Support HSTS

HSTS is becoming standard requirement for many IT Security departments.    The inability to enable HSTS on a Webflow site makes it tough to use Webflow.


  • Space Angels
  • Jan 8 2020
  • Reviewed
  • Erik Runbeck commented
    22 Jan 12:10am


  • Ruben Stauffer commented
    11 Jan 11:01am

    Only heard about this a few days ago and I find this shoking. Please fix it! Otherwise I might not be able to work on certain projects with Webflow anymore...

  • Matthew Paczkowski commented
    28 Nov, 2021 05:58pm

    Any news on introducing this @webflow Team?

  • EQS Design commented
    11 Nov, 2021 09:16am

    This is the answer of my security officer regarding security headers only in enterprise:
    "Honestly, it sucks a lot that we must pay for security; it should not come as an option.

    This is short-sighted from them, and a company that makes you pay for security should be punished in what is the only thing interesting for them: in their wallet.

    Therefore, the choice is easy: either we have a secure perimeter exposed, or we change the tool."

    By the way, we're already paying over 5000$ per year just for our team account!

  • Actively Learn commented
    9 Nov, 2021 01:13am

    +1 This is table stakes.

  • Chris McInnes commented
    4 Nov, 2021 04:01am

    If Squarespace can do it, surely Webflow can do it too!

  • Tamer Howeidy commented
    27 Oct, 2021 10:36pm

    It is really challenging to try to keep the clients on webflow while one of very simple security request can only be achieve by having the client pay 15k a year. Hopefully Webflow get this done soon

  • Max PHILLIPS commented
    15 Oct, 2021 03:35pm

    This is a must for my web design and SEO agency. I've jsut started using Webflow and if this issue cannot be resolved I'll have to move to a different platform

  • Brandex commented
    5 Oct, 2021 10:28pm

    This is a requirement for most of my clients now... This is a must!

  • Lindsey Carlson commented
    8 Sep, 2021 04:34pm

    Just received a note from Webflow support today:

    "yes, unfortunately custom security headers are currently only offered with an Enterprise plan. At this time there is no timeline for allowing self-serve, non-enterprise accounts to have access to this feature."
  • Graham Smith commented
    24 Aug, 2021 05:25pm

    This is pretty important, I'm lucky that no clients have asked about it so far but it's only a matter of time. I'd prefer not to leave Webflow but I'll have to if they don't fix this glaring security problem

  • Edouard Steegmann commented
    9 Aug, 2021 04:56pm

    That would be great in 2021 to say the least

  • Lucas Howard commented
    30 Jul, 2021 05:19pm

    For modern-day internet, HSTS is a must have. Shocked that Webflow does not already support this

  • Mike Pollock commented
    29 Jul, 2021 07:03pm

    It would really be great to have this HSTS option. Please accomdate this soon!

  • Repro India commented
    13 Jul, 2021 10:29am

    we have also received this issue from our auditor.please let us know when this issue will get resolved.

    Deepak Vasaikar

    Mobile - 09223380200

  • Goran Milic commented
    5 Jul, 2021 01:36pm

    This is big problem for my clients. Any news about this feature/requirement?

  • Jenica Blechschmidt commented
    19 May, 2021 10:58pm


  • Chris Williams commented
    12 May, 2021 05:54pm

    This is needed, my IT department wants me to move our websites because Webflow cannot do this.

  • Jennifer commented
    12 May, 2021 02:37am

    Need this basic and must to have security headers as early as possible

  • Cyndie Shaffstall commented
    10 May, 2021 12:47pm

    What is the status of this—let's not call it a feature since it is most definitiely a requirement?

  • Load older comments
  • +210