Streaming live at 10am (PST)

Public-Key-Pins headers (HPKP)

I could not find anything about Public Key Pins (HPKP).
Here’s an article on it and security companies advice:

https://scotthelme.co.uk/hpkp-http-public-key-pinning/

Configure the webserver or website to always force this header. This can be done using the
following configuration directives:

Apache webserver:
Header always set Strict-Transport-Security “maxage=31536000; includeSubDomains” NginX webserver:
add_header Strict-Transport-Security “maxage=31536000; includeSubdomains” always;

Microsoft IIS
webserver: In the IIS manager choose “Add Custom HTTP Response Header” -> Name: “Strict-Transport-Security” -> Value: “max-age=31536000; includeSubdomains”

Webflow hosting doesn’t support custom header values/settings.


Please search the wishlist for upcoming features, and if there isn’t one for your requested feature yet, you can create a wishlist request.

You can also subscribe to wishlist items to stay updated to announcements regarding the wishlist item.

This topic was automatically closed after 60 days. New replies are no longer allowed.