Is clickjacking a vulnerability in Webflow?

Hi everyone!

I’d like to know if Clickjacking is a real risk on Webflow.
I saw that to be able to protect the website from clickjacking attacks, we should use secure frame headers, but to be able to do so, I need to upgrade the account to an Enterprise account/plan.

So that makes me wonder if it’s really worth to make this upgrade? Or clickjacking is not really an issue on WF so there’s actually no need to make this upgrade?

Appreciate any help or tips you can provide!
Thanks!


Here is my site Read-Only: LINK
(how to share your site Read-Only link)

1 Like

Hey, you can activate that in the publish settings. But… to set advanced headers like HSTS and others, you need to get an webflow enterprise plan which comes with an 5 digit number amount which is crazy. OR you just export your site and have it for free.

Secure frame headers can be enabled in a project by visiting project settings →hosting → Advanced publishing options . and enabling the toggle. You don’t need an enterprise account to do so.

See → Advanced publishing options | Webflow University