This idea has been merged into another idea. To comment or vote on this idea, please visit WEBFLOW-I-784 HTTP response headers security.
This, in addition to configuring custom X-Content Options, should be implemented to safeguard maximal security of Webflow.
I could not find anything about Public Key Pins (HPKP) on the forums or here in the wishlist.
Here’s an article :
HPKP is a security policy delivered via a HTTP response header. It allows a host to whitelist cryptographic identities a UA should accept for the host.
following configuration directives:
Header always set Strict-Transport-Security “maxage=31536000; includeSubDomains” NginX webserver:
add_header Strict-Transport-Security “maxage=31536000; includeSubdomains” always;
webserver: In the IIS manager choose “Add Custom HTTP Response Header” -> Name: “Strict-Transport-Security” -> Value: “max-age=31536000; includeSubdomains”