I agree with the other comments. Please reconsider this.

I agree with the below comment. A basic feature like that is available with most website hosting services and should be available for all paid plans. It seems a little money hungry to lock this behind Business and up. Not all users requiring this feature use it for app development and such, and consequently have a smaller budget.

Thanks for implementing this - however hiding it behind the business subscription I personally find hilarious. This is nothing fancy but a basic feature every responsible website hosting service should support.

Recent development: https://www.cisa.gov/resources-tools/resources/product-security-bad-practices

In particular, the VDP is often in /.well-known/security.txt, and CISA are calling out lack of VDP as a "Bad Practice":

Failing to Publish a Vulnerability Disclosure Policy

For products used in service of critical infrastructure or NCFs, not having a published vulnerability disclosure policy (VDP) that includes the product in its scope is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety.

Recommended actions:

• Software manufacturers should publish a VDP that:

• Authorizes testing by members of the public on products offered by the manufacturer;

• Commits to not recommending or pursuing legal action against anyone engaging in good faith efforts to follow the VDP,

• Provides a clear channel to report vulnerabilities; and

• Allows for public disclosure of vulnerabilities in line with coordinated vulnerability disclosure (CVD) best practices and international standards.

• Software manufacturers should remediate all valid reported vulnerabilities in a timely and risk-prioritized manner.

Resources: CISA Secure by Design Pledge (Vulnerability Disclosure Policy), SSDF RV.1.3, ISO 29147.

Can we merge these votes into the following request, and get this looked into: https://wishlist.webflow.com/ideas/WEBFLOW-I-6154