We would like to add security-related headers as part of hardening the website. Please let us know how to add security headers in response?
Security Headers is a Webflow Enterprise feature.
It is possible to add X-Frame-Options header as part of CMS plan
But looks like for adding other custom headers, we need an enterprise plan
BTW , this is how i added X-Frame-Options header
- Login to webflow > Dashboard > site settings
- Click on Publish > Advanced Options > Check Use secure frame headers
- This setting will add X-Frame-Options: SAMEORIGIN to all the pages
Adding security headers is considered a best practice, this should be available for all plans, not just Enterprise.
1 Like
More than best practice, it’s our fiduciary responsibility to do what we can to protect our website users.
Security headers aren’t like SSO. They’re a fundamental layer of Internet security.
Webflow are straight up supporting cybercrime by restricting security headers to the Enterprise plan.