblock content %}
diff --git a/src/open_inwoner/templates/pages/home.html b/src/open_inwoner/templates/pages/home.html
index 8ab2a73d45..95c30efd82 100644
--- a/src/open_inwoner/templates/pages/home.html
+++ b/src/open_inwoner/templates/pages/home.html
@@ -8,6 +8,7 @@
 {% endblock header_image %}
 
 {% block content %}
+    <div class="home">
     {% block user_content %}
         <div class="grid__welcome">
             <h1 class="h1">{{configurable_text.home_page.home_welcome_title}}</h1>
@@ -24,7 +25,7 @@ <h2 class="h2">
     <p class="p">{{configurable_text.home_page.home_theme_intro|linebreaksbr}}</p>
 
     {% if request.user.is_authenticated %}
-        {% card_container categories=categories columns=3 image_object_fit="cover" %}
+        {% card_container categories=categories columns=4 image_object_fit="cover" %}
     {% else %}
         {% card_container categories=categories image_object_fit="cover" %}
     {% endif %}
@@ -45,4 +46,5 @@ <h2 class="h2">{{configurable_text.home_page.home_map_title}}</h2>
     {% with centroid=product_locations.get_centroid %}
         {% map centroid.lat centroid.lng geojson_feature_collection=product_locations.get_geojson_feature_collection %}
     {% endwith %}
+    </div>
 {% endblock %}
diff --git a/src/open_inwoner/templates/pages/product/detail.html b/src/open_inwoner/templates/pages/product/detail.html
index 72196a4cf1..f76207238e 100644
--- a/src/open_inwoner/templates/pages/product/detail.html
+++ b/src/open_inwoner/templates/pages/product/detail.html
@@ -1,5 +1,5 @@
 {% extends 'master.html' %}
-{% load i18n l10n button_tags card_tags faq_tags file_tags grid_tags icon_tags link_tags map_tags notification_tags tag_tags utils condition_tags render_tags anchor_menu_tags %}
+{% load i18n l10n button_tags card_tags faq_tags file_tags grid_tags icon_tags link_tags map_tags notification_tags tag_tags utils condition_tags render_tags anchor_menu_tags product_tags %}
 
 {% block header_image %}
 {% if object.image %}
@@ -32,7 +32,7 @@ <h1 class="h1" id="title">
     </h1>
     {% tag tags=object.tags.all %}
     <p class="p">{{ object.summary }}</p>
-    {{ object.content|ckeditor_content|safe }}
+    {{ object|product_ckeditor_content|safe }}
 
     {% if product.form %}
         {% button_row mobile=True %}
@@ -86,10 +86,10 @@ <h3 class="h3">{% trans "U komt niet in aanmerking" %}</h3>
                         <p class="p">{{ location.address_line_1 }}</p>
                         <p class="p">{{ location.address_line_2 }}</p>
                         {% if location.phonenumber %}
-                            <p class="p">{{ location.phonenumber }}</p>
+                            {% link href='tel:{{location.phonenumber}}' primary=True text=location.phonenumber %}
                         {% endif %}
                         {% if location.email %}
-                            <p class="p">{{ location.email }}</p>
+                            {% link href='mailto:{{location.email}}' primary=True text=location.email %}
                         {% endif %}
                     </div>
                 {% endrender_card %}
diff --git a/src/open_inwoner/templates/pages/profile/contacts/list.html b/src/open_inwoner/templates/pages/profile/contacts/list.html
index 62182e1519..8892d61fc7 100644
--- a/src/open_inwoner/templates/pages/profile/contacts/list.html
+++ b/src/open_inwoner/templates/pages/profile/contacts/list.html
@@ -1,5 +1,5 @@
 {% extends 'master.html' %}
-{% load i18n button_tags link_tags icon_tags pagination_tags form_tags dropdown_tags messages_tags thumbnail %}
+{% load i18n button_tags link_tags icon_tags pagination_tags form_tags dropdown_tags messages_tags thumbnail cropping %}
 
