HSTS is becoming standard requirement for many IT Security departments. The inability to enable HSTS on a Webflow site makes it tough to use Webflow.
We need the HSTS header option for annually for security Business. Our HTTPS only website has a low hit count so there’s no need to upgrade to enterprise or enterprise lite. Security practices such as these should be tablestakes for a business plan.
I also dont want to recomend migrating off this hosting provider for a simple header. Especially when leadership and engineering is pressing for it.
Our webflow sites fail audits because of this. This is required and should be standard functionality not only available on 'enterprise lite' for $15k/yr. Please fix quickly.
I would like to have an HSTS support for my site both for welawllp and projectlibby. thanks
Let's Make HSTS Affordable Again!
Please add the HSTS header option for 1 year for Business Our HTTPS only website has a low hit count so we have no need to upgrade to enterprise. I also dont want to recomend migrating off this hosting provider for a simple header. thanks
You can host the Site with Stacket: https://stacket.app/ where you want, and then add the security headers what you prefer :)
Just want to add our support to providing HSTS as a default option for non-Enterprise customers. The cost seems (?) low considering Webflow offers HTTPS as part of its standard package.
For example, in Ngnix, adding this header is straight-forward:
I'm slightly curious what the technical impediments or infrastructure expense is on the Webflow side...?
Only heard about this a few days ago and I find this shoking. Please fix it! Otherwise I might not be able to work on certain projects with Webflow anymore...
Any news on introducing this @webflow Team?
This is the answer of my security officer regarding security headers only in enterprise:"Honestly, it sucks a lot that we must pay for security; it should not come as an option.
This is short-sighted from them, and a company that makes you pay for security should be punished in what is the only thing interesting for them: in their wallet.
Therefore, the choice is easy: either we have a secure perimeter exposed, or we change the tool."
By the way, we're already paying over 5000$ per year just for our team account!
+1 This is table stakes.
If Squarespace can do it, surely Webflow can do it too!
It is really challenging to try to keep the clients on webflow while one of very simple security request can only be achieve by having the client pay 15k a year. Hopefully Webflow get this done soon
This is a must for my web design and SEO agency. I've jsut started using Webflow and if this issue cannot be resolved I'll have to move to a different platform
This is a requirement for most of my clients now... This is a must!
Just received a note from Webflow support today:
"yes, unfortunately custom security headers are currently only offered with an Enterprise plan. At this time there is no timeline for allowing self-serve, non-enterprise accounts to have access to this feature."
This is pretty important, I'm lucky that no clients have asked about it so far but it's only a matter of time. I'd prefer not to leave Webflow but I'll have to if they don't fix this glaring security problem
That would be great in 2021 to say the least
You won't be notified about changes to this idea.