Support HSTS

HSTS is becoming standard requirement for many IT Security departments.    The inability to enable HSTS on a Webflow site makes it tough to use Webflow.

 

  • Space Angels
  • Jan 8 2020
  • Reviewed
  • Aaron Zide commented
    1 Aug 03:25pm

    We need the HSTS header option for annually for security Business. Our HTTPS only website has a low hit count so there’s no need to upgrade to enterprise or enterprise lite. Security practices such as these should be tablestakes for a business plan.


    I also dont want to recomend migrating off this hosting provider for a simple header. Especially when leadership and engineering is pressing for it.

  • Marilou Lepage commented
    17 Jul 12:20pm

    important

  • Andrew Taylor commented
    29 May 09:00pm

    Our webflow sites fail audits because of this. This is required and should be standard functionality not only available on 'enterprise lite' for $15k/yr. Please fix quickly.

  • Ashli Weiss commented
    19 May 12:21pm

    I would like to have an HSTS support for my site both for welawllp and projectlibby. thanks

  • Bridge commented
    15 Apr 11:33pm

    Let's Make HSTS Affordable Again!

  • Jacob Stanton commented
    24 Mar 03:03pm

    Please add the HSTS header option for 1 year for Business Our HTTPS only website has a low hit count so we have no need to upgrade to enterprise. I also dont want to recomend migrating off this hosting provider for a simple header. thanks

  • Flash Sites commented
    18 Feb 09:13pm

    You can host the Site with Stacket: https://stacket.app/ where you want, and then add the security headers what you prefer :)

  • Novus Marketing commented
    14 Feb 06:29pm

    Just want to add our support to providing HSTS as a default option for non-Enterprise customers. The cost seems (?) low considering Webflow offers HTTPS as part of its standard package.


    For example, in Ngnix, adding this header is straight-forward:

    https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/


    I'm slightly curious what the technical impediments or infrastructure expense is on the Webflow side...?

  • Erik Runbeck commented
    22 Jan 12:10am

    +1

  • Ruben Stauffer commented
    11 Jan 11:01am

    Only heard about this a few days ago and I find this shoking. Please fix it! Otherwise I might not be able to work on certain projects with Webflow anymore...

  • Matthew Paczkowski commented
    28 Nov, 2021 05:58pm

    Any news on introducing this @webflow Team?

  • EQS Design commented
    11 Nov, 2021 09:16am

    This is the answer of my security officer regarding security headers only in enterprise:
    "Honestly, it sucks a lot that we must pay for security; it should not come as an option.

    This is short-sighted from them, and a company that makes you pay for security should be punished in what is the only thing interesting for them: in their wallet.

    Therefore, the choice is easy: either we have a secure perimeter exposed, or we change the tool."

    By the way, we're already paying over 5000$ per year just for our team account!

  • Actively Learn commented
    9 Nov, 2021 01:13am

    +1 This is table stakes.

  • Chris McInnes commented
    4 Nov, 2021 04:01am

    If Squarespace can do it, surely Webflow can do it too!

  • Tamer Howeidy commented
    27 Oct, 2021 10:36pm

    It is really challenging to try to keep the clients on webflow while one of very simple security request can only be achieve by having the client pay 15k a year. Hopefully Webflow get this done soon

  • Max PHILLIPS commented
    15 Oct, 2021 03:35pm

    This is a must for my web design and SEO agency. I've jsut started using Webflow and if this issue cannot be resolved I'll have to move to a different platform

  • Brandex commented
    5 Oct, 2021 10:28pm

    This is a requirement for most of my clients now... This is a must!

  • Lindsey Carlson commented
    8 Sep, 2021 04:34pm

    Just received a note from Webflow support today:

    "yes, unfortunately custom security headers are currently only offered with an Enterprise plan. At this time there is no timeline for allowing self-serve, non-enterprise accounts to have access to this feature."
  • Graham Smith commented
    24 Aug, 2021 05:25pm

    This is pretty important, I'm lucky that no clients have asked about it so far but it's only a matter of time. I'd prefer not to leave Webflow but I'll have to if they don't fix this glaring security problem

  • Edouard Steegmann commented
    9 Aug, 2021 04:56pm

    That would be great in 2021 to say the least

  • Load older comments
  • +235