Support HSTS

HSTS is becoming standard requirement for many IT Security departments.    The inability to enable HSTS on a Webflow site makes it tough to use Webflow.

 

  • Space Angels
  • Jan 8 2020
  • Reviewed
  • Paul Clegg commented
    8 Sep 02:08pm

    This is a fundamental feature of modern IT security requirements, please implement this as standard.

  • Floris Stigter commented
    7 Sep 06:37am

    Seriously, Webflow, this is the most basic default requirement for any website out there these days. 15K / year just to get the HSTS header? Seriously consider to just offer it in the regular plans. - it's about time

  • MorrMorr IT Dept commented
    29 Jun 06:32pm

    I am shocked that WebFlow does not enable HSTS on their shared hosting plans. This is a stunning security failure by WebFlow, leaving their clients' shared hosting plans vulnerable to a common and widely known security attack. Lots of other hosting companies routinely offer HSTS enablement. Why cannot WebFlow?

  • Alex Reznik commented
    25 May 12:12pm

    Please, do it

  • Prod Camp commented
    23 May 10:58am

    It's quite strange that security features are only available on the enterprise plan.

  • Wehaa commented
    9 May 04:19pm

    There is still no solution for this. It is very necessary for SEO and site ranking.

  • Nick Weisberg commented
    24 Mar 03:18pm

    +1

  • Jamie Johnson commented
    6 Feb 07:21pm

    This isn't a quality of life update, this is literally a crucial and fundamental security feature that you should be utterly ashamed of not already providing. It's a make or break aspect and is forcing us to migrate our clients to different website hosts.

  • Rogier Roukens commented
    31 Jan 01:16pm

    +1

  • Lindsey Chupp commented
    31 Jan 02:07am

    Please add this to ALL plans. This is becoming extremely necessary for our company and we are not a large enough company to justify your enterprise plan. If we can't gain access to this ability, we will be forced to build on another platform. Unfortunate, because Webflow is great, otherwise.

  • Baker Street commented
    29 Nov, 2022 05:07pm

    Our clients are neither in need of nor budgetarily able to switch to the Enterprise Plan, and if purchasing it is the only way to prevent them from failing their regular website audits then we are going to be forced to start cancelling our client websites and rebuilding them from scratch in Squarespace.

    As we have clients in the banking and education industries, this feature is not only an industry standard but a make-or-break security necessity that is not being marked up or paygated by other major hosting providers.

    We have been recommending your platform and using it solely for our web design and development for years, but this is a major enough security issue that we will have to begrudgingly move away from the platform if it can not be remedied

  • Baker Street commented
    29 Nov, 2022 05:00pm

    Our clients are neither in need of nor budgetarily able to switch to the Enterprise Plan, and if purchasing it is the only way to prevent them from failing their regular website audits then we are going to be forced to start cancelling our client websites and rebuilding them from scratch in Squarespace.

    As we have clients in the banking and education industries, this feature is not only an industry standard but a make-or-break security necessity that is not being marked up or paygated by other major hosting providers.

    We have been recommending your platform and using it solely for our web design and development for years, but this is a major enough security issue that we will have to begrudgingly move away from the platform if it can not be remedied

  • Veer Manhas commented
    22 Nov, 2022 08:51am

    We successfully added HSTS for a client and esured SEO was not affected. Reach out to us at https://littlebigthings.dev

  • Jamie Johnson commented
    21 Nov, 2022 02:40pm

    This is a standard security protocol that webflow is gatekeeping in order to force people to pay $15k for an enterprise plan. Due to this, we have clients failing their security audits which is starting to necessitate us moving projects away from this platform due to webflow being unable to meet basic privacy standards that are free with pretty much every other platform.

  • SimpleKYC commented
    22 Sep, 2022 02:27pm

    Security must be a must for all plans, it is an important requirement for many tech companies, please prioritise easy and affordable security options for all plans.

  • Aaron Zide commented
    1 Aug, 2022 03:25pm

    We need the HSTS header option for annually for security Business. Our HTTPS only website has a low hit count so there’s no need to upgrade to enterprise or enterprise lite. Security practices such as these should be tablestakes for a business plan.


    I also dont want to recomend migrating off this hosting provider for a simple header. Especially when leadership and engineering is pressing for it.

  • Marilou Lepage commented
    17 Jul, 2022 12:20pm

    important

  • Andrew Taylor commented
    29 May, 2022 09:00pm

    Our webflow sites fail audits because of this. This is required and should be standard functionality not only available on 'enterprise lite' for $15k/yr. Please fix quickly.

  • Ashli Weiss commented
    19 May, 2022 12:21pm

    I would like to have an HSTS support for my site both for welawllp and projectlibby. thanks

  • Bridge commented
    15 Apr, 2022 11:33pm

    Let's Make HSTS Affordable Again!

  • Load older comments
  • +287