 
 {% block content %}
@@ -51,10 +51,14 @@ <h2 class="h2">{% trans "U bent toegevoegd als contactpersoon" %}</h2>
                 </ul>
             {% endif %}
         </div>
-        {% if approvals_count == 1 and request.user.image %}
-            <div class="avatar">
-                <img src="{{ request.user.image|thumbnail_url:'avatar' }}" alt="{{ image.default_alt_text }}" />
-            </div>
+        {% if approvals_count == 1 %}
+            {% with pending_approvals.get as pending_approval %}
+                {% if pending_approval.image %}
+                    <div class="avatar">
+                        <img src="{% cropped_thumbnail pending_approval "cropping" %}">
+                    </div>
+                {% endif %}
+            {% endwith %}
         {% endif %}
     {% endwith %}
     </div>
diff --git a/src/open_inwoner/templates/pages/user-home.html b/src/open_inwoner/templates/pages/user-home.html
index c46d8c5b36..b61a44275e 100644
--- a/src/open_inwoner/templates/pages/user-home.html
+++ b/src/open_inwoner/templates/pages/user-home.html
@@ -14,12 +14,12 @@ <h2 class="h2">
         </h2>
 
         {% if plans %}
-        <div class="plans-cards card-container card-container--columns-3">
+        <div class="plans-cards card-container card-container--columns-4">
             {% for plan in plans %}
                 {% render_card image_object_fit="cover" %}
-                    <h3 class="h3">{{ plan.title }}</h3>
+                    <a href="{{ plan.get_absolute_url }}" class="plan-list"><h3 class="h3">{{ plan.title }}</h3>
                     <p class="p">{{ plan.goal|truncatewords:20 }}</p>
-                    <p class="p">{{ plan.description|truncatewords:20 }}</p>
+                    <p class="p">{{ plan.description|truncatewords:20 }}</p></a>
                     <a
                         class="button button--icon-before button--transparent button--secondary"
                         href="{{ plan.get_absolute_url }}"
diff --git a/src/open_inwoner/utils/ckeditor.py b/src/open_inwoner/utils/ckeditor.py
index 6fca70d73e..2b0406bb97 100644
--- a/src/open_inwoner/utils/ckeditor.py
+++ b/src/open_inwoner/utils/ckeditor.py
@@ -1,6 +1,24 @@
+from django.utils.translation import gettext as _
+
 import markdown
 from bs4 import BeautifulSoup
 
+CLASS_ADDERS = [
+    ("h1", "h1"),
+    ("h2", "h2"),
+    ("h3", "h3"),
+    ("h4", "h4"),
+    ("h5", "h5"),
+    ("h6", "h6"),
+    ("img", "image"),
+    ("li", "li"),
+    ("p", "p"),
+    ("a", "link link--secondary"),
+    ("table", "table table--content"),
+    ("th", "table__header"),
+    ("td", "table__item"),
+]
+
 
