Support HSTS

HSTS is becoming standard requirement for many IT Security departments.    The inability to enable HSTS on a Webflow site makes it tough to use Webflow.

 

  • Space Angels
  • Jan 8 2020
  • Marta Piotrowiak commented
    29 Sep 19:30

    We need it too

  • Shane Fast commented
    14 Sep 19:30

    Our site is getting dinged on this on security scans. Security is a crutial thing for our product. If we could get the header to be "strict-transport-security: max-age=31536000; includeSubDomains; preload" it would help greatly.

  • Caroline Sober-James commented
    29 Aug 14:36

    For increasingly security-focused orgs, something as simple as a bad score on this HSTS requirement can be enough to sour sentiment toward tools like Webflow. I don't know how complex this is to implement, but it feels like a worthwhile enhancement toward helping people feel confident about Webflow as a platform.

  • Puzzle Factory commented
    09 Aug 23:50

    Voted and subscribed.

  • TFM Peru commented
    07 Jul 13:29

    same problem with Semrush

  • Richard commented
    19 Jun 00:25

    Adding my vote here as well. Would be great to get a response from Webflow on this. In our sector it could be an issue and would hope it's something Webflow can fix.

  • Brad Korer commented
    16 Jun 17:20

    Is this something that has been solved?

  • Colin Anawaty commented
    09 Jun 20:16

    This also came back as an issue in our pen test. We sit squarely at the intersection of healthcare & finance so we don't have a lot of room to get creative on our end. If this is not a priority for Webflow, then regretfully we'll have to find a new vendor in the coming months.

  • Cristián Meléndez commented
    06 Jun 14:13

    Same here. Regretfully we’ll have to move providers only because of this.

  • Guido Vilariño commented
    21 May 18:22

    This is extremely important and a dealbreaker for us. If this isn't supported we will need to leave webflow as our hosting solution.

  • Neil Chudleigh commented
    11 Mar 19:59

    This has come up on our Pentest and Security Compliance Audits.

  • Brent Lagerman commented
    20 Jan 03:41

    I get an error in semrush saying that my site doesn't support hsts... easy fix webflow?

  • and 54 more