Support HSTS

HSTS is becoming standard requirement for many IT Security departments.    The inability to enable HSTS on a Webflow site makes it tough to use Webflow.


  • Space Angels
  • Jan 8 2020
  • Chris Williams commented
    12 May 05:54pm

    This is needed, my IT department wants me to move our websites because Webflow cannot do this.

  • Jennifer commented
    12 May 02:37am

    Need this basic and must to have security headers as early as possible

  • Cyndie Shaffstall commented
    10 May 12:47pm

    What is the status of this—let's not call it a feature since it is most definitiely a requirement?

  • Dzcard commented
    4 May 08:28am

    SEO must have. Security feature compulsory to continue with Webflow. Our biggest problem with Webflow right now!

  • Alan Linush commented
    29 Apr 09:23pm

    Mega up vote, need this for my clients. Could be a deal breaker

  • Vers Creative commented
    26 Apr 07:05pm

    Wordpress and even SquareSpace EASILY allow HSTS. On SquareSpace, you just click a button to engage and it's done.

    This request has been on WebFlow's radar for ... looks like a year or longer.

  • Nick Tyler commented
    21 Apr 10:06am

    Come on guys - this is a basic nowadays.

  • Michael Monerau commented
    6 Apr 02:14pm

    Totally necessary. This is now considered in all basic automatic security checks. Can't live without it.

  • Fathi Sehla commented
    24 Mar 02:55pm


  • Matthew Paczkowski commented
    14 Mar 04:13pm

    @webflow team - is this being progressed ?

  • Brian Vallelunga commented
    15 Feb 02:52am

    Please add this feature! We need it as well!

  • Jeremiah Smith commented
    7 Feb 04:29am

    This is a requirement for good SEO as well, and we're putting our SEO clients on Webflow more and more. Please add this feature!

  • Wireframe Web Design commented
    4 Feb 07:46pm

    Ran some security checkups on my clients project and got the same result "D" as in poor Strict Transport Security.

    I'd think that putting effort to cybersecurity would be a benefit for Webflow too as not all site builder offers it so you'd gain a market leap with that? Maybe? Just saying.

  • Grant Senior commented
    28 Jan 02:24am

    We've also just had a client asking about this regarding a security report telling them the site has a security concern and requires an HSTS header to ensure browsers only communicate over HTTPS. Seems to me that this is a bit of a biggie to get on top of.

  • Jon Reese commented
    25 Jan 05:27pm

    I’m losing clients who want to use Webflow but who are running SecurityScorecard reports which mandates HTTP Strict Transport Security (HSTS).They are Webflow fans and would love an excuse not to worry about the need to add HSTS headers to their site. Would love to see Webflow move to an HTTPS-only model, with HSTS headers on by default.

  • Mitchell Clay commented
    14 Jan 08:38pm

    I am running into this issue as well is SEM Rush. Any word on when this will be a feature on webflow?

  • Ryan Hart commented
    24 Dec, 2020 04:23pm

    Please consider this ticket as HIGH VALUE and LOW COMPLEXITY. All we need is a configuration to "Force HSTS". I would be willing to sponsor the development on this ticket.

  • Ryan Hart commented
    13 Dec, 2020 12:32am

    Forcing HSTS is mandatory for our SEO. Please fix. This is fundamental and a baseline expectation from a marketing site persspective.

    Please allow a setting for "Force HSTS".

  • Ian Wilson commented
    26 Nov, 2020 10:55am

    The absence is a problem from SEO perspective

  • Onboard Creative commented
    24 Nov, 2020 04:59pm

    This is an issue we're running into. I'm sure this isn't an easy fix but it would really be helpful.

  • Load older comments
  • +116