Support HSTS

HSTS is becoming standard requirement for many IT Security departments.    The inability to enable HSTS on a Webflow site makes it tough to use Webflow.

 

  • Space Angels
  • Jan 8 2020
  • Reviewed
  • Baker Street commented
    29 Nov 05:07pm

    Our clients are neither in need of nor budgetarily able to switch to the Enterprise Plan, and if purchasing it is the only way to prevent them from failing their regular website audits then we are going to be forced to start cancelling our client websites and rebuilding them from scratch in Squarespace.

    As we have clients in the banking and education industries, this feature is not only an industry standard but a make-or-break security necessity that is not being marked up or paygated by other major hosting providers.

    We have been recommending your platform and using it solely for our web design and development for years, but this is a major enough security issue that we will have to begrudgingly move away from the platform if it can not be remedied

  • Baker Street commented
    29 Nov 05:00pm

    Our clients are neither in need of nor budgetarily able to switch to the Enterprise Plan, and if purchasing it is the only way to prevent them from failing their regular website audits then we are going to be forced to start cancelling our client websites and rebuilding them from scratch in Squarespace.

    As we have clients in the banking and education industries, this feature is not only an industry standard but a make-or-break security necessity that is not being marked up or paygated by other major hosting providers.

    We have been recommending your platform and using it solely for our web design and development for years, but this is a major enough security issue that we will have to begrudgingly move away from the platform if it can not be remedied

  • Veer Manhas commented
    22 Nov 08:51am

    We successfully added HSTS for a client and esured SEO was not affected. Reach out to us at https://littlebigthings.dev

  • Jamie Johnson commented
    21 Nov 02:40pm

    This is a standard security protocol that webflow is gatekeeping in order to force people to pay $15k for an enterprise plan. Due to this, we have clients failing their security audits which is starting to necessitate us moving projects away from this platform due to webflow being unable to meet basic privacy standards that are free with pretty much every other platform.

  • SimpleKYC commented
    22 Sep 02:27pm

    Security must be a must for all plans, it is an important requirement for many tech companies, please prioritise easy and affordable security options for all plans.

  • Aaron Zide commented
    1 Aug 03:25pm

    We need the HSTS header option for annually for security Business. Our HTTPS only website has a low hit count so there’s no need to upgrade to enterprise or enterprise lite. Security practices such as these should be tablestakes for a business plan.


    I also dont want to recomend migrating off this hosting provider for a simple header. Especially when leadership and engineering is pressing for it.

  • Marilou Lepage commented
    17 Jul 12:20pm

    important

  • Andrew Taylor commented
    29 May 09:00pm

    Our webflow sites fail audits because of this. This is required and should be standard functionality not only available on 'enterprise lite' for $15k/yr. Please fix quickly.

  • Ashli Weiss commented
    19 May 12:21pm

    I would like to have an HSTS support for my site both for welawllp and projectlibby. thanks

  • Bridge commented
    15 Apr 11:33pm

    Let's Make HSTS Affordable Again!

  • Jacob Stanton commented
    24 Mar 03:03pm

    Please add the HSTS header option for 1 year for Business Our HTTPS only website has a low hit count so we have no need to upgrade to enterprise. I also dont want to recomend migrating off this hosting provider for a simple header. thanks

  • Guest commented
    18 Feb 09:13pm

    You can host the Site with Stacket: https://stacket.app/ where you want, and then add the security headers what you prefer :)

  • Novus Marketing commented
    14 Feb 06:29pm

    Just want to add our support to providing HSTS as a default option for non-Enterprise customers. The cost seems (?) low considering Webflow offers HTTPS as part of its standard package.


    For example, in Ngnix, adding this header is straight-forward:

    https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/


    I'm slightly curious what the technical impediments or infrastructure expense is on the Webflow side...?

  • Erik Runbeck commented
    22 Jan 12:10am

    +1

  • Ruben Stauffer commented
    11 Jan 11:01am

    Only heard about this a few days ago and I find this shoking. Please fix it! Otherwise I might not be able to work on certain projects with Webflow anymore...

  • Matthew Paczkowski commented
    28 Nov, 2021 05:58pm

    Any news on introducing this @webflow Team?

  • EQS Design commented
    11 Nov, 2021 09:16am

    This is the answer of my security officer regarding security headers only in enterprise:
    "Honestly, it sucks a lot that we must pay for security; it should not come as an option.

    This is short-sighted from them, and a company that makes you pay for security should be punished in what is the only thing interesting for them: in their wallet.

    Therefore, the choice is easy: either we have a secure perimeter exposed, or we change the tool."

    By the way, we're already paying over 5000$ per year just for our team account!

  • Actively Learn commented
    9 Nov, 2021 01:13am

    +1 This is table stakes.

  • Chris McInnes commented
    4 Nov, 2021 04:01am

    If Squarespace can do it, surely Webflow can do it too!

  • Tamer Howeidy commented
    27 Oct, 2021 10:36pm

    It is really challenging to try to keep the clients on webflow while one of very simple security request can only be achieve by having the client pay 15k a year. Hopefully Webflow get this done soon

  • Load older comments
  • +254