HSTS response header

HSTS response headers are now available on all sites

As part of our ongoing security improvements, HSTS (HTTP Strict Transport Security) response headers are now available on all sites. Non-Enterprise customers will have this enabled automatically. Webflow Enterprise customers can continue to enable/disable HSTS response headers as needed.

HSTS is a powerful security feature that ensures browsers only interact with your site using secure HTTPS connections. Without HSTS, sites are more vulnerable to attacks, data interception, and tampering. Overall, lack of HSTS increases risk of various security breaches that can compromise user data and trust.

With HSTS now active on all sites, this means:

• Enhanced Security: Protect your site and users from various types of attacks, ensuring all data transmitted is safe and secure.‍
• Increased User Trust: Users can have greater confidence in your site’s robust security measures, knowing their data is well-protected.

Hi, Matthew,
Are there any additional steps that have to be done to have HSTS on? We still don’t have HSTS active on our website.
BR

UPD:
HSTS has been active on our website since today. This is fantastic. Thank you!

Hi Matthew,

After enabling HSTS my client is still responding saying their audit has returned the following error:

‘Domain was not found on the HSTS preload list’

I’ve checked all the boxes in the Publishing options. From what I’ve read on the internet, this is pretty standard. I recommend all of my clients to Webflow at the moment, and this specific client has numerous websites on here. If I can’t get this resolved, do I have to leave Webflow entirely? I really would hate to do that, I’ve been a huge advocate of your platform.

Please let me know how to proceed!