We would like to add security-related headers as part of hardening the website. Please let us know how to add security headers in response?
Security Headers is a Webflow Enterprise feature.
Thanks for sharing this information. It is very helpful for my juicewrld beanies site.
1 Like
It is possible to add X-Frame-Options header as part of CMS plan
But looks like for adding other custom headers, we need an enterprise plan
BTW , this is how i added X-Frame-Options header
- Login to webflow > Dashboard > site settings
- Click on Publish > Advanced Options > Check Use secure frame headers
- This setting will add X-Frame-Options: SAMEORIGIN to all the pages
Adding security headers is considered a best practice, this should be available for all plans, not just Enterprise.
2 Likes
More than best practice, it’s our fiduciary responsibility to do what we can to protect our website users.
Security headers aren’t like SSO. They’re a fundamental layer of Internet security.
Webflow are straight up supporting cybercrime by restricting security headers to the Enterprise plan.
1 Like
I second this comment. We will need Enterprise someday, but right now not really. I would like to know how to get this enabled for our site.
“rtilney
Rocky
Adding security headers is considered a best practice, this should be available for all plans, not just Enterprise.”
My cybersecurity insurance company requested this change. The clock is ticking. hgpmh.org
@hgpmh.org - If you want to enable security headers you either pay for enterprise or migrate the site off Webflow hosting. If you need help with the latter feel free to reach out.