HPKP - Public Key Pinning | Webflow Wishlist

Merged idea

This idea has been merged into another idea. To comment or vote on this idea, please visit WEBFLOW-I-784 HTTP response headers security.

HPKP - Public Key Pinning Merged

This, in addition to configuring custom X-Content Options, should be implemented to safeguard maximal security of Webflow.

I could not find anything about Public Key Pins (HPKP) on the forums or here in the wishlist.
Here’s an article :

scotthelme.co.uk1

HPKP: HTTP Public Key Pinning

HPKP is a security policy delivered via a HTTP response header. It allows a host to whitelist cryptographic identities a UA should accept for the host.

Configure the webserver or website to always force this header. This can be done using the

following configuration directives:

Apache webserver:
Header always set Strict-Transport-Security “maxage=31536000; includeSubDomains” NginX webserver:
add_header Strict-Transport-Security “maxage=31536000; includeSubdomains” always;

Microsoft IIS
webserver: In the IIS manager choose “Add Custom HTTP Response Header” -> Name: “Strict-Transport-Security” -> Value: “max-age=31536000; includeSubdomains”

Martijn Hoppenbrouwer
Jul 28 2017

Hosting

Comments (0)
Votes (0)

Merged idea

HPKP - Public Key Pinning Merged

HPKP: HTTP Public Key Pinning

Related ideas