 def get_rendered_content(content):
     """
@@ -9,30 +27,68 @@ def get_rendered_content(content):
     md = markdown.Markdown(extensions=["tables"])
     html = md.convert(content)
     soup = BeautifulSoup(html, "html.parser")
-    class_adders = [
-        ("h1", "h1"),
-        ("h2", "h2"),
-        ("h3", "h3"),
-        ("h4", "h4"),
-        ("h5", "h5"),
-        ("h6", "h6"),
-        ("img", "image"),
-        ("li", "li"),
-        ("p", "p"),
-        ("a", "link link--secondary"),
-        ("table", "table table--content"),
-        ("th", "table__header"),
-        ("td", "table__item"),
-    ]
-    for tag, class_name in class_adders:
+
+    for tag, class_name in CLASS_ADDERS:
         for element in soup.find_all(tag):
             element.attrs["class"] = class_name
             if element.name == "a" and element.attrs.get("href", "").startswith("http"):
+                element.attrs["target"] = "_blank"
+
+    return soup
+
+
+def get_product_rendered_content(product):
+    """
+    Takes product's content as an input and returns the rendered one.
+    """
+    md = markdown.Markdown(extensions=["tables"])
+    html = md.convert(product.content)
+    soup = BeautifulSoup(html, "html.parser")
+
+    for tag, class_name in CLASS_ADDERS:
+        for element in soup.find_all(tag):
+            if element.attrs.get("class") and "cta-button" in element.attrs["class"]:
+                continue
+
+            element.attrs["class"] = class_name
+
+            if "[CTABUTTON]" in element.text:
+                # decompose the element when product doesn't have either a link or a form
+                if not (product.link or product.form):
+                    element.decompose()
+                    continue
+
+                # icon
+                icon = soup.new_tag("span")
+                icon.attrs.update(
+                    {"aria-label": _("Aanvraag starten"), "class": "material-icons"}
+                )
+                icon.append("arrow_forward")
+
+                # button
+                element.name = "a"
+                element.string = ""
+                element.attrs.update(
+                    {
+                        "class": "button button--textless button--icon button--icon-before button--primary cta-button",
+                        "href": (product.link if product.link else product.form_link),
+                        "title": _("Aanvraag starten"),
+                    }
+                )
+                element.append(icon)
+                element.append(_("Aanvraag starten"))
+
+                if product.link:
+                    element.attrs.update({"target": "_blank"})
+
+            elif element.name == "a" and element.attrs.get("href", "").startswith(
+                "http"
+            ):
                 icon = soup.new_tag("span")
                 icon.attrs.update(
                     {
                         "aria-hidden": "true",
-                        "aria-label": "Opens in new window",
+                        "aria-label": _("Opens in new window"),
                         "class": "material-icons",
                     }
                 )
diff --git a/src/open_inwoner/utils/django_two_factor_auth.py b/src/open_inwoner/utils/django_two_factor_auth.py
new file mode 100644
index 0000000000..1e3dc9688b
--- /dev/null
+++ b/src/open_inwoner/utils/django_two_factor_auth.py
@@ -0,0 +1,19 @@
+from django.conf import settings
+
+from django_admin_index.utils import (
+    should_display_dropdown_menu as default_should_display_dropdown_menu,
+)
+
+
+def should_display_dropdown_menu(request) -> bool:
+    default = default_should_display_dropdown_menu(request)
+
+    two_factor_enabled = settings.TWO_FACTOR_PATCH_ADMIN
+    if not two_factor_enabled:
+        return default
+
+    # never display the dropdown in two-factor admin views
+    if request.resolver_match.view_name.startswith("admin:two_factor:"):
+        return False
+
+    return default and request.user.is_verified()
diff --git a/src/open_inwoner/utils/tests/test_migrations.py b/src/open_inwoner/utils/tests/test_migrations.py
index 7b884cb39c..e5b73d5b6c 100644
--- a/src/open_inwoner/utils/tests/test_migrations.py
+++ b/src/open_inwoner/utils/tests/test_migrations.py
@@ -1,3 +1,5 @@
+from typing import List, Tuple
+
 from django.db import connection
 from django.db.migrations.executor import MigrationExecutor
 from django.test import TestCase
@@ -13,12 +15,19 @@ class TestMigrations(TestCase):
     migrate_from = None
     migrate_to = None
 
+    extra_migrate_from: List[Tuple[str, str]] = None
+
     def setUp(self):
         assert self.migrate_from and self.migrate_to and self.app, (
             "TestCase '%s' must define migrate_from, migrate_to and app properties"
             % type(self).__name__
         )
         self.migrate_from = [(self.app, self.migrate_from)]
+
+        # hack to fix issues where related models aren't in the correct state
+        if self.extra_migrate_from:
+            self.migrate_from += self.extra_migrate_from
+
         self.migrate_to = [(self.app, self.migrate_to)]
         executor = MigrationExecutor(connection)
         old_apps = executor.loader.project_state(self.migrate_from).apps