HSTS is becoming standard requirement for many IT Security departments. The inability to enable HSTS on a Webflow site makes it tough to use Webflow.
We need it too
Our site is getting dinged on this on security scans. Security is a crutial thing for our product. If we could get the header to be "strict-transport-security: max-age=31536000; includeSubDomains; preload" it would help greatly.
For increasingly security-focused orgs, something as simple as a bad score on this HSTS requirement can be enough to sour sentiment toward tools like Webflow. I don't know how complex this is to implement, but it feels like a worthwhile enhancement toward helping people feel confident about Webflow as a platform.
Voted and subscribed.
same problem with Semrush
Adding my vote here as well. Would be great to get a response from Webflow on this. In our sector it could be an issue and would hope it's something Webflow can fix.
Is this something that has been solved?
This also came back as an issue in our pen test. We sit squarely at the intersection of healthcare & finance so we don't have a lot of room to get creative on our end. If this is not a priority for Webflow, then regretfully we'll have to find a new vendor in the coming months.
Same here. Regretfully we’ll have to move providers only because of this.
This is extremely important and a dealbreaker for us. If this isn't supported we will need to leave webflow as our hosting solution.
This has come up on our Pentest and Security Compliance Audits.
I get an error in semrush saying that my site doesn't support hsts... easy fix webflow?
You won't be notified about changes to this idea.